Six Employee Investigation Fails to Avoid

by Dr Christine Izuakor | May 30, 2019

Investigating a once trusted employee for potential misuse, theft, or other offenses regarding company resources can be a complicated process. While we all hope to hire ethically sound employees, various factors can contribute to ending up with a bad apple in the bunch. Labeled, insider threats, these employees pose a grave risk to organizations due to the insider knowledge and often authorized access they have to critical resources.

It’s important to prepare for this seemingly inevitable situation by having a robust Insider Threat Program that can detect both malicious and non-malicious insider threats, as well as an employee investigations program to respond when necessary.

Navigating an employee investigation can be taxing and many companies have learned lessons the hard way during an investigation. Across the industry, we have an opportunity to learn from those mistakes and avoid them in our own environments.

Here are six employee investigations fails that you can learn from and proactively avoid in your company.

  1. The Subjective Investigation

    An employee investigation can be a tedious and frustratingly awkward situation for all those involved, including the employee, their colleagues, and the investigators. In such circumstances, it’s easy to begin inserting personal opinions and making judgments against people that may not be warranted. Investigations should be objective. It’s important to ensure that all parties involved in the process are professionals who understand the importance of and can maintain an unbiased stance throughout the investigation.

    Identifying and addressing conflicts of interest early on is essential as well. For example, family members, friends, and couples sometimes work for the same company. A person involved in the investigation, should not have close relations with the potential Insider Threat as this could lead to a biased investigation. Failing to conduct an objective investigation free of conflicts of interest can lead to the invalidation of the entire effort. Also, if conflicts are discovered too late, significant losses in productivity can occur if the resource must be replaced with someone new. They’ll then need to be brought up to speed and potentially redo some of the prior work to validate its objectivity.

    Lastly, hard evidence helps prove the objectivity of the case. Some would even argue that without evidence, you have no case. Having Employee Monitoring Software set up beforehand can help ensure there is an adequate paper trail of evidence. These tools can provide insight into everything an employee does, including email, web activity, keystrokes, data manipulation, exfiltration, and more.

  2. The Retaliatory Investigation

    There can be quite a bit of emotion involved when it comes to employee investigations. Those who trusted the employee in question may feel betrayed, confused, or angry. In some cases, the accused (if they catch wind of the investigation) may experience intense emotions as well. Note that Employee Investigation Software tends to be discreet and virtually invisible to the user which helps. However, retaliation on either side should not be tolerated. This mistake can lead to extensive legal trouble on both ends.

  3. The Hypocritical Investigation

    Maintaining confidentiality of sensitive information is a fundamental principle of cyber security, and information gathered and handled during an investigation is no exception. The same stringent protection requirements should be applied to such information. Many investigations have ironically neglected this element of security and allowed sensitive information regarding the investigation to fall into the wrong hands.

    This mistake can lead to invalidation of evidence, distrust amongst parties involved, or jeopardization of the entire investigation, if its success is dependent on the confidentiality of certain details. Employee Investigation Software can help ensure evidence and details of the case remain confidential.

  4. The Coercive Investigation

    The purpose of an investigation is to uncover the truth. Unfortunately, sometimes they instead turn into witch hunts. Employee investigation is not a way to quickly fire employees you don’t like or don’t feel fit within the organization. These should only be launched when warranted and should be treated similar to standard trials where the accused are innocent until proven guilty. Remember that things are not always what they seem. People are sometimes sabotaged and framed as well, and with a thorough investigation, those situations may be uncovered.

    During interviews, people also shouldn’t be pressured or tricked into falsely incriminating others. Questions and the process should be straight forward and pure with no hidden agendas. The integrity of any evidence gathered through monitoring tools, and other sources should be meticulously guarded. Otherwise, mistakes in this realm can lead to legal issues regarding corruption, discrimination, unfair treatment, bullying, and more.

  5. The Never-ending Investigation

    The point of an investigation is to reach a timely conclusion. However, some investigations fail to ever conclude, which defeats the purpose. After the steps required for an investigation are completed, a report should be generated that details all of the steps taken and summarizes all the evidence gathered, and the analysis conducted. The report should also include the conclusion and recommended action to be taken as a result of the investigation. Employee investigation technology can help automate the documentation process as well.

    Mistakes here can be extremely costly. If the investigation remains open for extended periods, and no action is taken, the total cost of the investigation may be considered a waste. Similarly, if the process drags on for longer than necessary, the cost of the resources dedicated to the effort become additional waste.

  6. The Missed Investigation
  7. Lastly, one of the biggest mistakes is not conducting an investigation at all. Many companies experience resource constraints to a point where even with the right intentions, they simply don’t have the bandwidth or budget to conduct an investigation. This can open the company up to several risks. Failing to investigate can lead to the employee continuing the behavior and inflicting further damage or loss to the company. Also, there is a common saying that one bad apple can spoil the bunch. Others may see one employee getting away with malicious insider activities and decide to do the same. Alternatively, the malicious insider may intentionally recruit others to join in on malicious activities.

Furthermore, where investigations are mandated by regulations, failing to complete one could result in non-compliance, penalties, and fines.


In summary, employee investigations are a challenging feat that many companies must face at some point. Numerous variables can lead to the success or failure of an investigation. By having a robust Insider Threat and employee investigation program, you can avoid these six common fails to save your company money, legal woes, time, and cyber risk in the long run.