Speaking at the Computer and Internet Crime Conference in London today (Tuesday), Detective Constable Tony Noble of the Surrey Police High Tech Crime Unit said many companies try to get themselves back up and running after an incident has occurred and only then do they start to ask "whodunnit?"
"Evidence is paramount," said Noble. "Don't leave it three months before reporting it, take advice."
He said it was important to gather evidence for a possible investigation and this needed to be done along Association of Chief Police Officers (ACPO) guidelines to ensure the reliability of such evidence.
He admitted that not all reports get investigated but any evidence collected would also be useful in civil cases or an employee tribunal. He was quick to dispel myths of how police deal with computer crime.
"We don't romp in with our size 10's and disconnect computers." He said the police operate covertly and in most cases will advise companies with how best to deal with incidents.
He urged any company that thinks a crime has been committed to write up an outline of what has happened and to be as accurate as possible. He also said it would be helpful for any investigation to have a list of staff involved drawn up including people who discovered the problem along with contact details otherwise "evidence could be lost if people are left out."