Acts of poaching employees and countermeasures ~ Prevention and preservation of evidence ~ (Part 1)
2023/ 11/ 21
Information leakage risks and security risks caused by employees taking data and company information with them and countermeasures
2023/ 11/ 22
Many companies have experienced problems with employees deleting data from company PCs (personal computers) after leaving the company. In addition to deleting data and logs and initializing PCs, we will explain the risks involved when data is suspected to be leaked, and what to do if unauthorized data deletion has occurred, along with the forensic investigation required to investigate the facts of data deletion.
What are the risks of data deletion by retired employees?
If a retired employee deletes their data, what is the reason behind it and what is the impact on the company?
Reasons why retired employees delete data
There are several reasons why retired employees may delete data, one of which is to destroy evidence of data removal.The purpose of this information is to use the information when changing jobs to competitors or when starting out on your own in similar work.In this case, there is a high possibility that confidential information such as customers and business partners will be included.It is also possible that the purpose is not to use the information for one's own purposes, but to obtain money by illegally buying and selling confidential information.Some of these may be deleted by mistake or may be deleted without malicious intent as part of organizing work, so countermeasures and investigations are required depending on each case.
Example of data deletion
Examples of data deletion by retired employees include cases where only part of both document data and digital data is intentionally deleted, and cases where data in a specific project folder is deleted.Also, your PC may have been initialized.The data that will be deleted includes confidential company information, client and business partner information, messages and files from email and communication tools, and data related to patents, trademarks, and designs.
Impact of data deletion on businesses
In either case, if the data is deleted by the employee, the impact on the company is inevitable.Depending on the level of information, there may be cases where normal business operations are disrupted or financial losses are incurred.Furthermore, if confidential information is taken outside, there is a risk of information leakage.In addition to the risk of losing competitiveness due to leakage of confidential information to competitors, etc., leakage of personal information such as customer information and internal information within the company may cause a major social problem, and there is a possibility of liability for damages to victims. There is also.Violating the Personal Information Protection Act carries the risk of being subject to criminal penalties, and the impact on companies is enormous.
How to prevent data deletion by retired employees
We will introduce specific steps and methods to take to prevent data deletion by retired employees.
Formulation of rules for handling confidential information
First, make sure you are thoroughly familiar with the rules regarding handling of confidential information when you join the company and throughout your employment.At that point, it is effective for employees who have submitted their resignations to reconfirm the rules regarding confidential information and to make them promise not to delete their data without permission.This is to ensure that even if data is deleted, there will be no excuses.
Immediate suspension/deletion of account
Once the termination process is complete, immediately terminate access to the employee's account and prevent future access.It is important to immediately suspend or delete your account, as remaining accounts increase the risk of access to systems containing confidential information or deletion of files.
Notice of prohibition of data deletion/initialization by retired employees
It is important to clarify prohibitions regarding data handling for employees who have submitted resignations, such as not deleting data without permission or initializing devices without permission.
Organize PC data and conduct audit before retirement
By carefully checking the logs of information systems such as PCs and networks, not only after you have submitted your resignation, but also before that time, you can increase your chances of preventing trouble.
Can a retired employee claim compensation for data deletion?
If your data is deleted by a retired employee, you may be able to claim compensation.However, please note that there are conditions such as proof of data deletion.
In order to claim damages, it is important to prove that the employee deleted the data.In addition to detailed records of the content, timing, and method of data deletion, it is also necessary to preserve the devices used.Next, proof that the company suffered damage is also required.It is important to clarify how valuable the deleted data was to the company.
In order to provide these appropriate proofs, it is necessary to secure the device so that the evidence is not overwritten or hidden, and to perform analysis to obtain evidence of data deletion.Many of these procedures are complex and difficult to understand, and if you follow them incorrectly, there is a high possibility that you will not be able to secure the necessary evidence, so it is best to consult or request a specialist to conduct the investigation.
What to do if you suspect data deletion by a former employee
If you suspect that data has been deleted by a retired employee, it is best to contact a professional company with a proven track record and technical expertise.In order to claim compensation for damages from the person concerned, a detailed investigation called "digital forensic investigation" is required, so it is recommended to ask a professional company with the know-how to collect legally valid evidence to preserve and investigate PC data. is certain.Digital forensic investigation is an investigation that collects and analyzes records left on all kinds of digital equipment, such as devices, servers, and network equipment, and uncovers the facts.We will explain how a specialist conducts an investigation.
Contents and flow of PC data preservation/investigation of retirees
If we suspect that a former employee has deleted data, the first step is to remove or restrict access rights and recover the physical device, if not already done.
In the digital forensic investigation that follows, we first secure the equipment to be investigated, the retired employee's PC.We preserve and collect the entire data to prevent data falsification or omissions, analyze it using appropriate procedures, and extract information that can serve as causes or evidence.If the data has been erased, we will also decrypt and restore the data.
In addition, we analyze connection logs for external HDDs, check access history, etc., and identify any traces of unauthorized access, deletion, modification, or removal.We use specialized equipment to investigate and analyze networks and terminals, including examining system and network audit logs, and ultimately submit an investigation report to help resolve the issue.
FRONTEO's "Retiree PC Maintenance Service" helps retirees delete data and prepare for investigations.
If a retired employee initializes a PC, it will be difficult to restore data. FRONTEO provides a "retiree PC maintenance service" that allows you to investigate and secure evidence in case of emergencies such as data deletion or information leaks caused by retirees.By completely replicating the data on retirees' PCs and smartphones, this service is effective for security investigations such as data deletion and information leaks by retirees.In the unlikely event that data is deleted or information is leaked by a retired employee, the data will be immediately retrieved from the hard disk stored in FRONTEO. By conducting digital forensic investigations within FRONTEO, it is possible to conduct fraud investigations smoothly from storage to investigation. FRONTEO, which has an overwhelming track record of investigating over XNUMX cases of fraud, can quickly conduct highly accurate investigations, leading to quick resolutions.
[Related article] Retirement PC maintenance service
