What internal impropriety measures should companies take?Explanation of fraud causes, examples, and prevention points
2023/ 8/ 7
What is the whistleblower system (whistleblower system)?Explanation of the merits of introduction and the flow of response
2023/ 8/ 7
If information leakage damages customers and business partners, it is assumed that the social credibility of the company will decline, resulting in suspension of transactions, decline in stock prices, and loss of customers due to deterioration in image.If the specifications and information of products under development are leaked, competitors may take the lead with similar products.In addition, not only will economic losses such as compensation for damages occur, but in the worst case, it can also be subject to criminal penalties.In this article, we will explain the causes of information leaks and countermeasures to be taken, along with actual cases.
Cause of information leakage
The causes of information leaks can be broadly divided into internal factors such as employee negligence and fraud, and external factors such as cyberattacks.
Internal Factors of Information Leakage
Internal factors can be broadly divided into internal improprieties, such as employees maliciously stealing customers' personal information or confidential business information, and human errors, such as sending the wrong e-mail or losing a laptop while away from home.
External Factors of Information Leakage
External factors are cyberattacks, such as unauthorized access and malware infections.Unauthorized access is the intrusion into internal servers and information systems by unauthorized outsiders.Malware is software created for the purpose of causing devices such as PCs to operate illegally.
Countermeasures against internal causes of information leakage
This section describes measures to prevent internal factors of information leakage.
Create a system and flow to prevent erroneous sending of emails
When sending e-mails with attachments that contain personal information or business secrets, we should take measures such as suspending transmission for a certain period of time, automatically filtering important e-mails and sending them only after obtaining approval from superiors. It is also important to structure it as a flow.
Thorough rules for taking out and managing devices such as PCs
The use of portable terminals such as notebook PCs and smartphones is on the rise in all companies, but if the terminals are taken outside the company, there is a risk of information leakage due to loss or theft as well as intentional information leakage.It is necessary to create and enforce rules such as prohibiting unauthorized removal of equipment outside the scope of normal work and limiting the devices that are permitted to be removed.
Do not dispose of data in a state where it can be recovered
Avoid throwing paper documents in the garbage can or disposing of recording media without completely deleting them.Proper disposal procedures should be followed, such as shredding documents and using a professional service to physically destroy or completely wipe data from the device.
Formulation of information security guidelines and training of employees
It is necessary to raise the security awareness and knowledge of employees by formulating and enforcing guidelines and continuously providing opportunities for security education, including the use of e-learning.It is also important to have a proper manual for initial actions, such as who to report to and what to do in the event of an information leak.
Countermeasures against external factors of information leakage
Next, we will explain measures to prevent external factors of information leakage.
Install and update security software
The most effective countermeasure is the introduction of security software.It is possible to protect your company's network from cyberattacks such as malware infection by using multiple layers of defense and encryption with various security products such as firewalls.
Do not bring in devices or data from outside
If a private device is already infected with malware, there is a risk that the connected in-house device will also be infected.
Manage access logs and entry/exit records
An outsider may break into your office and physically remove your PC or confidential information.It is necessary to take measures such as managing entry and exit records, taking out terminals and managing access logs thoroughly.Avoid leaving important files unlocked or, conversely, storing them in places where leaks are difficult to detect.You can take measures such as locking and storing in a cabinet where you can see the contents.
In the event of an information leak, promptly conduct a “forensic investigation”
In the event of an information leak, a company should conduct a “forensic investigation”.Let me know what kind of research you do.
What is a forensic investigation?
A forensic investigation is an investigation that collects and analyzes information related to an incident or accident to reveal evidence of crime or fraud.Investigating the cause will allow you to take measures to prevent recurrence, and by clarifying where responsibility lies, you will be able to prepare in the event that your company is sued for liability.
Forensic investigation using AI
In modern forensic investigations, the use of AI (artificial intelligence) can be said to be an essential tool.By having the AI learn the judgment criteria by looking at a small number of sample files, the large amount of data can be sorted into those that are likely to be related and those that are not.The simple data sorting work that must be done at the beginning of a survey can be done in a short time with a small number of people, so not only can the survey be made more efficient, but also higher accuracy can be achieved by concentrating the resources of experts.
Talk to a Professional Forensic Investigation Firm
Forensic investigations should be outsourced to an investigative company rather than conducted in-house.In addition, by utilizing the specialized software and AI of the research company, it is possible to conduct the survey efficiently and at a cost suitable for the scale.
In a situation where internal improprieties are suspected in the first place, the legitimacy of the evidence will be compromised if someone inside the company conducts it.Use outside professional services to ensure neutrality.
[Related article] What is a forensic investigation?Commentary on necessary cases, points to note, and examples
Examples of information leaks and forensic investigations that actually occurred in companies
We will introduce examples of information leaks and forensic investigations that occurred in actual companies.
[Case 1] Confidential information taken out by an employee
Two years after former employee A moved to a competitor company, it was discovered that similar products were being manufactured without permission and sold overseas. From the log of the PC used by A, a large amount of data was copied several days before his retirement date.However, the large amount of data made it difficult to conduct an internal investigation, and some courts held the view that ``it is necessary to identify the behavior of the person and the trade secret'' in order to identify the information being taken out.
Therefore, in order to ensure third partyity, we asked an investigation company to conduct a forensic investigation.As a result of building a unique database and investigating a large amount of log data on external HDDs and USBs, about 30 records of data were copied to USB memory, and after a few days the external HDD was deleted after unplugging the network cable. In addition, we confirmed the fact that we repeatedly wrote and deleted unrelated program files for about 120 hours.
*Detailed survey content"Take-out of confidential corporate information Operation log investigation related to the Unfair Competition Prevention Act"please look at
[Case 2] Leakage of personal information due to malware infection
Company B's PC was found to be infected with malware.Due to the suspected leakage of personal information, we requested a forensic investigation from a specialized investigation company.It was decided to identify the infection route and trace traces of information leakage from the infected terminal.
Targeting hundreds of terminals, analyze with analysis tools, visualize attack routes, and identify damaged terminals.In addition, we conducted a survey of nearly 30 cyber black markets to see if leaked information is being bought and sold on the dark web.
As a result of the investigation, we were able to identify not only the PC where the information leak occurred, but also that the information was leaked to the dark web.
*Detailed survey content"Investigation of Personal Information Leakage due to Malware Infection"please look at
Information leakage investigation by forensics pioneer FRONTEO
Since its founding in 2003, FRONTEO has been working to solve the problems of various companies as a pioneer of forensic investigations in Japan.We have an established reputation for our technology and know-how based on outstanding experience.
Utilizing our in-house developed AI engine KIBIT, we have achieved significant labor saving and cost reduction during document review. By combining our experience in dealing with projects and our in-house AI engine, we have achieved high accuracy and efficiency that other companies cannot. is realized.
We have data centers in Japan, North America, South Korea, and Taiwan, and we have a system that allows us to store data without taking it out of the country, and we have perfect security.We provide seamless services to our clients' headquarters, local subsidiaries, and law firms.Fast support with global operations.
