2025年07月25日
2023年11月22日配信
Many companies are experiencing problems related to data deletion from company PCs (personal computers) by retirees. This presentation will explain not only the deletion of data and logs and the initialization of PCs, but also what risks are involved when even data leakage is suspected, and how to deal with unauthorized data deletion when it occurs, along with the forensic investigation necessary to investigate the facts of data deletion.
What are the risks of data deletion by retirees?
What are the reasons behind data deletion by retirees and what are the implications for the company?
Background of data deletion by retirees
There are several possible reasons behind data deletion by retirees, one of which is the destruction of evidence of data removal. The purpose is to use the information when they change jobs to a competitor or become independent in a similar business. In this case, the information is likely to include confidential information such as customers or business partners. The purpose may be to gain money by illegally trading confidential information rather than using it for their own purposes. Some of the information may be deleted by mistake or without malicious intent as part of work organization, so countermeasures and investigation are required in each case.
Examples of data deletion
Examples of data deletion by retirees include cases where only some data, both document data and digital data, have been intentionally deleted, and cases where data in specific case folders have been deleted. In some cases, PCs have been initialized. Data that may be deleted include confidential company information, client and business partner information, messages and files in e-mails and communication tools, and data related to patents, trademarks, and designs.
Impact of Data Deletion on a Company
In all cases, the impact on the company is inevitable if data is deleted by the departing employee. Depending on the level of information, there may be cases where normal business operations are interrupted or economic losses are incurred. Furthermore, if confidential information has been taken outside the company, there is a risk of information leakage. In addition to the risk of losing competitiveness due to leakage of confidential information to competitors, leakage of personal information such as customer information or information within the company may cause a major social problem, and the company may be liable for damages to the victim. There is also the risk of criminal penalties for violating the Personal Information Protection Law, which can have a tremendous impact on a company.
How to Prevent Data Deletion by Retirees
The following are specific steps and methods to prevent data deletion by retirees.
Establish rules for handling confidential information
First of all, make sure that the rules for handling confidential information are thoroughly communicated to employees when they join the company and while they are still employed. It is effective to reaffirm the rules regarding confidential information to employees who have tendered their resignation at that time, and to make them promise not to delete data without permission. This is to prevent them from making excuses in the event that they do delete data.
Immediate suspension or deletion of accounts
Once the resignation process is complete, immediately suspend the access rights to the resignee's account and make it inaccessible thereafter. Immediate suspension and deletion of accounts is important because remaining accounts increase the risk of access to systems containing sensitive information and file deletion.
Notice of prohibition of data deletion and initialization by retirees.
It is important to clearly notify employees who have tendered their resignation of prohibitions on handling data, such as not deleting data without permission and not initializing devices at their own discretion.
Organize and audit PC data before resignation
Careful confirmation of logs on PCs, networks, and other information systems, not only after the resignation offer but also prior to it, will increase the possibility of preventing problems.
Can a company claim damages for data deletion by a retired employee?
If data was deleted by a retiree, there is a possibility to claim for damages. However, please note that proof of data deletion is a prerequisite.
In order to claim damages, it is important to prove that the data was deleted by the retiree. Not only detailed records of the content, timing, and means of data deletion, but also the retention of the device used is necessary. Next, proof that the company suffered damages is also required. It is important to clarify how much value the deleted data had to the company and its level of importance.
To make these proper proofs, the devices must be secured to prevent evidence from being overwritten or hidden, and analysis must be performed to obtain evidence of data deletion. Since these procedures are often complex and esoteric, and if done incorrectly, it is highly likely that the necessary evidence will not be secured, it is best to consult or request a professional firm to conduct the investigation for you.
What to do if data deletion by a retiree is suspected
If you suspect that data has been deleted by a departing employee, it is appropriate to contact a professional company with a reliable track record and technical capabilities. Since a detailed investigation called "digital forensic investigation" is required in order to claim damages from the person in question, it is certain to request PC data preservation and investigation to a specialized company that has the know-how to collect legally effective evidence. A digital forensic investigation is an investigation that collects and analyzes records left on any digital devices, including devices, servers, and network equipment, to reveal the facts. The following is an introduction to the process of how a specialized company conducts an investigation.
Contents and Flow of Retiree PC Data Preservation and Investigation
If data deletion by the retiree is suspected, if not addressed, the first step is to remove or restrict access rights and recover the physical device.
The subsequent digital forensic investigation will first secure the retiree's PC, which is the device to be investigated. The entire data is preserved and collected to ensure that no data has been tampered with or missing, and then it is analyzed and analyzed using appropriate procedures to extract information that could be used as cause or evidence. If data has been erased, decryption and data recovery are also performed.
Other services include analyzing connection logs of external HDDs and other devices and checking access histories to identify traces of unauthorized access, deletion, modification, or removal. We investigate and analyze networks and terminals with specialized equipment, such as examining system and network audit logs, and finally resolve the problem by submitting an investigation report.
To prepare for data deletion and investigation by retirees, FRONTEO's "Retiree PC Maintenance Service" is available.
FRONTEO offers the "Retiree PC Preservation Service" to help you investigate and secure evidence in the event of data deletion or information leakage by a retiree. By completely duplicating the data on retirees' PCs and smartphones, this service is effective for security investigations such as data deletion by retirees and information leaks. In the unlikely event that data deletion or information leakage by a retiree is discovered, the data is immediately picked up from the hard disk stored in FRONTEO, and a digital forensic investigation is conducted in FRONTEO, enabling a smooth and thorough fraud investigation from storage to investigation. FRONTEO's unparalleled experience in fraud investigations of more than 10,000 cases enables us to quickly conduct highly accurate investigations, leading to quick resolution of the problem.
関連コンテンツ
