What should be done to prevent information leaks? Causes, examples, and what to do after a leak.

If a company's customers or business partners are harmed by an information leak, the company's social credibility may be damaged, resulting in suspension of business transactions, a drop in stock prices, and customer defection due to a tarnished image. If the specifications or information of a product under development is leaked, there is a possibility that a competitor will take the lead with a similar product. In addition, not only will there be economic losses, including compensation for damages, but in the worst case scenario, it could also result in criminal penalties. In this article, we will explain the causes of information leaks and the countermeasures that should be taken, including actual cases that have occurred.

Causes of Information Leakage

Causes of information leaks can be broadly classified into two categories: internal causes, such as negligence or fraud by employees, and external causes, such as cyber attacks.

Internal Causes of Information Leakage

Internal causes can be broadly classified into two categories: internal fraud, in which employees maliciously take customers' personal information or trade secrets, and human negligence, in which employees mistakenly send e-mails or lose laptops while out of the office.

External Factors of Information Leakage

External factors include unauthorized access, malware infection, and other cyber attacks. Unauthorized access is the intrusion of an unauthorized person into an internal server or information system. Malware is software created for the purpose of causing PCs and other devices to operate improperly.

Countermeasures against internal factors of information leakage

This section describes measures to prevent internal factors of information leaks.

Create a system and flow to prevent e-mail misdirection

When sending e-mails with files containing personal information or trade secrets attached, it is important to create a system or flow that puts transmission on hold for a certain period of time, automatically filters only important e-mails, and sends them only after receiving approval from a superior.

Thorough rules for taking out and managing PCs and other terminals

However, when such devices are taken outside the company, there is a risk of information leakage due to loss or theft, in addition to intentional information leakage. It is necessary to establish and enforce rules such as prohibiting the unauthorized removal of devices outside the normal scope of business and limiting the number of devices that can be taken out of the office.

Do not dispose of data in a state where it can be recovered.

Avoid carelessly throwing paper documents in the trash or destroying recording media without completely deleting them. Proper disposal procedures should be followed, such as shredding documents and using a professional service that physically destroys or completely erases devices for data.

Establish information security guidelines and provide employee training.

It is necessary to raise employees' security awareness and knowledge by formulating and thoroughly implementing guidelines and providing ongoing security education opportunities, including the use of e-learning. It is also important to properly prepare manuals on initial responses, such as who to report to and what actions to take in the event of an information leak.

Countermeasures against External Factors of Information Leakage

Next, measures to prevent external factors of information leakage are explained.

Install and update security software

The most effective measure is to introduce security software. By encrypting the network with multi-layered protection using various security products such as firewalls, it is possible to protect the company's network from cyber attacks such as malware infection.

Do not bring in devices or data from outside.

If a private device is already infected with malware, the connected internal devices may also be infected. Therefore, measures and rules are necessary to prevent private terminals and storage media from being connected to the internal network.

Manage access logs and access/exit records.

There is a possibility that an outsider may enter the office and physically take PCs or confidential information. Measures such as managing entry/exit records and thoroughly managing records of terminals taken out and access logs are necessary. Avoid leaving important files unlocked or storing them in locations where it is difficult to detect leaks. Locking files in a cabinet where their contents are visible is a good measure.

If an information leak has occurred, promptly conduct a "forensic investigation.

If an information leak has occurred, a company should conduct a "forensic investigation. The following is an introduction to the type of investigation.

What is a forensic investigation?

A forensic investigation is an investigation that gathers and analyzes information related to an incident or accident to uncover evidence of criminal or fraudulent activity. By determining the cause of the incident, measures can be taken to prevent its recurrence, and by clarifying responsibility, the company can prepare for litigation in which it may be held liable.

AI-based forensic investigations are also available.

The use of AI (Artificial Intelligence) is now an essential tool in modern forensic investigations. By having an expert look through a small number of sample files and having AI learn criteria, it can sort large amounts of data into relevant and irrelevant categories. This allows a small number of people to perform simple data sorting tasks that must be done at the beginning of a survey in a short period of time, which not only improves the efficiency of the survey, but also allows the experts to concentrate their resources to achieve higher accuracy.

Consult with a professional forensic investigation company

It is recommended that forensic investigations be conducted by an investigation company rather than by a company itself. By utilizing specialized software and AI possessed by the investigation company, the investigation can be conducted efficiently and at a cost that is appropriate for the scale of the investigation.

In situations where internal fraud is suspected in the first place, the legitimacy of the evidence will be compromised if it is conducted by people within the company. To ensure neutrality, use an outside professional service.

Actual cases of information leakage and forensic investigation that occurred in companies

Here are some examples of information leaks and forensic investigations that have actually occurred at companies.

Case 1: An employee took confidential information

Two years after former employee A moved to a competitor, it was discovered that a similar product was manufactured without his permission and sold overseas. However, the large amount of data made it difficult to conduct an internal investigation, and a court opinion stated that "it is necessary to identify the person and the operation of the trade secret" in order to identify the information taken out.

Therefore, to ensure the third-party nature of the investigation, a forensic investigation was requested to an investigation company. As a result of the investigation into the construction of our own database and the large amount of log data on external HDDs and USB devices, we confirmed the following facts: approximately 300,000 items of data were copied onto a USB memory device, the external HDD was deleted several days later after the network cable was unplugged, and unrelated program files were repeatedly written and deleted for approximately 120 hours. In addition, he repeatedly wrote and deleted unrelated program files for approximately 120 hours.

(For more details, please refer to "Investigation of Operation Logs Related to the Unfair Competition Prevention Act for Taking Confidential Corporate Information Out of the Company")

Case 2: Leakage of personal information due to malware infection

A PC at Company B was found to be infected with malware. Since there was a suspicion of personal information leakage, a forensic investigation was requested to a specialized investigation company. We decided to identify the infection route and trace the traces of information leakage from the infected terminal.

Analysis of several hundred terminals was conducted using analysis tools to visualize the attack route and identify the affected terminals. In addition, we conducted a survey of less than 30 cyber black markets to determine if the leaked information was trafficked on the dark web.

As a result of the investigation, we were able to identify not only the PCs on which the information leak had occurred, but also the fact that the information had leaked to the Dark Web.

*For details of the investigation, please refer to "Investigation of Personal Information Leakage Due to Malware Infection.

Contact FRONTEO, a pioneer in forensics, for your information leak investigation.

FRONTEO has been a pioneer in forensic investigation in Japan since its establishment in 2003, and has worked to solve a wide range of corporate issues. We have an established reputation for our technology and know-how based on our outstanding experience.

By combining our experience in handling cases with our own AI engine, we have achieved a high level of accuracy and efficiency that no other company can match.

We have data centers in Japan and South Korea, and we have full security measures in place. We seamlessly provide services to our clients' headquarters, local subsidiaries, and law firms. We provide prompt support through our global operations.