2025年07月25日
2023年11月16日配信
It is not uncommon for retirees to gain unauthorized access to company PCs and servers and take confidential information with them. This article describes the risks of unauthorized access and removal of information by retirees, how to prevent it, and how to investigate when unauthorized access occurs.
What is unauthorized access by retirees?
It is dangerous for retirees to continue to have access to company systems. There is a growing number of cases in which employees who have retired or are about to retire misuse the privileges they had before leaving to gain access to company or organizational systems and data, and engage in unauthorized activities such as stealing files and emails.
Information leaks by retirees are on the rise.
According to the "Survey on Trade Secret Management in Enterprises 2020" report, the number of incidents related to information leaks has slightly decreased compared to 2016, but "mid-career leaks" accounted for more than 30% of all information leakage routes. Although the percentage of information leaked due to employee error has decreased, the majority of leaks were caused by mid-career leavers, and the percentage of leaks caused by unauthorized access has actually increased.
(Source: "Survey on the Actual Conditions of Trade Secret Management in Companies 2020" report: https://www.ipa.go.jp/archive/security/reports/2020/ts-kanri.html
Risks to companies due to unauthorized access by retirees
What risks may a company be exposed to as a result of unauthorized access to resignation letters? The following are specific examples.
Risk of losing competitiveness due to leakage of confidential information, etc. to competitors, etc.
Confidential information held by a company includes technology, know-how, and other information that is of significant value to the company's business activities. If such information is leaked to competitors, there is a risk of loss of competitiveness.
Risk of damages due to leakage of personal or corporate information
Leakage of personal or corporate information, such as customer information, can cause major social problems in some cases. The company may be liable for damages to the victims of personal information leaks.
Reputation Risk
Reputation risk is the potential danger to a company's reputation and credibility. There is a risk that customer information may be leaked due to fraudulent activities, which may become a social problem, resulting in loss of trust in the company and damage to its market value.
Risk of criminal penalties
Punishments for personal information management are severe these days, and violations of the Personal Information Protection Law, which stipulates the obligations to be observed by businesses that handle personal information, may result in imprisonment or fines.
Measures to Prevent Information Removal and Leakage by Retirees
How can information taken out or leaked by retirees be prevented? Here are some basic measures that company personnel should be aware of.
Restrict who can access confidential information
Methods to reduce and physically restrict employees' access to confidential information within the company are effective in reducing unauthorized access and maintaining confidentiality. Measures such as storing documents and storage media in a locked room and restricting access to data on the network are effective in reducing the opportunities for employees to come into contact with sensitive information.
Security is enhanced through the installation of security cameras and access control.
Psychological deterrence is also effective in preventing employees from feeling the urge to take confidential information out of the company. This can be achieved by requiring employees to record when they enter and leave areas where confidential information is stored, such as shelves, warehouses, and server rooms, and by installing security cameras. There is also the practice of storing confidential information in locations that are easily visible to managers and other employees. Other ways to prevent the removal of confidential information include logging PCs and networks, monitoring e-mail and other communication records, and ensuring that a history is kept when important files are downloaded.
Make employees aware of the risk of taking out or leaking information through training, written pledges, and penalties.
It is also important to let employees know how much disadvantage they will bring to the company if they leak information by taking confidential information out of the company. Training on the definition of confidential information, the types of information that should not be taken out of the company, and how to handle information should be provided to raise employee security awareness. It is also effective to have employees submit a confidentiality pledge (contract) and establish penalties for violations.
[Related Article] What are the security risks of data taken out by retirees? Please refer to this article for more information on data removal by retirees. /fllp/taking-out-data
[Related Article] How to prevent information leakage by retirees? For more information on information leakage by retirees, please refer to this article. /fllp/retiree-leakage How to Investigate Suspected Unauthorized Access by Retirees "Forensic Investigation"
When an information leak or other incident is discovered and unauthorized access by a retiree is suspected, we first conduct interviews and an initial investigation, then collect and preserve the necessary data and conduct a detailed investigation, and finally report and formulate future countermeasures.
Such investigations are called forensic investigations, and among them, digital forensics, which collects and analyzes information stored in digital devices to reveal evidence of crimes and fraudulent activities, is the mainstream.
In many cases, the information subject to digital forensics is enormous, and an increasing number of investigation companies are utilizing AI (artificial intelligence) to achieve efficient forensics. Utilizing AI, which excels at analyzing large volumes of data, not only makes investigations more efficient, but also improves the accuracy of investigations by allowing experts to focus their resources.
FRONTEO's "Retiree PC Security Service" prepares for investigations of information taken or leaked by retirees
No matter what measures are taken, it is difficult to completely prevent unauthorized access or removal of information by retirees. FRONTEO's "Retiree PC Preservation Service" preserves all data on retirees' PCs, allowing for a smooth investigation and securing of evidence in the event of information leakage or removal of confidential information. The service is available to all retirees.
In most companies, the PCs of retired employees are initialized and used by other employees. This service ensures the authenticity of data in the event of an incident by duplicating the retiree's PC data in the correct manner before the PC is initialized. If fraud by a retiree is suspected, the duplicated data stored by FRONTEO is immediately investigated and resolved. FRONTEO, which has conducted numerous fraud investigations, provides a one-stop service for quick, accurate, and reliable forensic investigations utilizing its self-developed AI.
For inquiries about "Retiree PC Protection Service", please contact us at https://legal.fronteo.com/contact/
[Related article] Retiree PC Protection Service The service site of "Retiree PC Protection Service" is herehttps://legal.fronteo.com/retiree-computers-dataintegrity/
[Related article] Can I claim damages for data deletion by retirees? For more information on data deletion by retirees, please refer to this article. /fllp/data-deletion-of-retiree
関連コンテンツ
