2025年07月25日
2023年11月22日配信
With the increasing use of data for confidential corporate information, the risk of retirees taking data and company information out of the company continues to increase. This section will explain how to prevent retirees from taking data and company and confidential information out of the company, as well as what measures and remedies should be taken in the event of actual data removal or leakage of confidential information.
Security risks of retirees taking data and information out of the company
Various risks are assumed when retirees take data and information out of the company. This section explains the background and motives for taking data out of the company and the impact on the company.
Background and Motive for Taking Out Company Information and Data
Although there are various backgrounds and situations in which data is taken out by retirees, the most problematic cases are those in which employees take out data with malicious intent. The most problematic cases are those in which employees take data with malicious intent, such as for the purpose of illegally trading personal information, to obtain money by handing it over to a competitor, or to use the data for their own career change to a competitor. On the other hand, in corporate cultures where awareness of confidential information is low and operations are not clear, there are cases where taking data out of the company is the norm, even without malicious intent.
Impact of Information and Data Removal on a Company
If a retiree takes company data out of the company and confidential information is leaked, it can lead to a variety of damages. For example, there is a risk of loss of competitiveness and market value if information on technology, know-how, or business partners that is important to the company's activities is passed on to competitors. Leakage of customers' personal information can damage the company's corporate image and lose social credibility. If the company violates the Personal Information Protection Law, the consequences are enormous, including recommendations for correction by the government, penalties, and criminal penalties, which can include imprisonment and fines. In some cases, a lawsuit for damages may be filed by the victim of information leakage.
Specific examples of how company information and data are taken out of the company by retirees
When retirees take data containing confidential information out of the company, how do they often do so? The following is an explanation of the main examples.
Portable storage media such as USB memory sticks and HDDs
Portable recording media such as USB drives and external HDDs are sometimes used to take data out of the company. This is a common method because it allows for easy copying of large amounts of data.
Inclusion in the body of an e-mail or attachment to an e-mail
This is a method of sending data from a company email account to a retiree's personal email account. In addition to directly writing in the body of the e-mail, confidential information can be attached to the e-mail, making it easy to take confidential data out of the e-mail.
Copying to cloud services
Another method is to use a cloud storage service to upload data and take it out with access to the retiree's own personal account. Major cloud services include Google Drive, OneDrive, and Dropbox.
Copying to smartphones and other devices
Smartphones, tablets, and other devices can also be used. Sensitive data is captured as a file on the retiree's personal device and taken outside the company. There are also means of copying data by converting it into images or other forms to conceal the data.
Methods to prevent retirees from taking data and company information out of the company
The following are specific measures to prevent data and company information from being taken by retirees.
Creating an environment that prevents the removal of company information and data
To prevent retirees from taking data out of the office, it is effective to create an environment where data cannot be easily taken out of the office. This can be achieved by installing surveillance cameras and an access control system.
Set access restrictions and other operational rules.
Rules are necessary, such as assigning an administrator to handle confidential information and keeping a record of any use of such information. Also, setting access restrictions on important information can prevent unauthorized employees from taking data out of the system. It is also effective to prevent external media such as USB memory sticks from being connected to company terminals.
Thoroughly educate employees.
Education is also provided to ensure that employees are aware of the rules for handling confidential information. Raise awareness of data that is not allowed to be taken out of the company, how to handle confidential information, and the impact on the company in the event of information leaks.
Conclude nondisclosure agreements.
There are many cases in which employees evade saying that they were not aware that the information was confidential information that must not be taken out, or in fact, they were not aware of the information due to a lack of awareness. In order to raise awareness of confidential information, it is a good idea to conclude a "nondisclosure agreement" for all employees, not just retirees, to maintain company secrets.
Monitor employee e-mail, record data access history, etc.
It is also important to constantly monitor employee e-mails, such as checking the sending of e-mails with file attachments, and to implement a system to record the history of who has accessed confidential data. By having a monitoring system in place on a daily basis, it can be expected to deter employees from taking data out of the company.
How to deal with retirees who take out company information and data
This section explains the possibility of punishment and lawsuits for damages against retirees who take company information and data out of the company. We will also introduce the investigations necessary for this purpose.
Data Removal by Retirees Will Eventually Be Discovered
After taking confidential data, some retirees may erase or initialize the data on their PCs to destroy evidence, but it is difficult to conceal such actions. In many cases, it is possible to recover and analyze data and secure evidence of the removal of data by conducting a "digital forensic investigation," which is a particularly sophisticated investigative technique.
Information leaks are subject to disciplinary action.
The act of taking confidential corporate information out of a company can be a crime. Disciplinary action will be applied if the leakage of information constitutes a breach of the duty of confidentiality. There is also the possibility of a claim for damages from the company and the application of a theft charge for the act of taking data out of the company.
Fact-finding and evidence are necessary to take disciplinary action or claim for damages.
If a company suffers tremendous damage, such as loss of social credibility or loss of ability to continue business, due to information leakage caused by the employee taking data out of the company, the company will consider taking disciplinary action against the employee and possibly claiming compensation for damages. However, in order to take disciplinary action, solid evidence and proof of the facts are required. A "digital forensic investigation" to recover, preserve, and analyze deleted data is essential.
FRONTEO's "Retiree PC Preservation Service" prepares you for investigations into information removal and leakage by retirees.
It is difficult to completely prevent data from being taken out of a company even if all possible measures are taken. It is necessary to have a system in place to ensure that problems can be solved in case of emergencies. Digital forensic investigation" is essential to investigate and secure evidence of data removal and information leakage, but it is not something that can be handled by an in-house information systems department.
FRONTEO is a pioneer in fraud investigation, having conducted forensic investigations since the dawn of digital forensics in Japan. We identify, preserve, process, review, and prepare data for submission while making full use of the latest technologies, including our proprietary AI. The "Retiree PC Preservation Service" plan is particularly unique in anticipation of cases involving data taken by retirees. This service preserves and manages all data on retirees' PCs, smartphones, etc. within FRONTEO, and when an information leak is discovered, FRONTEO immediately extracts the data from the retiree's PC or smartphone and uses the preserved data as a one-stop solution for recovering deleted data and preserving evidence. This is a one-stop solution that handles the recovery of deleted data and preservation of evidence based on the preserved data. In order to prevent companies from suffering major damage due to data taken out by retirees, it is vital to be prepared in advance. It is safe to consult with FRONTEO on how to prepare for problems before they occur.
関連コンテンツ
