In recent years, news of information leaks by employees has been frequently reported. Particularly notable are cases where former employees or temporary staff take company secrets and use them at their new jobs. This issue arises from the reality that information taken by retirees often serves as a “gift” at their new workplaces.
Due to the impact of COVID-19, the global mobility of human resources has increased. In the United States, the resignation rate hit a record high in 2022, and in Japan, the resignation rate continues to rise. This trend is driven by the pursuit of better careers and conditions, with job changes being particularly active among full-time employees and engineers in their 20s to 50s.
While such movements should be welcomed, they pose a headache from an information management perspective. According to a survey, 82% of CISOs responsible for security reported that retirees were involved in information leaks, with many cases of retirees taking internal information.
So, how should companies prevent information leaks from within?
Legal Measures
First, with the revision of the Unfair Competition Prevention Act, the scope of protection has expanded to include digital information assets. Additionally, actions by retirees and contractors are now regulated, and it is clearly stated that civil lawsuits can be filed for violations. However, for this to apply, the assets to be protected must be properly managed as “trade secrets.”
Three Basic Principles of Internal Information Leakage Countermeasures
- Defining and Identifying Information Assets to Protect
Clearly define confidential and personal information and communicate it to all employees.
- Access Management to Information Assets
Set appropriate access permissions and promptly revoke access rights for retirees.
- Operation and Monitoring
Monitor logs and establish a system to confirm that access management is functioning.
In addition to these measures, it is crucial to sign confidentiality agreements with employees and contractors. Moreover, improving the retirement process and ensuring retirees do not have negative experiences can also help prevent information leaks.
Utilization of Technology
Leveraging ID management platforms, automated processes, and information leakage prevention solutions to visualize retiree behavior and issue real-time alerts is also effective.
The Fraud Triangle of Internal Fraud
According to American criminologist Donald Cressey’s “Fraud Triangle,” internal fraud occurs when motivation, opportunity, and rationalization are all present. Eliminating the reasons for opportunity and rationalization is effective for countering internal fraud.
Conclusion
It is necessary to seriously address the risk of internal threats and implement measures to verify personal reliability and provide real-time deterrence. Companies need to strengthen internal information leakage countermeasures based on the concept of zero-trust security.
By implementing these measures, it is possible to prevent information leakage due to internal threats and protect important corporate information assets.
