Introducing the Causes and Countermeasures for Information Leaks! Protect Your Important Information Assets
Business on the internet has become active, and it is now possible to handle a lot of information freely.
However, even in today’s world where information technology has advanced, the risk of information leaks is always lurking nearby. Even unintentionally, there have been cases where information has been leaked without anyone knowing, causing enormous damage to companies.
The information held by companies is important information assets that include customer information and confidential data. Companies need to implement thorough information security measures and prepare for the risk of information leaks.
This article introduces the causes and countermeasures for information leaks. If you are considering reviewing your information security measures, please refer to this article.
Table of Contents
- Causes of Information Leaks
- Loss of PCs, Tablets, etc.
- Taking Out Information
- Mis-sending and Management Mistakes
- Unauthorized Access and Virus Infection
- Three Case Studies of Damage Related to Information Leaks
- Case 1: Mis-sending of Emails
- Case 2: Loss of Hard Disk
- Case 3: Unauthorized Access
- Prior Measures for Information Leaks
- Establish Internal Guidelines and Rules
- Implement Security Education
- Use Email Mis-sending Prevention Tools
- Implement Security Measures Tools
- Post-Leak Measures for Information Leaks
- Discovery and Reporting of Information Leaks
- Grasping the Current Situation
- Information Isolation, Network Interruption, and Service Suspension
- Reporting and Public Disclosure to Customers
- Determining Measures to Prevent Recurrence
- Summary
1. Causes of Information Leaks
As a cause of information leakage, attention tends to be focused on external attacks such as malware and unauthorized access, but human factors such as loss and management errors can also be considered.
Let’s assume various risks and keep in mind that all risks can occur to our company.
● Loss of PC/tablet
● Taking out information
● Missending/Management Mistakes
● Unauthorized access and virus infection
2. Loss of PCs, Tablets, etc.
The first possible cause is the loss of PCs, tablets, etc.
Even if you are usually careful, loss or theft may occur due to a momentary lapse in attention or carelessness. In particular, when using cafes for remote work, be careful as information may be stolen and misused by third parties.
3. Taking Out Information
The next thing to consider is taking out information. Nowadays, anyone can easily take out information, such as email attachments and USB sticks.
You may take information with you by making your own judgment, such as, “This information is okay” or “I thought I could report it later,” and later cause an irreversible situation.
Also, taking out paper media increases the risk of leakage. If a paper with an ID or password written on it is taken out and stolen by a third party, it may easily allow intrusion and falsification of information and data.
4. Mis-sending and Management Mistakes
Mis-sending emails is also one of the causes of information leakage. You may make a mistake in the sending destination or sending settings such as “TO, CC, BCC”, and send it to irrelevant destinations even though you intended to send it only to internal members or customers.
According to a survey on information leaks and losses announced by Tokyo Shoko Research in 2021, 30% of the 137 cases were caused by “mis-display or mis-sending,” and human errors such as email errors were found.
Source: https://www.tsr-net.co.jp/news/analysis/20210117_01.html
Email exchanges are routine tasks. Because you can send it mechanically without any effort, you may not notice the missending. Also, you may attach the wrong file, so be very careful when sending emails.
5. Unauthorized Access and Virus Infection
Finally, information leakage due to unauthorized access and virus infection such as malware. With the advancement of IT technology, cyber attack methods such as malware have also become sophisticated, and the infection route varies from email to apps.
If you are infected with malware, your PC, tablet, etc. will be locked and you will not be able to operate it, and there is also the possibility of secondary damage such as leakage of personal information and falsification of data. In order to prepare for these risks, it is necessary to take thorough information management and information leakage countermeasures.
6. Three Case Studies of Damage Related to Information Leaks
Here are some actual case studies of damage caused by information leaks.
Information leaks are actually happening everywhere, and it’s not someone else’s problem.
Please use these case studies as a reference for future countermeasures.
6-1. Case 1: Mis-sending of Emails
On August 26, 2021, in the training project for career consultants conducted by the Ministry of Health, Labor and Welfare, inappropriate management and mis-sending by the commissioned company occurred, and the list data containing the names and contact information of 1,106 students was leaked.
The causes were that the list was managed in a different way from the method specified in the specifications of the commissioned project, and that the confirmation at the time of sending the email was insufficient.
6-2. Case 2: Loss of Hard Disk
On January 12, 2022, one hard disk kept by Hokkaido Co., Ltd. was lost. It was discovered from the use log record and internal investigation, and it has been announced that there is a possibility that 31,463 personal information-related data will be leaked internally.
They expressed the view that it was highly likely that it was discarded by mistake, but the record that it was completely deleted could not be confirmed, and the looseness of management became clear.
6-3. Case 3: Unauthorized Access
On December 7, 2020, PayPay Co., Ltd. announced that unauthorized access by a third party had occurred in the payment service “PayPay” provided by PayPay Co., Ltd., and there was a possibility that the business information of approximately 2.6 million stores, including member stores, had been leaked.
The cause is a security setting error related to access rights when updating the server.
They claim that they received access from outside because they did not restore the settings when temporarily allowing access from outside when updating the server.
Reference URL
https://cybersecurity-jp.com/leakage-of-personal-information
https://cybersecurity-jp.com/news/46784
7. Prior Measures for Information Leaks
First, it is necessary to anticipate possible risks and prepare security measures in advance.
Let’s verify the implementation of the following as measures that can be taken in advance.
1. Establish internal guidelines and rules
2. Implement security education
3. Use an email missending system
4.Implement security measure tools
8. Establish Internal Guidelines and Rules
It is necessary to establish internal rules for taking out information and terminals, and each employee must comply with them.
Let’s assume the pattern of information leakage that can occur due to human factors and set rules.
The main rules are as follows.
● Do not take out company information/data without permission
● Do not tell third parties your ID or password
● Do not connect to the internal network with a private computer
● Do not write about work-related matters on SNS
● Do not use business computers for purposes other than business
Also, even if permission is granted to take out a PC, be careful and manage it carefully.
9. Implement Security Education
In addition to setting rules, security education should be provided through training and awareness campaigns to raise employee awareness and knowledge of security.
Some employees may not understand the importance of information security measures due to a lack of knowledge.
Even if security is strengthened or rules are set, the person who ultimately handles the information is a person. Employee security education should be conducted to improve employee awareness and literacy of information security, which is a priority in security measures.
10. Use Email Mis-sending Prevention Tools
As mentioned earlier, one of the most common causes of information leakage is “missending emails”.
Email missending prevention tools are tools that prevent email missending, such as mistakes in email recipients and attached files.
Specific mechanisms include “displaying a confirmation screen before sending”, “sending after approval by a third party”, and “automatic BCC conversion function”.
Email exchanges are done on a daily basis, and missending can occur even if you are careful on a regular basis.
If you want to operate emails efficiently and safely, please consider implementing an email missending prevention tool.
11. Implement Security Measures Tools
Implementing security measures tools is essential for employees to use the Internet with peace of mind.
Security measures tools prevent intrusion from outside and enhance information security.
Implement appropriate security measures tools according to your company’s size and situation.
Also, in recent years, more and more companies are introducing remote work due to the impact of “work style reform”. In addition to the security of the company’s servers and networks, it is also necessary to take measures for the security of terminals (endpoints) such as PCs and tablets on the remote work side.
“EXO Security” provided by our company provides measures tools specialized in endpoint security. It is equipped with a detection function for new types of malware and an access blocking function for malicious sites, and can respond to various security threats during remote work.
It is easy to operate and you can try it for free now. If you are considering security measures for remote work, please try it.
12. Post-Leak Measures for Information Leaks
Even with sufficient measures in place, the risk of information leakage cannot be completely eliminated.
Here, we will introduce the countermeasures and risk avoidance in case an information leak occurs, along the following flow.
1. Report immediately as soon as an information leak is discovered
2. Information isolation, network interruption, and service suspension
3. Establishment of a countermeasures team, grasping the current situation (what level of information has been lost)
4. Reporting and public disclosure to customers
5. Determining measures to prevent recurrence
13. Discovery and Reporting of Information Leaks
If an information leak is discovered, report it to your supervisor immediately. Never judge the information level on your own and try to deal with it yourself.
Organize the source of the information leak and the information that may have been leaked, and then report and consult with your supervisor and ask for instructions.
14. Grasping the Current Situation
Establish a countermeasures team, etc., and decide on future policies to prevent damage from spreading and secondary disasters.
Therefore, we will first work to investigate the cause and solve the problem.
By using 5W1H to determine what level of information has been leaked, the investigation can be carried out smoothly.
● When did the information leak? (when)
● Where did the information leak? (where)
● Who held the information? (who)
● What kind of information was leaked? (what)
● How did the information leak? (how)
● Why did the information leak? (why)
15. Information Isolation, Network Interruption, and Service Suspension
In order to prevent secondary damage, isolate information and interrupt the network as necessary.
The most frightening thing about information leakage is that it is misused by a third party and data is falsified or spread.
Isolate and block it in order to prevent the damage from spreading further and minimize the damage.
16. Reporting and Public Disclosure to Customers
Once the facts of the damage situation have been confirmed, report, apologize, and call attention to individuals or business partners whose information has been leaked as soon as possible.
If it is difficult to report/notify all parties involved individually due to a large-scale information leak, it is necessary to consider whether to report to the police or supervisory authorities, or to make a public announcement on the website or media.
When making public the information leak, clarify the cause and impact of the accident, future responses and recurrence prevention, and the location of responsibility with reference to the information compiled in 5W1H, etc., and strive to restore and improve the situation.
How quickly the flow from the discovery of the information leak to the public announcement can be carried out, in other words, the speed of the “initial response” is the key to minimizing the damage. It is a good idea to decide in advance on the response and policy in the event that an information leak is discovered and run a simulation.
17. Determining Measures to Prevent Recurrence
In order to prevent the incident/accident that occurred from happening again, review and improve information leakage countermeasures, and strive to prevent recurrence.
Reconfirm the cause and process of the information leak, and consider updating the system, strengthening security, and reviewing the management system and rules if necessary.
Summary
In this article, we introduced the causes and patterns of information leaks, and how to counter them.
With the development of information technology, we can now freely handle a lot of information.
As much as information can be handled freely, there is always a risk of information leakage.
There are various routes for information leakage, such as external factors such as unauthorized access and human factors such as loss and lack of management.
A single information leak can lead to a drop in the company’s image, and in the worst case, it can lead to bankruptcy.
Not only the company but also each employee must face information security and work with responsibility.
Why not take this opportunity to review your information security measures?
globalsupport@jiran.com globalsupport@jiran.com globalsupport@jiran.com
globalsupport@jiran.com globalsupport@jiran.com
