Security information for safe digital utilization provided by Canon MJ Cyber ​​Security Information Bureau ESET How to prevent security troubles due to employee retirement

The spread of the new coronavirus has greatly increased the risk of information leakage by employees. While fraud and fraud have surged in the past financial crises, it's safe to say that the unemployment and turmoil that occurred in early 2020 had similar consequences. At the same time, the remote work and cloud infrastructure introduced with the pandemic, or the complex supply chains and partnerships have put companies at greater risk than ever before.

If the risk of information leakage is not properly mitigated, employees who retire, with or without intention, can cause significant financial losses and credit loss for the company. The amount of damage caused by information leaks by employees is said to increase by 31% between 2018 and 2020 to reach approximately $ 11.5 million (equivalent to 1.3 billion yen). Although often overlooked, retirement procedures are an important factor in security strategies.

Are (retired) employees credible?

It is easy to think of an attack target in a company as an external attacker. However, there are cases where employees are attacked. Applications, databases, and other network devices in the cloud are now accessed from anywhere on any device. Korona-ka was necessary to stay productive, but without proper management, employees are at increased risk of evading security policies.

Unfortunately, one study did not even have a policy prohibiting data from being taken out of retired employees in many companies (43%). In addition, 47% of companies in the UK have disabled retirees' office admissions, and only 62% have collected corporate devices.

In addition, another survey found that about half (45%) of employees downloaded, stored, sent, or took out internal documents before they retired. These are often common in the technology, financial services, and consulting industries.

Why is information control for retirees important?

Retirees may bring out data to impress their new job or to relieve some resentment. In any case, the potential impact on the organization is serious. When a serious information leak occurs, the following problems can be considered.

In practice, a credit union employee was found guilty of destroying 21GB of confidential information when he was dismissed. In this case, the IT department was asked to stop access to the network as a retirement procedure, but the procedure was not completed. The employee was able to remotely access the file server for about 40 minutes using his username and password. The credit union is said to have cost $ 10,000 (equivalent to 1.13 million yen) to deal with intrusions and deletion of documents.

For a safer retirement procedure

The credit union case mentioned earlier would have been better if the retirement process was done properly. Surprisingly, these procedures need to be prepared before the employee indicates his intention to retire or before he is dismissed. Here are some examples that will give you some hints.

Clarify your policy: Approximately 72% of employees seem to believe that the data they create during work belongs to themselves. This includes everything from customer lists to product blueprints. Documenting and explaining the policy and gaining a better understanding of the scope of intellectual property ownership will prevent it from developing into a major problem in the future. It should be explained during the hiring process and warned of what would happen if an employee violated the policy.

Conduct continuous monitoring: If a malicious employee attempts to steal information prior to retirement, it is likely that the task will be undertaken before reporting the retirement to the HR department. As a result, enterprises need to have continuously monitorable solutions in place to detect suspicious activity. However, consideration must be given to the personal information protection laws of each region and the distrust and anxiety of employees.

Prepare and make available policies and processes: It is recommended to pre-design the processes and workflows to make the retirement process smooth and effective. While most organizations have procedures for joining the company, many do not prepare for retirement. Please consider the following procedures.

In the post-pandemic world, competition for customers is intensifying. Companies would not have had significant intellectual property brought out to retiring employees. A serious information leak can result in financial loss and credit loss. Retirement procedures may be only a small part of security measures, but they are extremely important.