Work efficiency cannot be improved without an internal/external network environment these days; successful organizations are all data-driven entities. However, while the Internet comes with convenience, there is a risk of leaking personal information. There are various causes of identity theft, but one is sophisticated of malware such as targeted attack emails. Targeted attack emails are those that pretend to be a real person as a sender, or are alerted with a subject relevant to the recipient, and infect malware via malicious attachments or links to unauthorized sites. Even a seemingly trustworthy email needs to be calmed down and the parts such as “Are you really a real person?”
Another major cause of the leakage of personal information is to work mistakes by related parties and moral deterioration. “Management mistakes, misoperation, and loss” are said to be the three major causes of information leakage, and inadvertent mistakes can lead to unexpected catastrophes. There is also a problem with vulnerable systems where internal people can easily access personal information, such as taking out information by interested parties. Also, even if you do not intend to make mistakes or have malicious intent, you may become a perpetrator of information leakage while being a victim by being caught on a phishing site.
For example, if personal information such as credit cards or IDs is leaked, there is a risk of financial damage due to unauthorized use. In addition, if an email address or phone number is leaked, there is a possibility that it will be subject to problems such as an increase in spam email and solicitation, fictitious billing and fraud, and financial and mental damage. Of course, the loss of an individual who has been leaked can be considered to have a major impact, such as the loss of social credibility for a company that has been leaked. All employees working in the company are involved in information management for customers, clients, and their company. There is a need to abandon the idea of “I am okay” and perform thorough information management.
In the unlikely event that personal information is leaked, it is necessary to confirm the facts promptly, implement first aid, restore it and disclose the damage. Therefore, it is important to check the flow on a daily basis, but the most important thing is to prevent the leakage of personal information. There are various causes for spills, but there are ways to prevent them. However, the damage is still not reduced because the awareness of information management by individuals and companies is still low. All the damage cases introduced this time are incidents close to us. Always think about the possibility of yourself or your company leaking personal information and take the best possible measures.
Measures to prevent personal information from leaking:
- Reliable disposal
Do not discard documents that contain personal information, but make sure that they are shredded and dissolved.
- Prohibition of taking out information
Some companies say that if you follow the rules, you may take your business information outside the company, but this should be avoided in light of the risk of loss or theft.
- Address confirmation
The most basic thing is to have a habit of checking your address before sending an email or fax.
- Do not use file-sharing software.
Using shared software such as Winny or Share on a computer that contains personal information increases the risk of information leakage and virus infection.
- Don’t talk about personal information in public places
Be aware that conversations outside the train, buses, restaurants, etc., as well as conversations inside the company’s elevators and hallways, can lead to information leakage.
Check website safety: When entering personal information, make sure that the site is secure.
- There are many URLs that start with “https” or usually start with “https”, but URLs that start with “https” indicate that the exchange of data is encrypted and secure.
- It is issued by a specialized research institution after checking whether this site is a trusted site or not, such as an SSL certificate or a privacy mark.
- When entering important personal information such as credit card numbers, it is important to check the above two points.
Measures were taken by companies:
- Install/update security software.
As with anti-virus measures, it is necessary to take measures to prevent the entry of malware, such as entrance measures that prevent malware from entering, and endpoint measures such as endpoint security measures. Don’t forget to keep your security software up to date.
- Education on leakage of personal information
Provide regular education to employees and be aware that personal information leaks are not caused by other personnel but may be caused by the company.
- Exchange documents regarding confidentiality
By signing a confidentiality agreement in writing, you can expect to improve employee morale.
- Take vulnerabilities on websites and software.
Apply security patches to websites, OSs, software, etc. frequently to take countermeasures against vulnerabilities. In particular, when a security hole is found in a specific version of an open-source CMS, it is often the case that malware is embedded through the security hole, so information must be collected with caution.
- Restrict access to personal information.
The environment where everyone in the company can access personal information is very dangerous. Make sure that only a limited number of employees can access only the minimum information required.
- Restrict software installation.
Safety is not ensured in situations where employees can freely install the software. Make a distinction between company PCs and private PCs, so that only the software necessary for business can be installed on company PCs.