Tokyo Metropolitan Police arrested a former employee of Japanese mobile carrier Softbank, for allegedly taking proprietary documents relating to Softbank’s 5G technology and providing the information to his new employer Rakuten Mobile. Examples of industrial espionage by employees when leaving a company are not rare; in 2014 a former SanDisk employee was arrested for taking confidential documents belonging to Toshiba and providing them to SK Hynix when he changed jobs from SanDisk to SK Hynix. How can companies defend against the theft of proprietary information by former employees?
In the Softbank case, the former employee who was working from home, accessed the company’s data storage and E-mailed over a hundred files to his personal E-mail on the last day of his employment at Softbank. If content security had been properly applied to the files in question, this beach could have been largely mitigated in the following ways.
- For files that the employee does not need to download and edit, they should be made view-only and non-downloadable. Access would be revoked when an employee leaves. In this way, the removal of files can be prevented. Furthermore, by applying watermarks that identify the person viewing the file can help dissuade employees from taking pictures of the screen and re-sharing them.
- For files that need to be downloaded by the employee, protection using digital rights management (DRM) can prevent illegal use of the data after download. DRM can prevent unauthorized duplication and can make the files unusable when an employee leaves, preventing the information from being taken to a competitor.
- When sending files as E-mail attachments, the above protections should automatically be applied to prevent unauthorized use of any confidential information.
As business goes digital, content security is a necessity to protect confidential information from breaches by former employees. However, data security is still more focused on protecting information from outside attacks. By protecting the content itself, companies can protect themselves against threats both internal and external. The Softbank case is yet another example.