Tokyo Metropolitan Police arrested a former employee of Japanese mobile carrier
for allegedly taking proprietary documents relating to Softbank’s 5G technology and
providing the information to his new employer Rakuten Mobile. Examples of industrial
espionage by employees when leaving a company are not rare; in 2014 a former SanDisk
employee was arrested for taking confidential documents belonging to Toshiba and
them to SK Hynix when he changed jobs from SanDisk to SK Hynix. How can companies defend
against the theft of proprietary information by former employees?
In the Softbank case, the former employee who was working from home, accessed the
data storage and E-mailed over a hundred files to his personal E-mail on the last day of
employment at Softbank. If content security had been properly applied to the files in
question, this beach could have been largely mitigated in the following ways.
As business goes digital, content security is a necessity to protect confidential information from breaches by former employees. However, data security is still more focused on protecting information from outside attacks. By protecting the content itself, companies can protect themselves against threats both internal and external. The Softbank case is yet another example.
For files that the employee does not need to download and edit, they should be made
view-only and non-downloadable. Access would be revoked when an employee leaves. In
way, the removal of files can be prevented. Furthermore, by applying watermarks that
identify the person viewing the file can help dissuade employees from taking
the screen and re-sharing them.
For files that need to be downloaded by the employee, protection using digital
management (DRM) can prevent illegal use of the data after download. DRM can prevent
unauthorized duplication and can make the files unusable when an employee leaves,
preventing the information from being taken to a competitor.
When sending files as E-mail attachments, the above protections should automatically
applied to prevent unauthorized use of any confidential information.