Friday, March 15, 2013
EDITORIAL: Data Breaches Highlight Lax Online Security
TOKYO (Nikkei)--Companies need to step up security measures related to the management of online information to prevent unauthorized access to sensitive or important data.
The Nikkei reported this week that investors have gained unauthorized access to information on more than 20 listed firms since 2010. This information included documents such as previously unpublished earnings summaries. The issue underscores the exceptionally poor information management practices in place at many companies in Japan.
The investors who accessed this classified information exploited time lapses in the transfer of key data. They accessed information that had been just transferred from protected servers to publicly accessible ones, pending release. Some of the investors pocketed several million yen through stock trades by using information gained from classified data.
Such transactions are not categorized as examples of insider trading. This is because insider trading involves situations in which nonpublic information is transferred from company insiders to third parties.
The recent trades do not necessarily constitute a violation of law. But they pose a clear threat to efforts to maintain the fairness of stock trading, while undermining the sense of trust that investors have in the market.
Perhaps the most troubling issue raised by the problem is that it has shown just how inept companies are at handling online documents. This could fuel investor distrust, particular among foreign investors, who are starting to pay attention to the Japanese market.
The Securities and Exchange Surveillance Commission and the Tokyo Stock Exchange need to investigate this matter and swiftly report their findings to prevent similar incidents from occurring in the future.
But companies also need to accept responsibility for data leaks. The SESC first noticed that outsiders were accessing private information last autumn and quickly issued a warning to the TSE. The bourse urged all listed firms to strengthen their online security measures, but some companies ignored these warnings.
A number of investors continued to trade stocks based on unauthorized information until early this year.
The TSE is now looking into online security measures at listed firms. It should consider slapping heavier penalties on companies that fail to take appropriate measures to prevent unauthorized data access.
Listed companies use the TSE's TDnet information disclosure network and their own websites to release earnings reports and other key documents. It is important for them to have multiple channels through which to disclose information, because they can help to send information to numerous investors in a prompt manner.
Companies should not shy away from publishing information online. Rather, they should tighten their online security measures. The TSE, meanwhile, should consider setting basic guidelines for the way that sensitive information should be managed.
(The Nikkei, March 15 morning edition)