Hoei Co., Ltd. customer case study now available
— File encryption and remote deletion solution FinalCode adopted as a data leak safeguard independent of perimeter security —

Information security solutions provider Digital Arts Inc. (headquarters: Chiyoda-ku, Tokyo, Japan; CEO: Toshio Dogu; hereinafter referred to as “Digital Arts”; Code 2326) released a case study on September 8 featuring Hoei Co., Ltd. (headquarters: Yokohama, Kanagawa, Japan; President and CEO: Takeshi Hirama ; hereinafter “Hoei”), which has adopted Digital Arts’ file encryption and remote deletion solution FinalCode.

Security priorities for an insurance agency managing data for more than 80,000 customers

Hoei operates as an insurance agency. Since its establishment in 1976, it has provided a broad range of insurance services to corporate and individual customers of the Bank of Yokohama and Kanagawa Bank. The company handles insurance products from 12 non-life insurers and 16 life insurers and, as a business rooted in the local community, offers optimal insurance solutions tailored to customer needs.
The company manages customer information for more than 80,000 clients — including names, dates of birth, addresses, insurance details, and bank account information. The company states that safeguarding this information is not only a corporate responsibility but also the very foundation of the trust it has built with its customers.

Prioritizing protection for the “worst-case scenario” rather than attempting to “completely prevent” intrusions, Hoei adopted FinalCode

Hoei implemented the file encryption and remote deletion solution, FinalCode, companywide in 2023. FinalCode is an IRM solution that automatically protects files from the moment they are created and allows them to be deleted afterward in the event of an incident. It employs advanced encryption technology and enables restrictions on viewers and operational permissions, ensuring that even if a file is leaked, only authorized users can view the data within, thereby preventing data leaks.

When Hoei first began considering the introduction of a new security product, the company explored ways to strengthen perimeter defenses with the goal of completely preventing unauthorized access by third parties. While a certain level of protection could be achieved with UTM, the company was concerned that attackers’ methods were becoming increasingly sophisticated and evolving day-by-day, making it difficult to completely prevent external intrusions no matter how extensive the measures taken. In addition, robust perimeter defenses involve many functions, which posed a cost challenge, and would significantly exceed the company’s budget.
As a result, while continuing to implement perimeter measures to the greatest extent possible, the company concluded that it should not rely on them 100 percent, and that it was also necessary to have a means of preventing data leaks in the event that an intrusion does occur.

Zero user burden: Transparent encryption that preserves usability without user awareness

FinalCode offers three types of encryption with different levels of strength and use cases. At Hoei, transparent encryption is used because it provides the same usability as ordinary files. Files are automatically encrypted using transparent encryption from the moment they are created, and encryption is also applied when they are stored on the file server that holds customer information. The company encrypts not just specific files but all files it handles, ensuring strict data management.
Encryption is often perceived as difficult to handle and involving cumbersome encryption and decryption processes; however, with FinalCode’s transparent encryption, user operations are the same before and after implementation. For example, when an Excel file is opened, Excel launches as usual, and the file can be edited normally, allowing anyone to use the system easily and conveniently, with no need to think about encryption or decryption.

When files are sent outside the company, users simply attach files to emails as they always have. The email security product m-FILTER, introduced at the same time, encrypts the files and sends them in a secure format viewable only by the specified recipients.

Why customer information was protected from external attacks?

In November 2024, Hoei confirmed it had suffered a ransomware attack and launched an investigation to determine the intrusion route, and the extent and scope of the damage. As a result, no evidence was found of data corruption or loss, unauthorized data viewing, data exfiltration, or the deletion or tampering of logs.

While Hoei reported the incident to the Personal Information Protection Commission (PPC), it turned out that the encryption used by Hoei was deemed to meet PPC’s standards of advanced encryption. PPC determines that breach notification is not required when data is protected through such an advanced encryption, since it cannot effectively be decrypted even if leaked.
Although the attack itself could not be completely prevented, the company fully protected its customers’ valuable information.

Building a system to verify security effectiveness regularly

Following the ransomware incident, Hoei has begun using the vulnerability assessment services it provides to customers for its own operations and plans to conduct regular evaluations while strengthening multilayered security covering perimeter, outbound, and internal measures.
Rather than treating cyberattacks as “unexpected,” the company believes that preparation is essential and notes that, in addition to leveraging tools such as FinalCode, building a business continuity framework and strengthening employee response capabilities are key challenges going forward.

Looking ahead, Hoei will continue to place the highest priority on the peace of mind, safety, and well-being of local customers and business partners, striving to be an insurance agency that prospers together with those it serves — supporting customers’ businesses and daily lives with insurance solutions tailored to their needs.

■ Hoei Co., Ltd.: Full case study
▶ https://www.daj.jp/bs/case/case105/