Remote work increases information leak risk -how to prevent it?| TECH+ Mynavi News Mynavi

Cyber attacks aiming for rapidly spreading remote work due to corona evil are increasing.There are various things from those that pierce vulnerabilities caused by environmental factors to those that pierce so -called "psychological vulnerabilities" such as workers and carelessness.In this article, we will explain how to prevent information leakage in remote work.

Risk of information leakage increased by remote work

During remote work, there are some security vulnerable at home and cafes that operate.As a result, cyber attacks aimed at such a vulnerable work environment are frequent.The IPA (Information Processing Promotion Organization) announced by the IPA (Information Security 10 Great Threat 2021 "in August 2021, in addition to" Ransomware "and" targeted attacks "," New Normal Work style such as telework ""Attack aimed at" was ranked.In fact, there are a number of cases where commercial personal computers are infected with malware and private terminals that have not obtained permission are infected with malware.

Why does remote work increase the risk of information leakage?

Let's delve a little more about the reason why the risk of information leakage is increased by remote work.The fact that the risk of information leakage increases can be broadly divided into "environmental factors" and "human factors".First, the environmental factors are caused by the equipment and network facilities used.It is also expected that private terminals are used, but security software may not be properly introduced.

Another personal factor includes operation mistakes, inadequate management, and lack of crisis awareness.In other words, it is called a human error.According to the "Telework Survey 2020" published by the Japan Federation of Trade Unions in June 2020, the negative aspects of remote work "can not distinguish between work and private", "less rest time", and "length."Tendency such as time work was seen.These factors are thought to lead to operation mistakes, causing information leakage.

Environmental factors and measures in information leakage during remote work

Introducing three factors and countermeasures from the environmental aspects of information leakage during remote work.

It is necessary to pay attention to the use of private terminals, regardless of whether or not the company is allowed or not.The private terminal here includes not only a personal computer, but also a smartphone (hereinafter, smartphone) and tablet.Private terminals are often not properly set for security software, increasing the risk of information leakage.

It is desirable to introduce security software as much as possible on terminals that store business exchanges and data.It is also necessary to develop clear employment rules, such as not using terminals that have not taken security measures for business.

■ What is BYOD?What is the need for companies to use private mobile phones?>>> Click here for details

In remote work, there are many cases where the Internet is used by Wi-Fi connection while on the go or traveling.It is recommended not to use Wi-Fi and public Wi-Fi provided at stores, as it may not be secure.In addition, when connecting to the Internet on the go, the use of VPN can reduce the risk of eavesdropping on the communication route, and the Internet can be used more safely.

■ Basic knowledge of security that you need to know when connecting outdoors such as mobile Wi-Fi [Update] >> Click here for details

Fishing emails and smashing (scams via SMS) that piggyback on remote work and corona evil are rampant.Targeted attacks aimed at specific companies are spreading not only to large companies but also to small and medium -sized enterprises.It will be necessary to assume that the company may be targeted.In order to prevent these, the introduction of comprehensive security software that includes not only virus countermeasures but also functions such as fishing measures and spam email measures is effective.

■ What is a targeted email?Sophisticated tricks and how to respond >> Click here for details

Human factors and measures in information leakage during remote work

The following six human factors in the information leak in remote work and the specific measures are taken.

In some cases, confidential information is forced to take out of the work in remote work.However, regardless of the data or paper, the act of bringing out information to the outside must be taken on the premise that it increases the risk of information leakage.Using cloud storage and services to physically reduce the opportunity to take it out of the way can be considered as an option.Of course, it is also important to establish rules and rules for taking out information according to your business content.

■ Security measures when using cloud storage such as Google Drive >> Click here for details

Purchasing data using external storage devices, such as USB memory and portable SSD, is the risk of loss and theft.In the past, there are inferior cases where USB memory, which recorded personal information, was lost.In addition, cases of malware infected by connecting an external storage device to a personal computer have been confirmed so far.I would like to take measures such as setting up an environment such as cloud storage and other environments, as well as setting a prohibition of writing to an external storage device.

■ What are the seven ways that malware invades equipment?>>> Click here for details

Losing and theft of mobile terminals, such as laptops and smartphones, are one of the factors of information leaks.As a countermeasure, there is a method of making it difficult for non -users to log in to the terminal, such as using biometric authentication.There is also a way to encrypt the storage itself using Bitlocker for Windows PCs.

There will be rooms for measures to introduce MDM (Mobile Device Management) tools and to set them so that you can remote wipe (remote lock) when you lose your terminal or stolen.

■ What is "BitLocker" that encrypts storage?Are there any precautions in using it?>>> Click here for details

There is a risk of fraudulent login by leaking or broken authentication information such as networks and cloud services.In many cases, the password to be broken, which is easy to infer or reused.If authentication information such as cloud storage and office suite leaks and is unauthorized, confidential information and personal information may leak.Countermeasures include stricter password settings and management, and two -stage authentication is set.

■ Do you understand the difference between two element authentication and two -stage authentication?>>> Click here for details

The most common cause of information leakage is the misplacement of the email.As mentioned earlier, especially in a remote work environment, concentration does not continue, and human mistakes are likely to occur.As a countermeasure for incorrect transmission, it is to transfer the file with a cloud storage shared URL instead of attaching a file, and to introduce a tool that can be audited by checking the contents of the email, or that can audit the contents.And so on.

For example, in the security countermeasure solution "GuardianWall Mailconvert", the files attached to the email can be automatically uploaded to the server, converted to a link for download, and the recipient is set to download it after authenticating.

The main factor in the incorrect transmission of the email is a mistake in setting the destination.In the "MoutBound Security for Microsoft 365", it is possible to take steps, such as the sender himself reconfirmed the destination when sending an email, and then publishes the file.By checking the destination after transmission, the risk of incorrect transmission can be suppressed.

■ Extension of PPAP!?DX compatible email security realized with new alternative measures >> Click here for details

6) Information outflow of information via SNS

Information leaks via SNS, such as LINE, Twitter, and Facebook, were often found in the dawn of SNS.However, I want to be strongly aware of what can happen.It is also assumed that posting to the wrong group or the other party, confidential information reflected in the photos taken, or unauthorized login with SNS authentication information.It is necessary to set the rules for using SNS for business and use two -stage authentication.

■ SNS is dangerous!?Security idea to keep in mind when using >> Click here for details

How to prevent the risk of shadow IT such as the use of private terminals

Remote work has the risk of "Shadow IT" in connection with the two elements described above.Shadow IT is to use private terminals and personalized cloud services for business without the permission of the company.For example, the above -mentioned "malware infection of private terminals", "loss / stolen of external storage devices", and "leakage of information via SNS" are security risks due to employees' shadow IT.

According to a survey conducted by Canon Marketing Japan in April 2021, 37.2%of people have used private terminals in the past year.In addition, 25.5%of people have "brought customer information" in home work that has not obtained permission from companies.

Shadow IT has been unavoidable as a result of not having a work environment at home.By promoting environmental development such as cloud storage and mobile devices on the company, it should lead to such risks.

Remote work increases not only environmental factors, but also information leakage due to human mistakes, including misplacing emails.However, these risks can often be suppressed by the introduction of systems and environmental development, as we have mentioned so far.Depending on your business content and situation, we would like you to promote tools and rules to reduce the operation load while increasing security.

■ Information security awareness survey report 2021 -information security risk of "Shadow IT" increasing due to Corona Worlds-> Click here for details

[PR] Provided by Canon Marketing Japan