Due to the impact of the new coronavirus, many companies have introduced telework.
In the past, security management was taken for granted only within the office.
However, in recent years, with the introduction of telework, restrictions on work locations have been removed, requiring not only organizations but also individual employees to be thoroughly aware of security management.
This article introduces key points and recommended tools for security management during telework.
Contents
- What is telework?
- What are the security risks lurking in remote work?
- Virus infection/unauthorized access
- Stolen or lost device
- Eavesdropping on devices
- Effective measures against security risks
- Countermeasures against virus infection and unauthorized access
- “Device theft/loss” countermeasures
- Countermeasures against “device snooping”
- Recommended services for security measures
- WAF/Firewall
- sandbox
- Identity management system
- Anti-virus/unauthorized access countermeasure tool
- summary
What is telework?
Telework is a work style that allows you to work flexibly without being restricted by time or place.
There are various types such as “working from home” and “satellite office”, and in recent years, due to the influence of the coronavirus, it is becoming the new normal of work styles.
The benefits of telework can be broadly divided into two points: “countermeasures against the declining working population” and “reduction of the burden on the environment.”
In addition to supporting the expansion of employment opportunities for women, the elderly, and people with disabilities, it is also expected to reduce the amount of trains used during commuting and the utility costs of offices.
What are the security risks lurking in remote work?
Virus infection/unauthorized access
It is a random attack on all computers that share information when connecting to a network.
Network viruses hide in vulnerabilities in systems and programs and extract information.
Risks also lurk when using wireless LAN.
If security is not perfect, there is a possibility of unauthorized access by a third party, collection and analysis of data during communication, and theft of personal information (IDs and passwords).
When using a wireless LAN, understand the risks of eavesdropping, unauthorized access, and virus infection, and select and use only safe networks.
Accident example
This is a case of a virus infection on a company loaned PC when browsing a website for privacy or downloading free software other than the software specified by the company.
The main causes of virus infection are “browsing websites,” “downloading free software,” and “connecting devices such as USB memory.” These actions increase the risk of virus infection, so avoid using them.
Also, USB memory that is used privately has the risk of being infected with a virus, so you should not use it carelessly.
Stolen or lost device
One of the risks that can be considered when implementing remote work is “theft or loss”.
If the device is lost or stolen due to negligence such as misplacing the device, the data recorded on the device will be leaked.
Accident example
There are cases where you accidentally forget your PC while on the move or at a restaurant.
PCs lent by the company are valuable items that have the authority to access the company’s confidential information and personal information. Please handle it carefully so as not to misplace or lose it.
Eavesdropping on devices
When using a satellite office or traveling by public transportation, there is a risk of information being intercepted by a third party nearby. Also called “shoulder hacking”.
Information on company PCs and company devices must not be known to people outside the company. As with theft or loss, important information may be leaked.
Accident example
Shared offices and cafes are used for remote work.
In public places, people can peep at your computer screen from behind. Also, be careful not only on your PC, but also on your smartphone screen as it may be viewed.
Effective measures against security risks
We will introduce countermeasures by dividing them into “virus infection/unauthorized access”, “device theft/loss”, and “device spying”.
Countermeasures against virus infection and unauthorized access
Use the latest OS and use security software and firewall.
In addition, set automatic update of the “pattern file” that records virus intrusion, etc. to strengthen anti-virus measures.
Countermeasure point
Setting rules is important to prevent virus infection and unauthorized access.
Avoid actions with a high risk of virus infection, such as connecting to a line with strong security and installing unnecessary software.
Perform regular security and virus checks. In order to use the company network safely, it is necessary to always have a thorough security system in place.
“Device theft/loss” countermeasures
Pay close attention to prevent accidents such as misplacement, and thoroughly manage your belongings, such as deciding where to store them.
When taking company PCs or other company devices out of the office, there is a risk of theft, loss, or damage.
Countermeasure point
Use the remote data erasure function (remote wipe) tool to prevent leakage of valuable information in the event of loss or theft so that you can respond immediately in the event of theft or loss.
Countermeasures against “device snooping”
Let’s take thorough measures such as putting it into sleep mode once when you leave your seat.
Devices that contain business information or confidential company information are, so to speak, “valuables.” Keep it under control.
Countermeasure point
Anyway, let’s make each employee thoroughly aware of management. It is also effective to create handling rules and use privacy filters.
Recommended services for security measures
WAF/Firewall
WAF/firewall is a security measure against virus attacks.
WAF is a measure to detect and reduce virus attacks that exploit vulnerabilities by placing security in front of web applications and networks.
A firewall is a security measure that you can implement in your network. Restrict external access to information systems for internal use only.
sandbox
Sandboxing is a form of security that prevents unauthorized external manipulation of the system by operating programs received from outside in a protected area.
Identity management system
The ID management system is a system that can authenticate and manage user accounts by linking system accounts and personnel information.
for a list of ID management systems
Anti-virus/unauthorized access countermeasure tool
It is a tool to prevent and detect virus infection and unauthorized access to devices.
summary
This time, we introduced the security risks that can occur when using telework and how to deal with them.
The use of security tools is a very effective means of properly and safely handling company confidential information.
Select the tool that matches your company from the list of tools introduced and introduce it.
