Introducing countermeasures from examples of telework security incidents!

Recently, in Japan, the introduction of “telework”, which works from home, is becoming active under the influence of the new coronavirus.

But compared to office security, home network security is not as strong. As a result, many security incidents occur.

In this article, we will introduce accidents and solutions that can occur when teleworking.

What is telework?

Telework is a work style that allows you to work flexibly without being restricted by time or place.

There are various types such as “working from home” and “satellite office”, and in recent years, due to the influence of the coronavirus, it is becoming the new normal of efficient work styles.

The government is also promoting telework, and in May 2019, the announcement by the Ministry of Internal Affairs and Communications (latest trends in telework and policy developments by the Ministry of Internal Affairs and Communications) also covered telework extensively.

Accidents that can occur during telework

The types of accidents that occur during telework can be broadly divided into five patterns.

• Eavesdropping on devices
• Stolen or lost device
• Information leakage through public wireless LAN
• Leakage of information due to erroneous operation
• Information Leakage by Malware/Ransomware

I will explain in detail below.

peeping

This is information leakage due to spying while traveling in satellite offices or public transportation.
Information on your PC or company device must not be known to anyone outside the company.

solution

Devices that contain business information or confidential company information are, so to speak, “valuables.” Keep it under control.
When you leave your seat, take thorough measures such as putting it into sleep mode.

In addition, creating handling rules and using privacy filters are also effective.

Stolen or lost device

Information leakage due to theft of physical devices such as personal computers and USB devices.

Storage devices such as USB are easy to lose, so be careful.

solution

The solution is similar to the “Eavesdropping” countermeasure above. Let’s manage it thoroughly, such as deciding where to store it in yourself.

Also, use the remote data erasure function (remote wipe) to prevent leakage of valuable information in the event of loss.

Information leakage through public wireless LAN

Information leakage of transmission/reception history due to the use of public wireless LAN.

Public wireless LANs have a much looser security system than company or home wireless LANs. Avoid using facilities that are open to general consumers (libraries, cafes, etc.).

solution

The solution is to use an encrypted network.

Leakage of information due to erroneous operation

Information leakage due to sharing or sending mistakes.

Avoid using the AirDrop function of Apple devices, as it may be received by an unspecified number of devices and information may be leaked.

solution

Be careful when using company social media.

Also, use IP/domain restrictions, and check whether the disclosure range setting and data destination are correct before sharing.

Information Leakage by Malware/Ransomware

Information leakage due to device virus infection.

Malware is a general term for malicious programs and viruses that are created to cause problems on your PC.
Ransomware is a type of malware, a virus that encrypts files and hard disks stored on your PC, making them inaccessible.

Both are very nasty and require extreme vigilance.

solution

Use the latest OS and use security software and firewall.

Strengthen your anti-virus protection by setting automatic updates for the “pattern file” that records virus intrusion.

Examples of telework accidents

Company PC infected with virus

This is the most feared case in telework.

The main causes of virus infection are “browsing websites,” “downloading free software,” and “connecting devices such as USB memory.”

Browsing websites for private purposes and downloading free software other than those specified by the company on PCs lent by the company are actions that increase the risk of virus infection, so avoid using them.

Also, USB memory that is used privately has the risk of being infected with a virus, so you should not use it carelessly.

lost PC

This is likely to happen when you take your company PC home and use it.

There are cases where you accidentally forget your PC while on the move or at a restaurant.

PCs lent by the company are valuable items that have the authority to access the company’s confidential information and personal information. Please handle it carefully so as not to misplace or lose it.

Information leakage due to use of external services

This is a case related to the use of external services.
It can happen when you use the same SNS for both work and private.

If you accidentally share the data describing your work on your private SNS, your business partner information will be leaked.

In addition to the in-house SNS, let’s use cloud sharing services for business use.

In preparation for emergencies, it is also a good idea to periodically check for leaks of confidential information.

Security measures for telework

Countermeasures against risks when connecting to a network

Setting rules is important as a countermeasure against unauthorized access by viruses and interception of information.

Avoid actions with a high risk of virus infection, such as connecting to a line with strong security and installing unnecessary software.

Also, perform security and virus checks on a regular basis to ensure a thorough security system.

Measures against the risk of theft or loss

In order to telework, it is essential to take out the equipment. In addition to personal computers, there are also company mobile phones and computer peripherals.

When taking out such devices, there is a risk of theft, loss, damage, etc., so please think about preventive measures and emergency measures in advance.

Countermeasures against management risks

Risks such as snooping and mis-sharing require risk-specific measures.

In the case of peeping, it is effective to attach a peeping prevention filter. In addition, sharing mistakes can be prevented by using a service that allows you to cancel transmission when you make a mistake.

Creation of guidelines

It is effective to create guidelines to raise the security awareness of employees.

The information system department, the general affairs department, and the management team should clearly define the rules for teleworking and create guidelines to reduce security risks.

Instead of just asking employees to voluntarily look at the completed guidelines, hold trainings and seminars to make each individual aware of their involvement and thoroughly implement countermeasures.

Recommended services for security measures

WAF/Firewall

WAF/firewall is a security measure against virus attacks.

WAF is a measure to detect and reduce virus attacks that exploit vulnerabilities by placing security in front of web applications and networks.

A firewall is a security measure that you can implement in your network. Restrict external access to information systems for internal use only.

sandbox

Sandboxing is a form of security that prevents unauthorized external manipulation of the system by operating programs received from outside in a protected area.

Identity management system

The ID management system is a system that can authenticate and manage user accounts by linking system accounts and personnel information.

Anti-virus/unauthorized access countermeasure tool

It is a tool to prevent virus infection of the device before it happens.

summary

This time, we have covered accidents that can occur when teleworking and their solutions.

Use this article as a reference to prepare for perfect security measures.