![[July 6 and 7] DX realized by content cloud, advanced platform for business transformation](https://website-google-hk.oss-cn-hongkong.aliyuncs.com/drawing/article_results_9/2022/3/9/6bbafe438d78271513761788166cbf94_0.jpeg)
ESET Environmental factors and countermeasures for information leakage during remote work
This article is a re-edited version of "How to prevent information leaks during remote work?" published in the "Malware Information Bureau" provided by Canon Marketing Japan.
Cyber-attacks targeting remote work, which has rapidly spread due to the corona crisis, are increasing. There are a variety of things, from those that exploit vulnerabilities arising from environmental factors to those that exploit so-called "psychological vulnerabilities" such as workers' mistakes and carelessness. In this article, we will specifically explain how to prevent the risk of information leakage in remote work.
Increased risk of information leakage due to remote work
During remote work, security may be vulnerable at homes or cafes where work is done. As a result, cyberattacks targeting such vulnerable business environments are occurring frequently. In August 2021, IPA (Information-technology Promotion Agency, Japan) announced "10 major information security threats 2021", in addition to "ransomware" and "targeted attacks", "new normal work styles such as telework" attacks aimed at” ranked in. In fact, there have been a series of cases in which business computers have been infected with malware, and unauthorized private terminals have been infected with malware.
Why does remote work increase the risk of information leaks?
Let's delve a little deeper into why remote work increases the risk of information leaks. Factors that increase the risk of information leakage can be roughly divided into "environmental factors" and "human factors." First of all, environmental factors are caused by the devices and network facilities used. There are cases where private terminals are used for business, but there are cases where security software etc. are not properly installed.
Another human factor is operational errors, poor management, and a lack of crisis awareness. That is what we call human error. According to the "Survey on Telework 2020" released by the Japanese Trade Union Confederation in June 2020, the negative aspects of remote work include "cannot distinguish between work and private life", "reduced break time", and "long tend to work overtime.” It is thought that these factors lead to operational errors, etc., and cause information leakage.
Environmental factors and countermeasures for information leaks during remote work
Introducing three environmental factors and countermeasures for information leaks during remote work.
1) Malware infection of private terminals
Regardless of whether the company allows it or not, it is necessary to be careful when using a private terminal for work. Personal devices here include not only computers but also smartphones and tablets. Security software is often not properly configured on private terminals, increasing the risk of information leaks.
It is desirable to install security software as much as possible on terminals that store business transactions and data. It is also necessary to develop clear work rules, such as not using terminals without security measures for work.
2) Information leakage through Wi-Fi connection
In remote work, there are many cases where the Internet is used via a Wi-Fi connection, such as at a cafe on the go or while traveling. Wi-Fi provided at stores and public Wi-Fi may not be safe in terms of security, so it is recommended not to use it as much as possible. Also, when connecting to the Internet outside, using a VPN can reduce the risk of eavesdropping on the communication path, making it possible to use the Internet more safely.
3) Phishing emails and targeted attacks
Phishing emails and smishing (fraudulent emails via SMS) that take advantage of remote work and the corona crisis are rampant. Targeted attacks aimed at specific companies are spreading not only to large companies but also to small and medium-sized companies. It is necessary to stand on the premise that your company may also be targeted. To prevent these, it is effective to introduce comprehensive security software that includes not only anti-virus functions, but also functions such as anti-phishing and anti-spam measures.
Human factors and countermeasures for information leaks during remote work
Here are six human factors for information leaks during remote work and specific countermeasures.
1) Taking confidential information out
In some cases, confidential information is unavoidably taken out when carrying out work remotely. However, regardless of data or paper, measures must be taken on the premise that the act of taking information outside increases the risk of information leakage. In order to reduce the chances of physically taking things outside, using cloud storage and services can be considered as an option. Of course, it is also important to establish rules and regulations for taking out information according to the business content of the company.
2) Loss or theft of external storage devices
Transporting data using external storage devices such as USB memory and portable SSD carries the risk of loss or theft. In the past, there have been countless cases in which USB memory sticks containing personal information have been lost. There have also been confirmed cases of malware infection caused by connecting an external storage device to a personal computer. In addition to improving the environment such as cloud storage, we would like to take measures such as setting the writing prohibition to the external storage device on the business terminal side.
3) Loss or theft of mobile devices
The loss or theft of mobile devices such as laptops and smartphones is one of the causes of information leaks. As a countermeasure, there are methods such as using biometric authentication to make it difficult for anyone other than the user to log in to the terminal. If you have a Windows computer, you can also use BitLocker to encrypt the storage itself.
Investing in an MDM (Mobile Device Management) tool and setting it so that it can be remotely wiped (remotely locked) in the event of loss or theft of the device may also be worth considering.
4) Leakage of authentication information
There is a risk of unauthorized login due to leakage of authentication information for networks and cloud services, or breakage of authentication. In many cases, passwords that can be cracked are easily guessed or reused. If the authentication information for cloud storage, office suites, etc. is leaked and unauthorized login is performed, confidential information and personal information may be leaked. Countermeasures include tightening password settings and management and setting up two-factor authentication.
5) Wrong email sent
The most common cause of information leaks is incorrect transmission of emails. As mentioned above, especially in a remote work environment, it is difficult to maintain concentration, and human error is likely to occur. As a countermeasure against erroneous transmission, a method of transferring files with a shared URL of cloud storage instead of file attachment, suppressing mistakes by checking the contents of the email, or introducing a tool that can audit the contents. etc.
For example, with the security solution "GUARDIANWALL MailConvert", files attached to emails can be automatically uploaded to the server, converted into download links, and the recipient can be set to download after authentication.
In addition, the main cause of mis-sending of emails is incorrect address setting. With "Outbound Security for Microsoft 365", it is possible for the sender to take steps such as reconfirming the destination when sending an email and then making the file public. By confirming the destination after transmission, the risk of erroneous transmission can be suppressed.
6) Leakage of information via SNS
In the early days of SNS, there were many cases of information leakage via SNS such as LINE, Twitter, and Facebook. But I want to be very aware that it can still happen. Posting to the wrong group or other party, confidential information reflected in the photos taken, or unauthorized login by obtaining SNS authentication information are assumed. It is necessary to thoroughly set rules for using SNS for business and use two-step authentication.
SNS is dangerous! ? Security concepts to keep in mind when using https://eset-info.canon-its.jp/malware_info/special/detail/191203.html
How to prevent the risks of shadow IT such as the use of private terminals
There is another risk of "shadow IT" in remote work related to the two factors mentioned above. Shadow IT is the use of personal devices, cloud services, etc., for business without the company's permission. For example, the above-mentioned "malware infection of private terminals", "loss or theft of external storage devices", and "information leakage via SNS" are security risks caused by employees' shadow IT.
According to a survey conducted by Canon Marketing Japan in April 2021, 37.2% of people had used a personal device for work in the past year. In addition, 25.5% of respondents said they had "taken out customer information" while working from home without permission from the company.
Shadow IT is unavoidably occurring in some cases as a result of the undeveloped work environment at home. Companies should be able to reduce these risks by promoting the development of environments such as cloud storage and mobile terminals.
Remote work increases the risk of information leaks due to human error, such as incorrectly sending emails, in addition to environmental factors. However, as mentioned above, in many cases these risks can be controlled by introducing systems and improving the environment. I would like you to proceed with the introduction of tools and maintenance of rules that can reduce the operational load while increasing security according to your company's business content and situation.