Contact Us
Admin Page

What to Watch Out for to Prevent Security Incidents and Information Leaks While Working From Home

What to Watch Out for to Prevent Security Incidents and Information Leaks While Working From Home

With the spread of COVID-19, a new way of working, ‘working from home,’ has become prevalent throughout society in many companies.

On the other hand, there is also a growing aspect of security incidents due to a lapse in attention as work can be done from home.

This time, we will introduce cases that lead to information leaks while working from home, security incidents that require attention, and more.

If you are working from home or have employees, please take this opportunity to understand.

Table of Contents

  1. Trends in the Number of Security Incidents Involving Information Leaks
  2. Three Important Pillars in Security
    1. Rules
    2. People
    3. Technology
  3. Examples of Security Incidents Due to Working From Home
    1. Virus Infection
    2. Unauthorized Access
    3. Theft
  4. Measures to Prevent Information Leaks
    1. Measures Against Virus Infection
    2. Measures Against Unauthorized Access
    3. Measures Against Theft
  5. Summary

1. Trends in the Number of Security Incidents Involving Information Leaks

First, let’s look at the trends in the number of security incidents since the COVID-19 pandemic. The following is data from around 2020 when working from home began to spread.

●2020

January: 1,788 cases

February: 1,775 cases

March: 2,947 cases

April: 3,105 cases

May: 3,256 cases

June: 4,055 cases

July: 4,034 cases

August: 4,324 cases

September: 5,473 cases

You can see that the number of reported cases has increased sharply since around June. The actual situation is thought to be even greater since this is the ‘number of reported cases’.

By the way, although it decreased to the 2,000s in 2021, it increased to nearly 5,000 towards the end of the year.

As you can see from this data, security incidents are also on the rise as the spread of working from home progresses.

Quotation ①: JPCERT/CC Incident Report Response Report (January 1, 2020 to March 31, 2020)

https://www.jpcert.or.jp/pr/2020/IR_Report20200414.pdf

Quotation ②: JPCERT/CC Incident Report Response Report (April 1, 2020 to June 30, 2020)

https://www.jpcert.or.jp/pr/2020/IR_Report20200714.pdf

Quotation ③: JPCERT/CC Incident Report Response Report (July 1, 2020 to September 30, 2020)

https://www.jpcert.or.jp/pr/2020/IR_Report20201015.pdf

2. Three Important Pillars in Security

With the increase in security incidents, what kind of measures need to be taken?

Next, we will introduce the “Three Pillars” that are important in security.

・Rules

・People

・Technology

These three are explained in detail below.

2-1. Rules

These are the rules and regulations established within the company.

It is important to have rules such as not taking company-owned PCs outside the home or submitting a carry-out request when using them for telework.

If these rules are neglected, employees will freely take them out, which can lead to security incidents.

2-2. People

This refers to each person’s awareness of security.

This part depends on each person’s level of knowledge and mindset, so it is necessary to take measures to raise awareness through in-house training.

2-3. Technology

This refers to the OS and security software of the PC being used.

Old OSs have vulnerabilities, so confidential data can be acquired or attacked without permission.

You can take measures by installing security software and using the latest version of the software as much as possible.

3. Examples of Security Incidents Due to Working From Home

Next, we will introduce security incidents that may occur while working from home.

3-1. Virus Infection

Mr. A uses a computer lent by the company to exchange emails with customers.

One day, Mr. A logged in to his private email address to check the delivery status of an online shopping site.

He opened an email from an unfamiliar email address and opened the attached file.

As a result, the company-owned PC became infected with a virus and could no longer be used.

*Viruses may also infect trading customers, spreading the damage.

3-2. Unauthorized Access

Mr. B uses a computer lent by the company and always works at a cafe.

The cafe has free Wi-Fi, so he uses it to save on communication costs and utility bills.

One day, there was an unfamiliar transaction history on his credit card statement.

When he contacted the credit card company and had them investigate, it turned out that his credit card was being used fraudulently at times when he was not using it.

It was found that unauthorized access was being carried out via free Wi-Fi and credit card information had been leaked.

*In addition to credit card information, confidential information such as company information may also be eavesdropped on. There have also been cases of location information being monitored for stalking purposes.

3-3. Theft

Mr. C was working at a cafe.

At one point, Mr. C left his seat to go to the restroom. He left his computer at his seat.

A few minutes later, when he returned to his seat, his computer was gone. Someone had stolen the company-owned computer itself.

He then reported it to his workplace and was busy dealing with the situation.

Since it has not been confirmed that information has been leaked, Mr. C is still working with anxiety.

*Because data and terminals are physically stolen, it is often difficult to investigate where they are and how they were misused. If the data can be viewed, it could affect not only individuals but also the entire company and trading companies.

4. Measures to Prevent Information Leaks

Malicious actors target a company’s important information through various approaches.

We will introduce how to prevent the cases introduced above.

4-1. Measures Against Virus Infection

・Do not open unfamiliar or suspicious emails or files

The first measure is limited to this. Be careful to check the email address, attached file name, and extension.

・Introduce virus protection software

If a virus does enter the terminal, it can be prevented by investigating the contents of the program and detecting and deleting it.

Virus protection software makes this possible.

・Keep your PC and smartphone OS up to date

Windows and macOS regularly update their OS versions.

The update content includes an additional program called a “security patch”.

This is regularly updated and added, so it can handle the latest viruses.

*Updating to the latest OS may cause the software you normally use to not work (become unsupported), so be sure to check in advance when updating.

4-2. Measures Against Unauthorized Access

・Avoid connecting to free Wi-Fi

Free Wi-Fi, which allows an unspecified number of terminals to connect, has many spots with high vulnerability, such as those where communication is not encrypted or passwords are public.

Avoid connecting to dangerous free Wi-Fi.

Depending on the terminal, automatic connection to free Wi-Fi may be enabled, so you should check the settings.

・Only handle files that do not cause problems

In general, information is often leaked when communication content is eavesdropped on.

Therefore, avoid exchanging important data such as confidential company information.

・Do not use company-owned PCs for personal use

Using company-owned PCs for personal use inevitably expands the scope of use, making them more susceptible to unauthorized access.

Even if you follow the above, there is still a possibility of being infected with a virus or being subjected to unauthorized access.

If you were using a company-owned PC at that time, there is a risk that confidential information will be leaked.

Use company-owned PCs for business purposes only.

4-3. Measures Against Theft

・Conduct regular in-house security training

Establish rules as a company, such as carrying your PC with you at all times when leaving your seat and prohibiting work outside the home.

Then, convey these rules and explain what risks and damages will occur if they are not followed to create a sense of tension.

If you increase each person’s literacy, your awareness of security will inevitably change, and you can prevent information leaks due to theft.

Summary

Malicious actors will attack to steal your computer and information using various means.

In addition, it is difficult to confirm whether information leaks have actually occurred, and there are many cases where it is misused without your knowledge.

The damage extends to a wide range, including yourself, your company, and trading companies.

Please be aware of the three points of “Rules”, “People”, and “Technology” and take measures to prevent information leaks when working from home.

Please direct inquiries to globalsupport@jiran.com.

Related contents

Share posts

Recents

Featured

Why not try it for free first?

Start free now
Contact Us
© 2024. JIRAN APAC all rights reserved.
Infinity Tower W-dong, 37 Geumto-ro 80beon-gil, Sujeong-gu, Seongnam-si, Gyeonggi-do, Korea