Why is Information Leakage Countermeasures Necessary for SMEs?
In modern times, it is no exaggeration to say that business cannot function without the use of computers and networks. Business and ICT such as computers and the Internet are deeply and broadly related.
The development of ICT has accelerated business, enabling communication in an instant even in remote locations, providing high convenience for both business people and consumers.
However, along with the improvement in convenience, the importance of information “preservation” and its hurdles have also increased.
That is, the importance of information security for companies.
It is necessary to consider the risks of advanced cybercrimes and cyberattacks such as DDoS attacks and unauthorized intrusions. Measures against information leaks close to human errors such as forgetting a USB memory stick containing personal information are also important information security measures that cannot be overlooked.
In the past, companies that handled large amounts of information, such as large corporations, were considered to be at higher risk of information leakage. However, in modern times, the importance of information leakage countermeasures for SMEs is attracting attention.
This article explains why information leakage countermeasures are necessary for SMEs and specific information leakage countermeasures for SMEs.
Table of Contents
- Information Security Circumstances
- Current Status of Cyber Attacks and Information Leaks to SMEs
- Attacks by Emotet
- Damage by Ransomware
- Information Leaks from SMEs that are Not Only Cyber Attacks
- Information Leaks Due to Mistakes in Sending
- Information Leaks Due to Intentional Acts by Employees
- Information Leaks Due to Taking Out USB Memory
- What Information Leakage Countermeasures Can SMEs Take Immediately?
- IT Literacy Education for Employees and Management
- Other Measures
- Summary
1. Information Security Circumstances
In the past, when computers were very expensive and only available to a limited number of people, and communication infrastructure was also limited, information security was understood as something far away for the general public and SMEs.
However, from there, computers and communication infrastructure expanded rapidly, and it became commonplace for SMEs and general users to have computers and communication environments.
As a result, there is a high possibility that important data is stored in computers.
In addition, while large companies have held large amounts of data since the dawn of computers, in modern times, many SMEs also hold a lot of useful data.
For this reason, in modern times, all computers are at high risk of being attacked. Computers that are targeted for attacks are not only servers and PCs, but also smartphones and tablets that SME employees usually carry around, as well as external services such as cloud services and file transfer services.
2. Current Status of Cyber Attacks and Information Leaks to SMEs
What kind of attacks are carried out against SMEs?
In the past, cyberattacks often involved searching for weaknesses in a company’s internal network and intruding into the company’s network environment from the outside.
Of course, such methods are still used in modern cyberattacks, and these attacks have not decreased. In reality, it should be seen that easier attack methods have increased, and their types have expanded, rather than these attacks decreasing.
2-1. Attacks by Emotet
In modern times, chat tools and groupware are widely used as communication tools, but email is still widely used for exchanges between companies.
The method of attaching malicious files and computer virus execution software to emails has been a relatively old attack method, but in modern times, a method called “EMOTET” is used, in which malicious programs are embedded in files that appear to be problem-free and attacks are launched by making them look like legitimate communications.
In addition, in order to illegally acquire payment information such as credit cards used by companies, many methods are used to send emails with URLs disguised as emails from banks or credit card companies, and to steal information entered in the URLs.
In addition, there are an increasing number of emails disguised as Internet line providers and mobile phone line providers that are frequently used by SMEs.
2-2. Damage by Ransomware
Damage from “ransomware,” which is a “ransomware virus” that locks the data on an infected computer and demands virtual currency such as Bitcoin, cannot be ignored.
Even in SMEs that attackers once considered to be “low priority as attack targets,” they are now targets of attacks using various methods because they are likely to store important data.
3. Information Leaks from SMEs that are Not Only Cyber Attacks
Cyberattacks are a typical type of incident in information leaks from SMEs, but information leaks in SMEs are not limited to cyberattacks.
3-1. Information Leaks Due to Mistakes in Sending
As a danger that has been pointed out for some time, there is the case of mistakenly sending the destination of emails, faxes, etc., and sending important information to irrelevant places.
Files attached to emails may contain thousands of pieces of personal information, and a single mistake can cause enormous losses.
In such cases, unlike mail, there is no time lag between sending and reaching the recipient, and there is a problem that when the situation is grasped, information has already been leaked.
3-2. Information Leaks Due to Intentional Acts by Employees
Employees take out customer data that they can access, confidential data with business partners, etc. on external recording media and sell or publish it to the outside.
The motives include financial purposes, as well as resentment such as grudges and harassment against the company.
3-3. Information Leaks Due to Taking Out USB Memory
There have been repeated problems with employees taking out external recording media such as USB memory on which data has been acquired and recorded externally, or forgetting or being stolen the PC itself on trains, etc., resulting in information leaks.
Modern external recording media have a large capacity, and a single USB memory can store a large amount of personal information. In addition, information leaks due to human errors occur regardless of the size of the company.
Therefore, SMEs need to take measures to prepare for such information leaks.
4. What Information Leakage Countermeasures Can SMEs Take Immediately?
In modern times, where information security is important, the urgency of information leakage countermeasures is increasing. However, depending on the size of the company, it may be difficult to introduce effective security software due to financial reasons.
Does this mean that SMEs cannot avoid not being able to take information leakage countermeasures? No, that is not the case.
Regardless of the size of the company, there are information leakage countermeasures that can be taken immediately.
4-1. IT Literacy Education for Employees and Management
Of information leaks, it is difficult to take measures against intrusions into computers using advanced technology and defenses against them. However, in cases such as preventing people from being caught by malicious emails, preventing information leaks due to mis-sending or mis-operation, in many cases, managers and employees can prevent information leaks by acquiring a certain level of information literacy.
There are many ways to educate information literacy, including information security, in modern times.
It may be a good idea to use a mechanism that uses e-learning that allows you to study on the Internet, video materials, or online courses that use video calls by experts.
In addition, creating an information security checklist within the company and checking for the occurrence of information security incidents from time to time, or checking the checklist on a daily basis, is one way to reform awareness of information security.
4-2. Other Measures
In addition to awareness, there are also functional measures such as introducing highly secure security software, limiting the terminals and personnel that can access personal information, and paying special attention to the execution of email attachments.
These are concrete details, but more than anything, it is important for management and all employees to share the recognition that “my company is a small company, so it won’t be targeted,” “I don’t handle personal information, so it’s okay to leak it,” “I’m not using dangerous sites or dangerous software, so it’s okay,” and to always recognize that your company is also a target of cyberattacks and that there is a constant danger of information leakage.
Summary
Some SME managers have not yet updated their recognition of information security and cyberattacks, thinking, “It’s not relevant to my company” or “It won’t be targeted unless it’s a larger company.”
However, in modern times, attacks are being targeted at small companies and sole proprietors regardless of the size of the company, and there are even cases where SMEs are being targeted because of their security vulnerabilities.
Regardless of the company’s business content or size, managers need to have a higher security awareness than employees and take the lead in security measures and information literacy education.
For inquiries, please contact globalsupport@jiran.com.
