2024.02.16
Information Security Measures in Telework
-
Category
Recommended Articles
-
What is Vyond? Introducing the benefits of an animation video production tool that can be used for business.
-
[Animation Teaching Material Production] How to Create e-Learning Materials ②
-
How does Vyond differ from other animation production software? Comparison and recommendations
-
Can Vyond animations be used as teaching materials? Here are the benefits of using them in e-learning and training.
-
Let's create business animations with Vyond! An explanation of the reasons and benefits recommended for business, as well as challenges.
-
Vyond Go (AI Video Generation) Tips and Best Practices ① Vyond Go Setup Guidelines
-
Moodle Basic Course: What is Moodle?
-
[Moodle Basic Course] What can the e-learning management system Moodle do?
-
[Moodle Basic Course] What can be done with Moodle's default features
-
Benefits and Considerations of Moodle Cloud Services
-
Moodle is not only used by universities (widespread use)
In modern times, thanks to the development of high-speed internet networks and high-performance devices, it is possible to work in an environment that is no different from the office, even when working from home. Telework, a flexible work style that is not constrained by time or location, has become established as a common way of working, influenced by the outbreak of the novel coronavirus.
There are many benefits to telecommuting, such as improving employee QOL and reducing corporate costs. However, there are also concerns regarding information security, including the loss or theft of devices such as computers and data leaks due to the use of insecure free Wi-Fi.
This time, we will discuss "Information Security in Telework" as a theme, explaining the risks associated with telework and their countermeasures. We hope this leads to an increased awareness of security unique to telework, which differs from the office environment.
1. Differences in Security Environments Between Office and Telework
In the office and telework, there are different aspects regarding the work environment and security environment. Let's first organize and understand those points.
Different Section.1 Network Environment
●Office
In the office, a secure corporate network is basically provided, and access to internal servers and databases is controlled. Additionally, communications are protected by the hardware and network within the office.
●Telework
In addition to working from home, we also work from various places such as coworking spaces and cafes where internet access is available. Therefore, it is common to use home or public Wi-Fi, but caution is necessary as some of them may not be encrypted.
Different Parts.2 Device Management and Physical Security
●Office
In the office, devices provided or loaned by the company are used for work. These devices are managed according to security policies. Additionally, physical security measures are implemented in the office, such as authentication upon entry, installation of surveillance cameras, shredders, and storing devices in locked cabinets.
●Telework
In telework, employees may use their own devices. Since they are away from the robust security environment of the office, device management and physical security measures will be left to the individual.
Different Section.3 Management of Security Software
●Office
Office devices have security software pre-installed, and updates are applied by the administrator as needed.
●Telework
Since employees manage their devices, the installation and updates of security software will be the individual's responsibility. Employees must always implement the latest security measures.
Section 4: Data Storage and Access
●Office
Data storage is typically done using on-premises servers or cloud services. Access is usually permitted only within the office, and access rights are controlled by administrators.
●Telework
In telework, data is accessed via VPNs and cloud services. Since internal data is connected from outside, such as employees' homes, secure access control is essential.
In private spaces such as homes and public facilities, unlike in the office where colleagues are present, it is easy to let your guard down. As a result, the likelihood of issues related to information security may increase.
* For information on corporate information security, please refer to the blog below for a detailed explanation
What is Information Security Training? Introduction to Implementation Methods and Material Creation
2. What are the information security risks in telework?
What kind of information security risks are of concern with telework? Here, we will list the potential risks.
Risk.1 Loss or Theft of Devices
In telework, there is a risk of loss or theft when using business laptops outside the company. In particular, external hard drives and USB memory sticks used to carry data are smaller than laptops, increasing the risk.
Risk.2 Data Eavesdropping by Third Parties
Public Wi-Fi available in places like facilities and restaurants may not be encrypted. Therefore, keep in mind that there is a risk of data eavesdropping by third parties. Of course, even with your home Wi-Fi, if encryption is not set, similar risks can occur.
Risk.3: Lack of Measures for Personal Devices
Management of personal devices is left to individuals. Therefore, some may not have security software installed, or there may be computers that are already infected with malware through free software. This could lead to the risk of data leakage.
Risk.4 Information Leakage at Home
When working from home, there is a risk that family members or housemates may come into contact with personal information or confidential data, such as a family member using the work PC or a child taking printed data out. Furthermore, if printed data is simply thrown away as garbage, there is also a risk of information leaking to third parties.
Risk.5 Recovery Takes Time
Losing business data or accidentally deleting it are mistakes that can happen anywhere, but in the case of telework, it is often seen that recovery takes longer because there are no reliable colleagues nearby.
Failing to recognize the risks of telework and neglecting information security measures can lead to serious incidents, such as data breaches, PC takeovers, and the spread of viruses. As a result, it is possible that not only individual employees but also, in some cases, the entire company and society as a whole may be affected.
3. Three Measures to Prevent Information Security Risks in Telework
As explained so far, there are various information security risks in telework that differ from those in the office. To avoid these risks, it is important to implement measures such as the following.
Countermeasure 1: Establish and Comply with Rules
To ensure that employees can work remotely safely and smoothly, and to prevent unnecessary risks, companies should establish clear operational rules for telework. For example, it is important to detail the framework regarding which tasks telework will apply to, which devices can be used, and how personal information will be handled. Additionally, it is required that all employees understand and comply with the operational rules.
Measures.2 Each employee must acquire knowledge and change their awareness
In order to adhere to operational rules and act in accordance with norms, each employee must share responsibility for information security and change their awareness. To achieve this, it is important to understand the risks associated with telework, acquire the correct knowledge, and deepen the understanding of information security. Additionally, in the event of an incident, it is essential to learn appropriate response methods, as employees working remotely cannot immediately rely on others for assistance.
Measures 3: Do not neglect technical measures
Technical measures refer to actions that strengthen information security settings from either the hardware or software perspective. Even if operational rules are established and awareness is improved, security cannot be enhanced without the accompanying software or hardware to realize those measures. Let's not neglect technical measures such as reviewing security software and improving the internet environment to enable safe telework.
By implementing these three measures, it is expected to minimize information security risks in telework and prevent incidents.
4. Summary
While telework enables flexible working styles, it has become clear that paying attention to information security is even more important than in the office. Additionally, since work will be conducted in places where supervisors and managers cannot oversee, it is crucial for each employee to fully understand their responsibility towards security and deepen their knowledge.
Therefore, we recommend e-learning. E-learning, which allows for learning regardless of time and place, is a great match for telework. Employees can easily learn about information security knowledge in telework at their convenience.
Human Science offers a variety of e-learning materials related to information security. In light of recent circumstances, we have released a specialized course on "Information Security for Telework and Remote Work." This course provides detailed explanations of practical security measures, including device management, how to improve the work environment, and preparations for emergencies.
For more details, please refer to the e-learning site of Human Science Co., Ltd.
