e-Learning Blog

There are differences in the working environment and security environment between office and telework. Let's first organize and understand those points.

〈Different Part 1〉Network Environment

●Office

In the office, a secure corporate internal network is generally provided, and access to internal servers and databases is controlled. In addition, communication is protected by hardware and network within the office.

●Telework

In addition to working from home, we also work from various locations such as coworking spaces and cafes where internet is available. Therefore, it is common to use home or public Wi-Fi, but caution is necessary as some may not be encrypted.

<Administration Department> Device management and physical security

●Office

In the office, we use devices provided by the company for work. These devices are managed based on our security policy. In addition, physical security measures are also taken in the office, such as authentication upon entry, installation of surveillance cameras, shredders, and locking and storing devices.

●Telework

In telework, employees may also use their own devices. As they are away from the secure office environment, device management and physical security measures will be left to the individual.

〈Different Part.3〉Security Software Management

●Office

Security software is pre-installed on office devices and administrators apply updates as needed.

●Telework

Employees are responsible for managing their own devices, including installing and updating security software. Employees must always take the necessary measures to ensure the security of their devices.

〈Different Part 4〉Data Storage and Access

●Office

Data is typically stored using corporate servers or cloud services. Access is usually restricted to the office and controlled by administrators.

●Telework

In telework, data is accessed through VPN and cloud services. Secure access control is essential as internal data is connected from external sources such as employees' homes.

Private spaces such as homes and public facilities are different from offices where colleagues are present, and it's easy to let your guard down. As a result, there is a higher possibility of troubles related to information security occurring.

※For information security of the company, we also explain in detail in the following blog
What is information security education? Introducing implementation methods and materials creation methods

What are the risks of information security that are of concern in teleworking? Here, we will list the possible risks.

〈Risk 1〉Device Loss or Theft
In telework, there is a risk of device loss or theft due to the use of work laptops and other devices outside of the office. In particular, external hard drives and USB memory devices used to take data out are smaller than laptops, making them more vulnerable to theft.

Risk 2: Eavesdropping by Third Parties
Publicly available Wi-Fi, such as in public facilities or restaurants, may not be encrypted. Therefore, keep in mind the risk of data eavesdropping by third parties. Of course, the same risk can occur even with your home Wi-Fi if encryption is not set up.

Risk 3: Lack of Measures for Personal Devices
Management of personal devices is left to individuals. Therefore, there may be computers that are already infected with malware through free software or without security software installed. This could lead to the risk of data leakage.

〈Risk 4〉Information Leakage at Home
When working from home, there is a risk of family members or roommates coming into contact with personal information or confidential data, such as using a work PC or taking printed data out of the house. Additionally, if printed data is simply thrown away, there is a risk of information leakage to third parties.

〈Risk 5〉Recovery Takes Time
Losing or accidentally deleting business data is a common mistake that can happen anywhere, but in the case of teleworking, recovery can often take longer due to the lack of nearby reliable colleagues.

If you fail to recognize the risks of teleworking and neglect information security measures, it could lead to serious incidents such as information leaks, PC hijacking, and becoming a foothold for virus spread. As a result, not only individual employees, but also the entire company and society may be affected.

As we have explained so far, in telework, there are various information security risks that are different from those in the office. To avoid these risks, it is important to implement the following measures.

〈Strategy 1〉Establish and Comply with Rules
In order for employees to work safely and smoothly in telework, and to prevent unnecessary risks, companies should establish clear operational rules for telework. For example, it is important to have a detailed framework in place, such as which tasks are applicable for telework, which devices can be used, and how personal information will be handled. It is also necessary for all employees to understand and comply with these operational rules.

〈Countermeasure 2〉Each employee must acquire knowledge and change their mindset
In order to follow operational rules and behave in accordance with norms, each employee must share responsibility for information security and change their mindset. To do so, it is important to understand the risks of teleworking, acquire correct knowledge, and deepen understanding of information security. In addition, in the event of an incident, it is essential to learn appropriate countermeasures as it is not possible to immediately rely on other employees in the case of teleworking.

〈Countermeasures.3〉Do Not Neglect Technical Measures
Technical measures refer to measures to strengthen information security settings from both hardware and software perspectives. Even if operational rules are established and awareness is improved, security cannot be strengthened without the necessary software and hardware. Be sure not to neglect technical measures, such as reviewing security software and improving internet environments, in order to achieve safe teleworking.

By implementing these three measures, you can minimize information security risks and prevent incidents in teleworking.

Telework, which enables flexible working styles, has been found to require more attention to information security than in the office. In addition, since work will be done in places where the boss or manager cannot see, it is very important for each employee to fully understand their responsibility for security and deepen their knowledge.

Therefore, what we recommend is e-learning. E-learning allows for learning anytime and anywhere, making it a perfect match for telework. Employees can easily learn about information security during telework at a convenient time for them.

At Human Science Co., Ltd., we offer various e-learning materials related to information security. However, in light of recent circumstances, we have released "Information Security for Telework and Remote Work" with a focus on teleworking. We provide detailed and practical explanations on how to manage devices, improve working environments, and prepare for emergencies.

For more information, please refer to Human Science Co., Ltd.'s e-learning site.

▶e-Learning Material "Information Security for Telework"