The world’s rapidly increasing cyber attacks do not know where to stay and are evolving their attack methods on a daily basis. Many companies regardless of size are good prey for attackers. The impact of cyber attacks continues to increase, regardless of the size of the company or organization. Most people will think security measures as just introduction of anti-virus software. It is not exactly precise, the introduction of anti-virus software can be said to be only the first step in security measures.
Regardless of security products, as a common pattern when introducing a new product, it is picked up within a preset budget, which limits the choice for small companies and startups. As a result, there is a risk that the expected effects cannot be obtained. With the introduction of virus software, the device is monitored for all processes from startup to shutdown. With the evolution of tablets and smartphones, more and more companies are accepting “new ways of working” regardless of where they work.
While there is concern that the working population will decline, it is clear that the recognition of flexible working styles such as teleworking can be expected to improve the productivity of society as a whole and is a positive trend. However, in terms of bringing out terminals that can carry the same amount of information as PCs, it poses a major security risk for companies. BYOD is here, and companies have no choice but to focus more on regulation. For tablets and smartphones, security measures that are the same as in the company environment are essential.
One of the problems with the increase in the number of terminals that can access the in-house system is “identification”. The increase of authentication information causes “use of password”. A single authentication with email address and password can easily break malicious intrusions. Therefore, “two-step authentication” of password + α (telephone, input of authentication code, etc.) is effective. With regard to two-step certification, security vendors are developing their products, so it is one way to introduce them.
Although virus infection from targeted emails is dangerous, recently, damage to “virus apps” that can not be distinguished from regular products has also been confirmed. By installing the app, there is a risk that the information in the smartphone will be extracted or the contents of the mail may be leaked, so it is necessary to use a dedicated check tool etc.
Problem of loss
Even in a company that has taken all possible security measures, it is said that it is impossible to prevent it completely. The problem is that the terminal itself is lost, such as “lost” or “theft”. We recognize that loss or theft is what happens and we have no choice but to choose a way to protect our information if it gets lost.
About the terminal of the retiree
Careful attention is also required when employees retire. In some cases, deleted data on the device may remain as a backup, or it may be synchronized on the cloud. In addition, let’s make sure that the retiree’s right to access the company’s system etc. is also deleted on the day of retirement. A relatively small company is found to have a personal computer for business use. There is no problem if the company’s terminal control is done correctly, but there are cases where the company system has been accessed without making an application, so care should be taken.
Related company’s security environment
This is also true for trading partners. If information sharing is to be performed, it should be performed after confirming the security environment of the sharing destination. In fact, there is a case where a company with weak security measures is taken and the information of a large company with transactions is stolen, so make sure to check before sharing the information.
Information security policy formulation
An information security policy is a set of rules that governs a company or organization’s overall guidelines and policies for maintaining information security. It is a declaration that “we take such defenses to protect confidential data and personal information from cyber attacks“. In the modern society where the damage from cyber attacks is increasing, it is one of the indispensable things as rule-making for company management.
Security measures software required
As security measures at the next stage, many remote data erasure services have been developed in recent years to cope with loss or theft. In addition to taking out outside due to work efficiency, security risk is hidden at the time of business trip overseas, etc., so some kind of product should be introduced.