Run-Up to the Tokyo Olympics – Teleworking Threats in the Security Spotlight
Earlier this week, police in Japan launched what was described as a “three day public-private cybersecurity exercise” focusing on the risks faced by teleworkers.
Teleworking, or working remotely, offers flexibility and convenience for millions of people who appreciate the benefits of not being physically present in the office, whilst being able to connect to the organisation’s network.
And it’s a particularly attractive approach in Tokyo, which will be hosting this year’s Olympic and Paralympic Games. 600,000 sports fans from around the world are expected to descend on the city, which already has a notoriously overcrowded public transport system, catering for more than 20 million travellers each day in the Greater Tokyo area.
The Japanese government’s plan to avert the expected travel chaos is to launch a “Telework scheme”, encouraging 3,000 companies to tell a total of more than 600,000 staff to work from home for at least two weeks from July 24 2020.
Which is all a fine plan, and perhaps better than offering free noodles to commuters who avoid rush hour trains, but what about the security of those teleworkers?
In this week’s cybersecurity exercise, staff from 58 organisations involved in critical infrastructure such as the power grid and transportation will have been given training on identifying malware infections and blocking attempts by hackers to gain unauthorised access to systems.
As Jiji Press describes:
“The drills are based on a scenario in which a computer virus intended for unauthorized access infected an employee’s device through a system vulnerability. Although attacks by the malware were blocked by an in-house security system, the malware was activated when the infected computer was taken out of the workplace for teleworking.”
“The virus then caused the computer to be infected with another virus, which extracts information, and the return of the device to the workplace caused the infection to spread, leading to information being stolen from the company, according to the scenario.”
As more and more of us find our careers revolve around working remotely rather than in the office, we must bear in mind the potential security risks posed teleworking.
Teleworking may be great for many things – but it can’t be disputed that it increases the chance of unauthorised users being able to gain physical access to your work’s devices, for malicious devices (such as USB sticks) to be inserted and potentially steal sensitive information, and for attackers to eavesdrop on Wi-Fi or network traffic.
System administrators may have good visibility over the office network, but are likely to know much less about how computers are being used remotely and what steps are being taken to ensure that their use is restricted to only authorised activities by authorised employees.
For in-depth advice about mitigating teleworking risks I recommend this white paper by the SANS Institute, which describes how remote PCs can be better defended when they are outside your organisation, and what you should do to ensure that they do not introduce a threat when they reconnect to your network.
*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Graham Cluley. Read the original post at: http://feedproxy.google.com/~r/BusinessInsightsInVirtualizationAndCloudSecurity/~3/BZ4QFDHkapM/teleworking-threats-security-olympics-tokyo
