Please select a language

Please select the country/region where you would like to introduce your business.

Contact Us
Contact Us

Please select a language

Please select the country/region where you would like to introduce your business.

Knowledge Key information security measures when smart-office enabling overseas locations

What are the security risks associated with smart offices? Explaining four strategies to reduce risk


img

With changes in work styles, many companies at the global level are advancing the efforts to create smart offices. However, a critical concern with smart offices is security. While the use of digital technology can create an excellent work environment, if security measures are inadequate, the risk of cyber-attacks increases.

This article introduces the main security measures that should be considered when promoting the smart-office transformation of your overseas locations.

1. Overview of smart offices

A smart office is an office designed to be efficient using digital technologies like IoT and AI. With significant changes in work styles in the wake of the COVID-19 pandemic, smart-office transformation is attracting global attention as a means to realize new ways of working.

Smart offices can provide the following benefits:

・Improved productivity and operational efficiency
・Realization of flexible work styles such as teleworking and satellite offices
・Differentiation in the job market, etc.

These can lead to improved performance across the entire company.

2. Security risks in smart offices

When advancing smart-office transformation at overseas locations, security risks must be considered. Here we will explain why security consideration is necessary for smart offices.

従来型セキュリティとゼロトラストセキュリティの概念図

Security risks in smart offices

Offices store various confidential information, such as sales data and personal information on PCs, and contracts in spaces such as cabinets. If not properly managed, confidential information can lead to serious incidents and potentially damage a company's reputation.

As mentioned earlier, the efficiency and flexible working realized by smart-office transformation are significant benefits. However, the introduction of digital technology also brings new security risks. For instance, digitizing documents and enabling access from anywhere can make operations more efficient, but if the digitized data is not properly stored and managed on servers or clouds, the risk of data leakage increases. While physically managed documents in storerooms were protected by physical access restrictions, digitized information adds the risk of online leaks.

Specific points to be vigilant about

Here, we introduce the main four security risks and countermeasures that need attention in the smart-office transformation of overseas locations:

1.  Security risks in wireless LAN environments
2.  Security risks related to physical spaces such as entry/exit control and room separation
3.  Security risks for IoT devices installed in the office
4.  Security risks when working outside the office

We will explain each of these security risks and their countermeasures in detail below.

3. Security risks in wireless LAN environments

First, we will discuss risks and countermeasures in LAN environments, which are crucial to work in the office.

従来型セキュリティとゼロトラストセキュリティの概念図

Security risks in wireless LAN environments

To create a smart office, a high-quality wireless LAN environment is indispensable. With a wired LAN, work can only be done where LAN cables can connect, but wireless LANs allow employees to work at any location without being confined to a fixed seat.

However, a wireless LAN without sufficient security measures can become a target for malicious attackers, who may steal personal and confidential information from it.

It is essential to be aware that office wireless LANs are not always safe. Even within the office, if appropriate security measures are not taken, there is a risk that wireless LAN signals can be intercepted from outside the office.

Countermeasures

The following security measures are necessary when constructing a wireless LAN environment. Although it is easy to set up a wireless LAN, unexpected risks can arise if care is not taken. When setting up the environment, it is also worth considering consulting with or requesting the help of vendors with specialized expertise.

Encryption of communications

To prevent eavesdropping and unauthorized access, communications should always be encrypted. The encryption method should be one with high strength, such as WPA2, because methods with low encryption strength can be breached by attackers.

Authentication settings and review

Use strong passwords or implement authentication using digital certificates to allow only authorized devices to access. If you use passwords for authentication, you should conduct regular reviews and password changes.

  • Separation of guest Wi-Fi and the corporate network
    When providing a guest Wi-Fi environment for visitors, it is essential that it be separate from the corporate network. Access from the guest Wi-Fi to the corporate network should be avoided.
  • Firmware updates
    Updating network device firmware can fix security vulnerabilities and prevent intrusions into the network and data theft by attackers.

Next, we discuss physical security risks within the office and spatial separation as a security measure.

Physical security risks in the office

In smart offices at overseas locations, the separation of physical spaces within the office is extremely important. Not just entry and exit management, but also internal area division and spaces handling confidential information need consideration.

Especially in smart offices, where free addressing can make it difficult to know who is where, there is an increased risk of intruders entering the office without notice. Therefore, security measures through the physical separation of office spaces are essential. Advanced technologies such as facial recognition for entry and exit management should also be considered.

Countermeasures

The following are measures against physical security risks in the office. Not only managing the entrance and exit of the office but also introducing zoning* inside and considering risk hedging for intrusion are necessary.

*Zoning refers to dividing office spaces according to function and purpose and managing confidentiality and security by limiting who can enter each space.

Office building entry/exit management

One can manage entry and exit to the office building using ID cards, facial recognition, keypads, etc. Each method has different costs and security strengths. For example, keypad authentication is less expensive but has lower security strength compared to facial recognition.

  • Zoning within the office
    If specific confidential information is handled within the office, zoning can be conducted. For example, organizations handling personal information may zone a part of the office for it. Contractors may also be subject to zoning. One can use partitions or dividers for spatial separation and complement this with entry control using ID cards.
  • Office information management
    To hedge risks in case of intrusion, consider using lockers with keys, surveillance cameras, and shredders. These limit intruders’ access to information and other items, enhancing security.

 

5. Security risks for IoT devices installed in the office

Next we will introduce security for IoT devices, which are often used in the smart-office transformation of overseas locations.

従来型セキュリティとゼロトラストセキュリティの概念図

Security risks of IoT devices

Utilizing IoT devices is crucial in smart-office transformation at overseas locations. Using IoT devices to manage conference room usage, automatically control air conditioning, and manage inventory and automatically order supplies can make various operations more efficient.

However, since these IoT devices are connected to the internet, they can be at risk of external attacks if security measures are neglected. Adequate security measures are required when using IoT devices.

Generally, the confidentiality of information handled by IoT devices is seen as low. For example, information such as conference room usage may seem of low importance. However, security risks for IoT devices not only include the leakage of information but also the potential to be used as a stepping stone for attacks. To prevent IoT devices from becoming entry points for attacks on internal servers and confidential information, security reinforcement of IoT devices is necessary.

Countermeasures

It is vital to implement the following measures to strengthen the security of IoT devices. As installation and configuration of devices may require specialized knowledge, utmost caution is needed.

Appropriate initial configuration

When introducing IoT devices, perform appropriate initial configurations. Limit the devices connected to the internet to the minimum necessary and approve only the necessary access.

  • Separation of IoT devices and the corporate network
    If possible, it is preferable to separate the network used by IoT devices from the corporate network. This prevents intrusion into the corporate network through attacks from IoT devices.
  • Device management
    Keep track of installed IoT devices through asset management. Removing unused devices or turning them off can reduce risk.

6. Security risks when working outside the office

In an era where working from home or satellite offices is commonplace, one must be cautious about information leakage.

The following are excerpts from the Ministry of Internal Affairs and Communications "telework security survey (FY R4)," showing the results of a survey on security measures implemented by companies. While 65.9% of companies are actively addressing "Malware countermeasures (virus protection)," many companies are still not sufficiently advancing measures in "data protection," "training," and "threat intelligence” (the process of collecting information about potential dangers and threats and organizing and analyzing that information), which are essential elements in teleworking*.

* These are the three measures that received the fewest "sufficiently implemented" responses in the survey. 
* Ministry of Internal Affairs and Communications:telework security survey (FY R4)

Security risks outside the office

The smart-office transformation of overseas locations includes teleworking from home or satellite offices. While telework has effects such as improving employee satisfaction, it also poses security risks that require attention.

The external environment outside the office is challenging to manage and poses various security risks. Risks include shoulder surfing of PCs in public places like cafes, airports, and hotels, data leakage and hacking due to the use of insecure Wi-Fi, and the risk of PC loss or theft. Particularly in regions with political instability, these risks are heightened.

Countermeasures

The following are the security measures that should be implemented when working outside the office. Strengthening security for telework at overseas locations can be further enhanced by data protection and authentication strengthening through using a VPN.

Information leakage countermeasures

To prevent information leakage during work outside the office, use privacy filters and restrict the use of free Wi-Fi.

Hard disk encryption of PCs

Encrypt the hard disk of PCs to prevent information leakage in the event of PC loss.

Safe connectionsto the corporate network via VPN

When connecting to the corporate network from outside the office, a VPN connection is recommended. By using a VPN connection to encrypt information, the security level can be strengthened.

7. Conclusion

We have focused on the security measures that should be taken in the smart-office transformation of overseas locations and introduced specific countermeasures. Achieving security in smart-office transformation is an essential element.

However, appropriate measures can be challenging to implement without sufficient knowledge of security. KDDI offers one-stop solutions for overseas offices, including IT infrastructure, interior construction, and furniture arrangement services. If you have any concerns about IT device security in smart-office transformation, please feel free to contact us. We will support you with optimal security measures using our expertise.

Additionally, please see below for an explanation of the points to consider and things to be aware of when first establishing, relocating, or renovating an overseas office.

Please consult a KDDI consultant.