Column

Information systems and Internet-based data management are now indispensable tools for companies. There is no doubt about its convenience, but let us remind ourselves that there is another aspect to it. Data management over the Internet is connected to the rest of the world and is therefore always open to attack from outside. A leak of information due to unauthorized access can damage a company's brand image and cause significant damage, so robust security measures are a major issue for companies. In this issue, we will introduce the methods and key points of security measures taken by companies. Let's take a look at your company's security measures once again. What are security measures? In the modern IT age, companies and organizations store a great deal of information on their systems, including important trade secrets and personal information of customers and employees. If these information is leaked or the data is corrupted, the company will suffer serious social damage, and in some cases, there is a possibility of declining business performance or even bankruptcy. Companies take a variety of security measures to protect their information resources. Back to Table of Contents Three Elements of Information Security Information security, a measure to prevent information leaks and data corruption, consists of three elements: confidentiality, integrity, and availability. Information security is sometimes referred to as "CIA," an acronym for these elements. Let's review each element in more detail. Confidentiality: only authorized persons have access to the information Completeness: the information is accurate and not tampered with or over- or under-performing Availability: access to the information when needed until it serves its purpose It is important to be aware of these three elements when handling important information. Back to Table of Contents Difference Between Information Security and Cyber Security In addition to information security, there is another type of security measure called cyber security. Cyber security is a way to deal with threats to information security. While information security focuses on how information is handled, cyber security focuses on how to counter so-called cyber attacks. The two are not entirely different, but rather the concept of cyber security is included in information security. Let's take a closer look at the following to see which cases actually pose a threat to information security. Back to Table of Contents Specific Examples of Security Damage Here are four examples of actual security damage. Example 1: Malware infection Malware is a general term for programs or software that can cause detriment to a user's device. Ransomware and Trojan horses are also a type of malware. When infected with malware, important information can be externally leaked or data can be destroyed, rewritten, or lost. Example 2: Information leakage and theft Information leaks occur not only due to malware infection, but also unintentionally due to changes in the work environment, such as telework. There are also cases where an individual employee takes a computer or data containing confidential information and it is stolen. Specific example (3) Unauthorized access Unauthorized access can result in the leakage of confidential information, service outages, and website tampering. Example 4: Equipment failure due to disasters, etc. Natural disasters such as typhoons, earthquakes, and lightning strikes can cause servers and electricity to become unavailable and information systems to shut down. Back to Table of Contents How Companies Take Security Measures So what are some of the actual security measures that companies take? Let's review countermeasures for each specific case. Countermeasure 1: Countermeasures against malware infection Security software is an effective way to prevent malware infection. Do not just install the software, but update it regularly to the latest version. Malware is constantly being created and becoming more sophisticated, so it is dangerous to keep old virus definition files. Countermeasure 2: Information Leakage and Theft In addition to using security software, it is important to raise employee awareness of security through training and other means. Set rules for taking documents and PCs out of the office, and establish certain restrictions on employees' handling of information. Countermeasure 3) Measures against unauthorized access Unauthorized access is caused by system vulnerabilities. To prevent unauthorized access, properly manage accounts and install encryption technology. Also, installing a firewall to block unauthorized access is an effective measure. Countermeasure (4): Measures against equipment failure due to disasters, etc. Natural disasters are unpredictable. It is necessary to take measures such as frequent backups and deployment of backup systems on a regular basis. Backup data should be stored in a separate location. Important documents should be stored in a safe to protect them from disasters. Back to Table of Contents What Information Security Measures Should SMEs Take First? Information security measures are not just for large companies. Small and medium-sized enterprises (SMEs) are also required to have solid security measures in place. However, it is not realistic for small and medium-sized enterprises (SMEs), which tend to lack budget and human resources, to take various information security measures as large enterprises do. So, where should they start? Below are three high-priority measures that can be implemented even with a limited budget. (1) Strengthen computer security Update your OS and other software frequently to keep it up-to-date. We also recommend installing security software. Security software for corporate use allows you to manage all of your company's terminals at once. We recommend this software because it can improve the security of company PCs by restricting the viewing of websites not related to business, restricting connections to external storage, and so on. (2) Thoroughly educate employees Security measures are meaningless unless they are followed by all employees. To achieve information security, it is essential to raise the awareness of each employee. Training is an effective way to ensure that employees are well informed about security. Thoroughly educate employees on measures to prevent information leaks, such as taking measures to prevent e-mail misdirection, setting easy passwords, not clicking on suspicious URLs, and using social networking services. 3) Measures for telework Telework has become widespread in recent years, but working outside the office entails risks such as information leaks and virus infection. First, establish company rules for handling and taking out data during telework. In addition to using anti-virus software on the terminals used during telework, be sure to use secure lines for network access. Make sure everyone is aware that using public Wi-Fi and other means of accessing the network may pose the risk of virus infection and information leaks. Back to Table of Contents SUMMARY In today's IT-oriented world, information systems and the Internet are essential for any company. While these systems offer great convenience, it is important to note that they also carry risks such as information leaks. If a system malfunction occurs and service is suspended, the company's image will be damaged and business performance may be affected. Information security covers a wide range of measures, including countermeasures against unauthorized access, malware, and natural disasters, but the first step is to thoroughly educate employees. Raise employees' awareness of information security and protect the company's information. To raise awareness of information security within your company, please use the information security training contents of "learningBOX ON". learningBOX ON is a service that makes it easy to add training contents that are essential for companies to learningBOX, an e-learning creation and management system. The service allows you to easily add the training content required by your company to learningBOX, an e-learning creation and management system. You can easily design your own original learning courses by combining the content with your own in-house content. We encourage you to use this service for your in-house training programs, as the contents of information security and compliance training courses are available free of charge. ▼Here's another recommendation! Also read Back to Table of Contents

December 20, 2022 Dear Customer Notice of Revision of LearningBOX Terms of Use Thank you for using learningBOX. The following revisions have been made to the learningBOX Terms of Use. We apologize for any inconvenience caused before and after the revision date, and appreciate your understanding. The following is a summary of the changes 1 Date of revision and effective date: Wednesday, January 25, 2023 2 Revised Terms: learningBOX Terms of Service 3 Major Changes: LearningBOX Terms of Use Article 4.3 added that screen design and its warranty are not covered by the service. In Article 12, deleted the description of initial delivery for customization options (formerly "design customization"). Article 13.6, Scope of Our Responsibility, added that our responsibility for design is not included in the scope of our responsibility. Please click here for details (this link will be closed after the effective date). 4 Notes For users of the Free Plan (free plan), please note that users (registered members) will not be able to log in if the owner-manager does not agree to the new terms after the effective date. For those who have signed up for a paid plan, the service can be used as usual regardless of the classification of the owner-manager or users (registered members). If you have any questions regarding the revised terms and conditions, please contact us at the following e-mail address: sales-team@learningbox.co.jp (*We are operating on a reduced scale of support in order to prevent new coronavirus infection. Thank you for your understanding and cooperation.)

In recent years, many companies have come to realize that the danger of information leaks lurks close at hand. This is because cybercrime techniques are becoming more sophisticated every year, and any company can be targeted. In addition, there are cases where information leaks occur due to human error within a company against the backdrop of insufficient employee training and other factors. This section describes the risks that such information leaks pose to companies, measures to prevent such leaks, and the response flow in the event of an outbreak. Let's review your company's information leakage countermeasures. List of risks posed by information leaks In recent years, more robust measures have become necessary to reduce the risk of information leaks. There have been many cases of serious information leaks that could not be handled by conventional security measures alone. One of the reasons for this is the spread of telework due to the spread of the new coronavirus infection, and the proliferation of mobile terminals, including smartphones and tablets for business use. According to a survey by the IPA (Information-technology Promotion Agency, Japan), "attacks targeting telework and other new-normal work styles" have been newly ranked among information security threats since 2021. First, here is a list of risks to be aware of. Reference] "10 Major Threats to Information Security 2021" (Information-technology Promotion Agency, Japan) ＜List of risks posed by information leaks Classification Risk Examples of actual events Primary risk Victims of identity theft and fraudulent use Unauthorized use of a customer's credit card Hijacking of corporate SNS accounts Spread of spoofed corporate emails Compensation for damages and criminal penalty ・ Imprisonment of up to 1 year or a fine of up to 500,000 yen for the perpetrator ・ Payment of 10,000 yen to all victims ・ Distribution of 500 yen golden tickets to all victims Web site is tampered with Unintended advertisements are displayed Automatic access to another site Malware infection of the viewer Secondary Risks Loss of public trust Termination of transactions with important customers Market share will decrease Negative publicity spread on social networking sites Lead to employee anxiety and distrust Increased resignations Workplace atmosphere deteriorates Become a victim of identity theft and fraudulent use Spoofing is the act of a third party pretending to be someone else on the Internet, leading to the misuse of personal information such as IDs, passwords, and e-mail addresses. There are concerns that emails impersonating a company may be spread, customer credit cards may be used fraudulently, and company social networking accounts may be hijacked. Damages and criminal penalties If a leak of personal information is discovered, you may be subject to a government order to take action or a fine. the revision of the Personal Information Protection Law, which went into effect in April 2022, has strengthened the measure order and the fine. Violation of a measure order carries a penalty of up to one year in prison or a fine of up to one million yen. In some cases, information leaks may also result in civil liability for damages. This is because information leaks constitute a tort that illegally infringes on the rights and interests of others. Furthermore, apart from damages, there have been cases in which companies have paid apology money in the form of golden certificates, electronic money, or points. Reference: "2020 Revised Personal Information Protection Law" (Ministry of Internal Affairs and Communications) Web site tampering There is a risk that a malicious third party will gain unauthorized access to a website by targeting its vulnerabilities and falsify its content without your knowledge. In addition to displaying advertisements that have nothing to do with the company's business, there are also methods that allow users to be redirected to fake sites or infected with malware, so caution is required. Damage to social credibility Leakage of information can damage the trust of business partners and customers, and cause a loss of social credibility and brand image; there are also concerns about reputational damage on social networking sites and a drop in stock prices. If an incident leads to the inevitable suspension of business activities or service operations, it could result in significant losses. Lead to employee anxiety and distrust Information leaks can also have a significant impact on the company. Employees may become anxious and distrustful of the company, and their motivation for work may easily decline. It is also important to note that employees are more likely to become overworked and stressed when dealing with outside parties after an accident, which may lead to an increase in the number of employees leaving the company. Back to Table of Contents Major Causes of Information Leakage and Examples of Risk Reduction Measures What are the main causes of corporate information leaks? Take measures for each cause to ensure thorough information management in your company. Major Causes of Information Leakage The causes of information leaks can be broadly classified into three main categories: leaks due to internal human error, intentional leaks from within, and leaks due to external attacks. In order to prevent information leaks, it is necessary to implement measures from multiple angles depending on the cause. . Classification Main cause Source Cause of Occurrence Internal Human error Lost or misplaced Careless conversations or social networking Mishandling of e-mails or systems Full-time employees Retirees Outsourcing Part-time workers, part-timers, etc. Contractors, etc. Carelessness Lack of knowledge, etc. Intentional Unauthorized removal Unauthorized manipulation Economic reasons Economic reasons, etc. External Malicious attacks Cyber attacks Malware infection Eavesdropping or theft Single or organized crime Single or organized criminals Domestic/international, etc. Examples of countermeasures against information leaks [by cause Human errors such as "lost and misplaced," "mishandling," "mismanagement," and "theft" account for more than 60% of the causes of information leaks. These are figures published in a 2018 survey by the Japan Network Security Association. [Reference] "Survey Report on Information Security Incidents in 2018" (Japan Network Security Association) These results indicate that there are relatively many information leaks that can be avoided depending on employees' knowledge and awareness of security information. Measures such as periodic training and the formulation of guidelines and rules are effective. The following table summarizes effective information security measures for each cause of human error. Please refer to it for reference. . Causes Examples of Countermeasures Administrative error Do not connect personal computers to the company network Shred paper documents without fail. Use different e-mail addresses for work and private use. Do not leave the office without locking the work computer. Mishandling Implement a system to prevent e-mail from being misdirected Implement a system to prevent e-mail from being misdirected Encrypt transmitted data Lost and misplaced, lost wiretaps, theft Do not leave luggage on train racks Do not take company information home Do not use USB memory sticks or other portable storage media Do not send out information related to work on social networking sites. Do not talk about work in public places such as elevators and pubs. Back to Table of Contents Response Flow to Limit Risk in the Event of an Information Leak If an information leakage incident occurs at your company, use the following flow to respond promptly. Finally, here is the response flow that should be confirmed in case of an emergency. Step 1: Confirmation of the actual situation and immediate reporting When signs of an information leakage or the impact of a leakage are confirmed, immediately report the situation to the person in charge. First, the person in charge will establish an internal system and the policy and details of the primary response. In doing so, please be careful not to inadvertently manipulate the equipment used so as not to erase any evidence that may provide clues to the cause of the problem. For example, do not delete emails or files related to the situation. Step 2: Initial response to prevent secondary damage Next, emergency measures are taken to prevent the spread of information leaks and secondary damage. In some cases, measures such as temporary suspension of services may be considered. In the case of personal information leaks, it is also necessary to contact the affected person and ask him/her to change his/her password or stop using the service. Step 3: Investigate the cause and disclose information After conducting fact-finding investigations to determine the cause of the information leak, accurate information is disclosed to the public. What is important is to disclose information with a high degree of certainty and evidence. Please be careful to avoid releasing information that may cause confusion, such as ambiguous information or speculation. Step 4: Reporting and publicizing to the relevant authorities In order for companies to fulfill their accountability for information leakage incidents, they must report the incident to the relevant authorities and make a public announcement. In addition to notifying suppliers and customers, it is also necessary to report the incident to regulatory authorities, the police, and the Information-technology Promotion Agency (IPA). The timing of public announcements should be established after considering whether there is any risk of damage escalation. Step 5: Consideration and implementation of measures to prevent recurrence After the initial response is completed and business activities and services are restored, we will work on measures to prevent recurrence. We will identify the issues based on the cause of the information leakage and implement countermeasures, as well as compensate damages to the victim and discipline the employee. Depending on the details of the public announcement of preventive measures, there is a risk that a third party may learn of the vulnerability, so the scope of the public announcement should be carefully considered. Reference】 "Collection of points to deal with information leaks" (Information-technology Promotion Agency, Japan) Back to Table of Contents Preparing for the Risk of Information Leakage We have introduced countermeasures to prepare for the risk of information leaks and a response flow to minimize damage. The majority of information leaks are caused by human error on the part of employees. Improving internal information security education is believed to be the key to reducing risk. Be prepared for any eventuality and focus on employee education. Please use the information security training contents of "learningBOX ON" to inform your employees about information security within your company. LearningBOX ON" is a service that makes it easy to add training content required by companies to learningBOX, an e-learning creation and management system. You can easily design your own original learning courses by combining them with your own in-house content. Content for information security training and compliance training, for example, is available free of charge, so please take advantage of this service for your in-house training. ▼Here's another recommendation! Also read. Back to Table of Contents

Information leaks by companies are often caused by a lack of employee literacy, and information security education is becoming increasingly important. When trying to establish knowledge through in-house training, we recommend the use of an e-learning system. This article provides examples of content and how to select services when conducting information security training via e-learning. We also introduce services and materials that are useful for creating content. Types of e-learning content for information security training Information security training is generally provided through group training or e-learning. There are many learning areas in e-learning content for information security training, so select and prepare appropriate content in consideration of the purpose of the training and budget. Examples of Information Security e-Learning Content Security incidents, including personal information leaks, can occur regardless of the nature of the business. Factors that may cause such incidents range from loss of information assets to cyber attacks. Therefore, when conducting information security training, it is advisable to target all employees, regardless of contract type or position. The following is a list of examples of e-learning content for information security training. Understanding the Personal Information Protection Law and proper handling of personal information Rules and risks of using social networking services Compliance Targeted Attack Email Threats and Response Measures Importance of information asset and device management Recent examples of information security incidents ID and password management Importance of supply chain security Security Risks in Using Cloud Services Back to Table of Contents How to Select E-Learning Content for Information Security Training Various services offer e-learning for information security training. What criteria should be used to select the right one to use for employee training and to improve the security awareness of the entire company? Here, we explain the key points for selecting e-Learning for information security training. Is the learning area general-purpose or specialized? E-learning learning areas can be divided into "general-purpose" and "specialized" depending on the service offered. General-purpose The general-purpose type is characterized by offering a wide range of learning areas that are in high demand by companies. Content includes not only information security training, but also business manner training and harassment training. If you want to choose from a wide range of options according to the needs of the moment, the general-purpose type is recommended. Specialized type The specialized type is characterized by providing specialized content in a particular field of study. Therefore, the specialized type is recommended when you want to increase the quality and frequency of training in a specific field of study. For example, a typical example is a case in which a company has a policy to intensively reinforce training related to information security over the medium to long term. Select a service that offers the learning areas you want to focus on according to your company's issues related to information security. Is content customization flexible? E-learning services differ in their customizability depending on the provider. Specifically, e-learning services can be categorized into two types: those in which the original content created by the provider is used without editing, and those in which the content is customized for the company's own use. To optimize the content of information security training for your company, it is recommended to introduce a service that offers flexible content customization. Employee literacy and the know-how required for business operations differ from organization to organization. By choosing a service with excellent customizability, you can improve the training content according to the employees' level of understanding and the status of their participation, thereby enabling continuous information security education. Is the fee structure and amount appropriate for your budget? The type and amount of fees for e-learning services vary from provider to provider. Some offer free e-learning services, some charge a monthly subscription fee, some only require an initial fee, and some charge a fee for each course taken. When introducing an e-learning service, be sure to set aside a budget in advance and confirm that the type and amount of fees for the service you are considering using are commensurate with your budget. It is also important to take advantage of free trials to determine if the service is easy to use and cost-effective. Back to Table of Contents Useful Information for E-Learning Information Security Training Finally, here are some useful contents and services for conducting information security training via e-learning. Select the most appropriate service based on the functionality you require, the scale of use, and the frequency of use. IPA "Information Security Measures Support Site The IPA (Information-technology Promotion Agency, Japan), under the jurisdiction of the Ministry of Economy, Trade and Industry, makes materials on information security measures available to the public. The page introduces specific security measures according to the purpose and situation, such as web conferencing, teleworking, and long vacations. It can also be downloaded and used as training materials or handouts. You may want to take a look at this page, as it can be easily viewed without the need to log in. Reference] Guidebook for Countermeasures | IPA Information-technology Promotion Agency, Japan Ministry of Internal Affairs and Communications "Cyber Security Site for Citizens This is a website of the Ministry of Internal Affairs and Communications (MIC) that provides basic knowledge of information security and countermeasures. For countermeasures in companies and organizations, the curriculum is divided by roles, such as executives, employees, and information management personnel, and is designed to be easy to use for company-wide training programs. The page also includes videos and documents of past online courses on information security measures, and PDF documents can be downloaded and distributed, which will be helpful in consolidating knowledge. Reference] Cyber Security Site for Citizens｜Ministry of Internal Affairs and Communications e-learning system "learningBOX learningBOX is a learning management system that allows you to conduct employee training online. It covers all the functions required for e-learning, including the creation of teaching materials and tests, grading, and management of course histories, and is useful for in-house production of information security training. In addition, "learningBOX ON" makes it possible to add existing training content to the learningBOX. In addition to information security training, content such as harassment training, business manner training, and compliance training is available free of charge, and original learning courses can be easily designed by combining them with in-house content. Up to 10 accounts are available free of charge, so please feel free to try it out when conducting information security training via e-learning. Back to Table of Contents Conduct Information Security Training via e-Learning to Improve Learning Efficiency In this issue, we have explained how to select content and services when conducting information security training via e-learning. In today's world where information management risks are becoming more complex and diverse, companies are required to actively invest in information security measures. In-house training is one type of such training, and e-learning makes it possible to provide content tailored to the literacy and hierarchy of employees. By implementing information security training via e-learning, you can both consolidate knowledge and improve learning efficiency. In addition to information security training, learningBOX ON also offers free access to essential in-house training content, such as harassment and compliance training, for use in your in-house training programs. ▼ We also recommend this one! Also read Back to Table of Contents

New contents are now available for "learningBOX ON," a service that allows you to add essential corporate training contents to your learningBOX! The new content is a collaboration with "BUSINESS LAWYERS COMPLIANCE: Learn compliance through drama" by Lawyer.com, Inc. and is designed to help students empathize with the content and keep them engaged throughout the course. ≫ For more information on BUSINESS LAWYERS COMPLIANCE × learningBOX, click here. We would like to introduce some of the contents of the program, so if you are in charge of human resources or training, please check it out. Notice We have started to provide e-learning contents on compliance in cooperation with Lawyers.com, Inc. BUSINESS LAWYERS COMPLIANCE", a video content provided by "BUSINESS LAWYERS", the largest portal site for corporate legal affairs in Japan operated by Lawyer.com Inc. Compliance" is now available on learningBOX ON to support e-learning and in-house production of in-house training programs. Back to Table of Contents What is BUSINESS LAWYERS COMPLIANCE? BUSINESS LAWYERS" is one of Japan's largest corporate law portal sites with approximately 690,000 monthly visitors. The latest legal amendments and judicial precedents are explained by 939 experienced corporate lawyers and attorneys. One of the contents is "BUSINESS LAWYERS COMPLIANCE: Learn Compliance through Drama," in which compliance issues that arise in the field of business are presented through dramas under the supervision of lawyers. The program is designed to provide a "fun" experience that has not been available in conventional training programs, while also focusing on the key training points, allowing compliance training to be conducted as if watching a drama. Back to Table of Contents Contents Here are some of the free contents of "Drama to Learn Compliance". All of the content in "Drama to Learn Compliance" is supervised by attorneys and includes commentary based on the legal system and the views of ministries and agencies. From basic knowledge of compliance to contents on fraudulent accounting, whistle-blowing, copyrights, and contracts, the dramas expand on compliance issues that are "a thing" in actual business operations. Each video is compact and condensed in its key points, and can be taken at any place and at any time, according to the timing of the individual, even during a gap in time. In addition to compliance, the videos also include content on information security and harassment, enabling the speedy creation of reliable training materials. What is Compliance｜Is your company in danger if you are not honest? Compliance in the New Era The drama on the basics of compliance is carefully explained, including the types of laws that must be observed. Management and Harassment｜Do Not Cross! Boundary line between cautionary guidance and harassment The drama about managers and harassment revolves around the difference between cautionary guidance and harassment, with "one thing" that tends to happen in the company. Information Security｜Beware of "spam mail," which can steal important information with a single click. In the drama on information security, you can learn what you should pay attention to in an easy-to-understand manner, including recent spam mail tactics. Back to Table of Contents How to Use Any user registered on learningBOX can view the free training content on learningBOX ON. Through this collaboration, users will be able to further utilize the free and paid contents of BUSINESS LAWYERS COMPLIANCE to build an efficient training program suited to their needs. Here we introduce how to use BUSINESS LAWYERS COMPLIANCE x learningBOX. If you are already using learningBOX (1) Log in to learningBOX ②Go to "Contents Management (3) Press the "+" icon for content management (4) Select "learningBOX ON" > "BUSINESS LAWYERS COMPLIANCE" > "Free Trial Course" in the menu. (5) "BUSINESS LAWYERS COMPLIANCE" will be added to the course list. New Registration If you have not yet registered with learningBOX, you can use almost all functions (excluding paid options) for free and indefinitely for up to 10 people, so please give it a try. ≫ Click here to register for free. If you are a new registrant, "BUSINESS LAWYERS COMPLIANCE" is already registered in the course list when you log in, so you can use it immediately. BUSINESS LAWYERS COMPLIANCE also offers paid content, please click here for details. Back to Table of Contents SUMMARY We introduced the new content of learningBOX ON, BUSINESS LAWYERS COMPLIANCE, which can be viewed on any device (PC, tablet, smart phone) and is recommended for companies that want to conduct compliance training from home. We also recommend this service for companies that want to conduct compliance training from home. We also recommend this service for companies that wish to conduct compliance training from home. We also recommend this! I also want to read Back to Table of Contents

Although the advent of the Internet has made information management more important than ever, there have been many cases of information leaks due to delays in response. When information leaks occur in a company, not only is the company's image tarnished, but it may also result in claims for damages and other problems that could affect the continued existence of the business. In order to reduce the above risks, it is important to take measures in advance. This article therefore explains the key points of information leakage countermeasures and the main causes of information leaks. Specific measures and points for information leaks Companies manage a great deal of highly confidential information, and once leaked, the consequences are immeasurable, including loss of trust from business partners and payment of large amounts of compensation for damages. To prevent such a situation, take measures against information leaks by referring to the following points. <Specific examples and key points of information leakage countermeasures Subject Specific examples and key points of countermeasures Employees Establish guidelines and rules Conduct regular information security training Restrict or prohibit information and equipment from being taken out or brought in Introduce a system to prevent misdirected e-mails Prohibit the easy abandonment or disposal of information Prohibits careless public dissemination of information Outsiders Keep IDs, passwords, and other information strictly confidential Install and update security software Perform regular system updates and vulnerability checks Information Leakage Countermeasures and Key Points for Employees Establish guidelines and rules In order to prevent human error, rules must be developed and implemented in accordance with company-wide guidelines. The policy indicated by management and the operational issues in the field should be reconciled in both directions. In doing so, it is a good idea to refer to the guidelines published by the Information-technology Promotion Agency, Japan (IPA). Reference: "Guidelines for Information Security Measures of Small and Medium Enterprises, Third Edition" (Information-technology Promotion Agency, Japan) Information security education should be conducted regularly. It is also important to conduct regular information security training to increase employees' knowledge and awareness of information security. Regardless of the nature of their work, employees should always be aware of the risk of information leaks, which will lead to an increase in their security awareness. It is easier to avoid risks if all employees involved in the business are targeted for training, regardless of the type of contract. Restrict or prohibit the taking out and bringing in of information and equipment To prevent information leaks due to loss or theft, it is important to restrict or prohibit the taking out of information assets and the bringing in of personal belongings. Operational rules should also be established in preparation for cases where taking out or bringing in information is unavoidable or when telework is introduced. Specifically, this may include obtaining permission from the responsible person, limiting the information and devices for which permission is granted, and so on. Introduce a system to prevent misdirected e-mails. To prevent information leakage due to misdirected e-mails or incomplete attachments, it is effective to introduce a system to prevent misdirected e-mails. The system is equipped with functions such as automatic sending after approval by the superior, automatic CC of the recipient, and reconfirmation before sending, and helps strengthen the information management system. Prohibit easy abandonment or disposal of information. To prevent the leakage of confidential information, it is necessary to prohibit the easy abandonment or disposal of information. If information is left in a state where it can be accessed by anyone, or if information is disposed of in a state where it can be retrieved or read, it may be used by a malicious third party. Establish rules such as not leaving documents and computers visible to outside parties when away from the office, and physically destroying electronic media and credit cards when disposing of them. Prohibit inadvertent public disclosure of information. Even if information is handled and disposed of properly, there are cases in which an employee's unspoken comments can lead to information leaks. Specifically, there may be cases where information obtained within the company is leaked through social networking sites, blogs, or in conversations with employees of other companies. Therefore, it is important to instruct employees to ensure confidentiality when conducting in-house training on information security. Back to Table of Contents Information Leakage Countermeasures and Key Points for Outsiders Strictly manage information such as IDs and passwords To avoid increasingly sophisticated external attacks, it is important to strengthen ID and password management. Thoroughly implement basic measures such as not using easy-to-guess character strings such as names, not using them repeatedly, and not managing them in locations that are visible from the outside. Install and update security software. Security software is an effective measure to prevent personal information leaks due to cyber-attacks, as it can deal with new methods that are difficult to deal with using standard OS functions, thereby reducing the risk of security incidents. It is also important to update the definition files to keep up with the ever-evolving methods and viruses. Regularly update your system and check for vulnerabilities. External attacks often target vulnerabilities in systems and applications. Therefore, to prevent information leaks by outsiders, system updates and vulnerability checks must be performed on a regular basis. In the unlikely event that a vulnerability is discovered, after confirming the degree of danger and impact, take appropriate action by installing new security tools or suspending or modifying the use of the system. Back to Table of Contents Major Causes and Incidents of Information Leakage The main causes of information leaks can be categorized as human error or intentional misconduct by internal staff and malicious attacks from outside. Here, we provide specific examples of each and the causes of occurrence. <Causes, sources, and contributing factors for information leaks Classification Main cause Source Cause of Occurrence Internal Human error Lost or misplaced Careless conversations or social networking Mishandling of e-mails or systems Full-time employees Retirees Outsourcing Part-time workers, part-timers, etc. Contractors, etc. Carelessness Lack of knowledge, etc. Intentional Unauthorized removal Unauthorized manipulation Economic reasons Economic reasons, etc. External Malicious attacks Cyber attacks Malware infection Eavesdropping or theft Single or organized crime Single or organized criminals Domestic/international, etc. Information leakage due to internal human error Information leaks due to internal human error are mainly caused by misplaced or lost recording media such as PCs, documents, and USB memory sticks, as well as mishandling of e-mails such as wrong destinations or attached files. Information can also be leaked due to careless conversations in public places. For example, it is possible that a third party may have heard your conversation in the lounge of an office building, in an elevator, in a café, or in a pub, so be careful. Statements such as, "Our company plans to go public soon ......," or "Next year's new product will have 00 technology ......" should be avoided. Other potential sources of information leaks include inadvertent transmission on social networking sites, such as posting confidential information prior to its release or personal information about customers. Even if anonymous, be aware of the risk of identifying the sender and the organization to which the sender belongs from the content of the message. Internal Intentional Leakage of Information Internal intentional information leakage can be caused by information being taken out of the company by a retiree. This may be due to financial reasons or distrust or dissatisfaction with the organization. Information leakage due to external attack Typical causes of information leaks due to external attacks are unauthorized access and malware infection. Malware refers to malicious programs or software that cause terminal malfunctions or information leaks. It causes leakage of personal and customer information, misuse of IP addresses, and other occurrences. Please also be aware of cases where information leaks are caused by theft through office eavesdropping or illegal entry. Back to Table of Contents How to Respond and Procedures to Follow in the Event of an Information Leak In the event of an information leak, immediate action is required to minimize the damage. This section provides a step-by-step explanation of how to respond in the event of an information leak. Step 1: Confirmation of the actual situation and immediate reporting First, immediately report any signs or effects of an information leak to the person in charge. Establish a response system centered on the person in charge, as well as the policy and details of the primary response. It is important not to delete e-mails or files or perform any other unintentional operations so as not to erase evidence that may provide clues to the cause of the leak. Step 2: Initial response to prevent secondary damage Next, take emergency measures to prevent the spread of information leaks and secondary damage. Measures such as shutting down the network or suspending services will be considered. In the event of a personal information leak, the affected party may be contacted and asked to change their password or stop using the service. Step 3: Cause Investigation and Information Disclosure The next step is to investigate the cause of the information leak; from a 5W1H perspective, investigate the facts related to the information leak and try to secure evidence. When countermeasures have been clarified, companies are required to promptly disclose the information to reduce the number of similar cases of damage. Step 4: Reporting to the relevant authorities and making public announcement The next step is to consider whether or not a report or public announcement to business partners, consumers, and relevant ministries and agencies is necessary. If transaction or personal information has been leaked, unless there is a specific reason to the contrary, the basic rule is to notify business partners and the individual concerned, apologize, and alert them to the possibility of secondary damage. If individual notification is difficult due to the wide range of people involved or the number of damages, a public announcement may be made on the company's website or at a press conference. If a crime is suspected, such as a request for money or unauthorized access, promptly report the incident to the police. Step 5: Consider and implement measures to prevent recurrence Finally, measures to prevent recurrence of information leaks are examined and implemented. Also, based on the investigation report, compensation for damages to the suspect and disciplinary measures for internal staff are considered in this step. Reference] "Key Points for Responding to Information Leakage" (Information-technology Promotion Agency, Japan) Back to Table of Contents Reduce Security Risks by Implementing Information Leakage Countermeasures Information leaks are a risk that can occur in any company. Since there are various possible causes, such as inadvertence by internal employees or attacks from outside, comprehensive measures must be taken to prevent leaks before they occur. Take this opportunity to implement information leakage countermeasures and reduce security risks. Please use the "learningBOX ON" information security training program to familiarize yourself with information leakage countermeasures within your company. LearningBOX ON" is a service that makes it easy to add training content required by companies to learningBOX, an e-learning creation and management system. You can easily design your own original learning courses by combining them with content created in-house. We hope you will make use of this service for your company's internal training programs, as content for information security and compliance training is available free of charge. ▼Here's another recommendation! Also read. Back to Table of Contents

New employee training is a training program that provides guidance and education to new employees to help them acquire the attitudes, knowledge, and skills needed to work. Although this is an important process for changing the mindset of students to working adults, many companies do not realize its full effectiveness. This is why we recommend the use of e-learning. In this issue, we will explain why training for new employees using e-learning is attracting attention, the benefits of implementing it, and the precautions and countermeasures to be taken. Background of the growing interest in e-learning newcomer training Demand for the use of eLearning in new employee training is increasing for many companies. eLearning Strategies Institute's research shows that the adoption rate of eLearning for new employee training will increase approximately 1.9-fold from 2018 to 2021. Reference] "Survey Report on Newcomer Training (FY2021)" (e-Learning Strategic Research Institute) One of the reasons for the increasing adoption rate of e-learning is that the spread of the new coronavirus infection has made it difficult to conduct group training that requires face-to-face interaction. With many companies introducing telework and staggered work hours, the characteristics of e-learning match the need to conduct new employee training in a non-contact manner. The use of smartphones and tablets is also a factor. e-Learning allows learners to watch courses anytime, anywhere, and at any time, as long as the administrator delivers the courses via a learning management system (LMS). e-Learning is easy to use even for new graduates who live far away from the company. E-learning is also easy to use, even for new hires who live far away, and its use in training new recruits is increasing. Back to Table of Contents Advantages of Conducting Newcomer Training through E-Learning If you are wondering how to conduct effective new employee training, we recommend using e-learning. Here we will discuss the advantages of using e-Learning for new employee training, from the perspective of both new employees and managers. Advantages from the New Employee Perspective Easy retention of knowledge through repetitive learning Because new employee training often covers a wide range of areas in a short period of time, it tends to be difficult to acquire all of the content in a single training session. Specifically, participants learn business manners, compliance, logical thinking, business document and document preparation skills, as well as legal knowledge and specialized skills. By using e-learning, you can learn repeatedly at your own convenience. You can review the content you did not fully understand or forgot at the first session and use it to consolidate your knowledge. To encourage new employees to repeat learning, we recommend choosing a system that supports easy-to-learn formats such as videos and quizzes. This will lower the barrier to learning and improve the effectiveness of the training. Easy to work at a learning pace that suits you E-learning is characterized by the ease with which learners can control their own speed and progress. You can learn at your own pace without worrying about not being able to keep up with your understanding or becoming anxious. On the other hand, in face-to-face group training, all new employees must learn at the same pace. Individual differences in understanding of the training content can easily arise, and there is a risk of stress. Opportunity to develop a habit of self-learning As working people become busy with their jobs, they tend to have fewer opportunities for continuous study. Many people start studying when they need to acquire a qualification, but are unable to make it a habit as it was when they were students. Introducing e-learning has the advantage of providing new employees with regular learning opportunities. If they are given the opportunity to develop the habit of self-study, self-improvement can be expected even after the completion of the curriculum, leading to human resource development. Advantages from a Manager's Perspective Reduces the burden of training preparation E-learning has the advantage of eliminating the need to make arrangements for instructors, reserve meeting rooms, and other preparations that are required for face-to-face group training. By using a system that allows you to start training using existing content or your own manual videos, you can reduce the burden on those who do not have a lot of time to spend on training preparation. Easy to manage learning progress Another advantage of using e-learning for new employee training is that the learner's progress can be centrally managed online. Alerts can be displayed when progress is delayed, and feedback can be given to learners whose test results are not improving, thereby reducing the burden on the administrator and increasing the effectiveness of learning. Back to Table of Contents What to Consider When Conducting Newcomer Training through E-Learning This section describes the points to keep in mind and countermeasures to take when implementing e-learning training for new employees, and how to maximize the effectiveness of e-learning by taking advantage of its merits and covering the points to be aware of. New employees tend to have a passive learning attitude. It is important to note that e-learning tends to be a training program that focuses mainly on viewing and learning. If there is little practical learning, there is a risk that opportunities to think and act spontaneously will decrease. We recommend building a training plan that combines e-learning and practical learning, such as role-playing, discussion, and on-the-job training. Difficulty in creating opportunities for communication In the case of group training, face-to-face interaction provides learners with natural opportunities to communicate with each other. However, e-learning tends to focus on self-learning, making it difficult for learners to communicate with each other. It is important to make effective use of the learning management system's internal SNS function and learning status sharing function to make it easier for new employees to interact with each other. It is necessary to provide the necessary environment for the course. E-learning is a form of learning that requires an Internet connection and a communications terminal. Therefore, if there is no telecommunication environment or equipment available to take the course comfortably, it will be necessary for the company to prepare the course environment. Specific measures that could be taken include lending tablet terminals or PCs, or downloading course materials and lessons when students arrive at the office to reduce the amount of communication space required. Back to Table of Contents Use e-Learning for New Employee Training to Get New Employees Up to Speed Quickly! In this issue, we have reported on the background, advantages, and points to note regarding the incorporation of e-learning into new employee training. Since new employee training requires learning a wide range of skills, from the basic skills necessary for working adults to practical skills, e-learning is suitable for this purpose because it allows the trainee to repeat the course at his or her own pace. Make effective use of e-learning with these points in mind, and help your new employees become competitive as soon as possible. If you are planning to implement e-learning for new employee training, please use "learningBOX". learningBOX is an e-learning system equipped with essential functions for in-house training, such as content creation and distribution, and course participant management. Courses can be designed in accordance with in-house training content, and tests can be easily conducted to check employee proficiency. The system's simple operability and reasonable price have been well received, and it has been adopted by many companies for training new employees. We also offer a free plan that allows you to use almost all functions, so please feel free to contact us for more information. ▼Here's another recommendation! Also read. Back to Table of Contents

Thank you for your continued patronage of our services. Please be advised that the specifications of some functions will be changed starting with the Ver. 2.20 release scheduled to be implemented in early December, 2022. Please refer to the following for details. Change in the method of re-uploading video materials MOVIE-3.0.0 will be the latest and stable version along with the addition of new functions for video materials. How to re-upload videos from Series 3 or later To re-upload a video, right-click Content Management > Video Materials, go to Video Slide Settings, delete the original video, and upload it. Add "PayPal Subscription" as a payment method PayPal Subscription" has been added as a new payment method when subscribing to a paid plan. Expanded functions of administrative privileges When downloading users (downloading registered user information), it is now possible to download information on administrative privileges that have been granted. In addition, an item for administrative privileges has been newly added to the CSV format used when registering users in batches. Change in Recommended Environment Support for some OS/browsers has been discontinued. For details, please refer to the notice of recommended environment change here.

Thank you for using our services. We will discontinue support for the following OS/browsers after the major version upgrade to Ver. 2.20 scheduled on December 14, 2022 (Wed.). Please see below for details. ■Out of supported OS: Android8, macOS11, iOS/iPadOS14 Supported browsers: iOS/Chrome Please note the following information after the support ends. If you use an environment other than the recommended environment, our service may not operate properly. We therefore ask that you use our recommended environment. Please check the recommended environment for learningBOX Ver2.20 here. https://learningbox.online/requirements/requirements-220/ Please also note the following After the end of support, you will not be able to configure the OS/browser settings in the settings of the devices that can be used for logging in. The OS/browser setting will determine whether login is possible or not according to the device setting. If you have registered the combination of iOS and Chrome in the settings for devices that can log in, the settings will be automatically disabled after the version is upgraded. Please consider changing the settings in advance or reviewing the settings of the login-enabled devices if necessary. For details on how to change the settings, please refer to the Login Enabled Device Settings. We apologize for any inconvenience this may cause you, but we appreciate your understanding and cooperation so that you can continue to use our service with peace of mind after the update.