Financial Security Institute Publishes Security Guide for Establishing a Safe Remote Work Environment
[Asia Economy Reporter Park Sun-mi] In response to the increasing trend of remote work due to the spread of COVID-19, the Financial Security Institute has published and distributed the "Financial Company Remote Work Security Guide," which outlines the security measures that employees of financial companies must follow when working from home.
On the 19th, the Financial Security Institute released the guide to help the financial sector establish a secure remote work environment while complying with regulations, in accordance with the Electronic Financial Supervision Regulation Enforcement Rules scheduled to take effect in January next year. The guide was developed after gathering opinions from the Financial Services Commission, the Financial Supervisory Service, and financial companies, and includes information protection control measures to be observed during remote work.
The guide categorizes security considerations for remote work into ▲external (remote) device security management ▲communication lines ▲internal network access control ▲authentication, and presents these as 'mandatory requirements' and 'recommended practices.'
External devices used by remote workers must have antivirus programs installed, and the use of operating systems such as Windows 7, which no longer receive technical support, is prohibited. Additionally, when using mobile devices instead of PCs as external devices, it is recommended to conduct a pre-check for jailbreaking (modifying the operating system arbitrarily) and apply additional security measures.
Furthermore, if external devices 'directly connect' to the internal network, the use of external storage devices such as USBs is prohibited, and protective measures like hard disk encryption to prepare for device loss should be applied to prevent the risk of data leakage. When connecting external devices to the internal network, a virtual private network (VPN) with security levels equivalent to dedicated lines must be used, and the use of open communication lines accessible to anyone is restricted. Also, IP addresses that can access the financial company’s internal network should be limited to the minimum, and two-factor authentication must be applied to prevent unauthorized access.
Financial companies must obtain security pledges from remote workers and prohibit remote access from public places such as cafes or PC bangs. The guide emphasizes, "The most important aspect of establishing a remote work environment is the internal security level," and stresses that "thorough security control measures must precede to minimize risks."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
