In November 2020, the Japanese government's Minister of Digital Transformation, Takuya Hirai, announced that the Cabinet Office would discontinue the use of password-protected zip file email attachments (PPAP) for security reasons.
In today’s article, we will provide an overview of PPAP, its problems, and safe alternatives.
What is PPAP?
.jpg)
PPAP refers to the process of sending an encrypted file (with password) attachment in an email and then sending the password to unzip the file in a second email. As a part of security measures, this method is used by many companies and organizations, as well as government agencies in Japan.
The abbreviation "PPAP" was coined by IT consultant, Akira Ootaishi, and comes from the following terms (*1):
-
P: Password-protected file is sent.
-
P: Password is sent separately.
-
A: Encryption (“angouka” in Japanese)
-
P: Protocol
Do other countries use PPAP, or is it only used in Japan?
.jpg)
While PPAP is a common security measure in Japanese companies, in fact, it is rarely seen overseas where password-protected zip files tend to be viewed suspiciously and treated as potential virus vectors.
It is not clear why PPAP has become so popular in Japan, but it seems to be one of the unique business practices that have developed in Japan.
The history of PPAP
PPAP is widely used in Japanese companies, and in many cases, its use is even an official company security policy.
The origins of this practice can be traced back to the early days when email was first used for business purposes, and this method of sending password-encrypted zipped files by email and then providing the password through another channel (fax, paper document, etc.) was developed as a security measure.
The above method was thought to be useful in becoming a Privacy Mark certified entity and spread rapidly in Japan. However, faxing or sending paper documents became too cumbersome, so it was gradually decided that passwords could also be sent by email, simplifying the method. As a result, the use of PPAP in Japan has remained unchanged to this day.
Why is PPAP dangerous? Why is it being abolished by the Japanese government?
As mentioned at the beginning of this article, the Cabinet Office has decided to abolish the use of PPAP. (*2) In response, the Japan Institute for Promotion of Digital Economy and Community (JIPDEC), which operates the Privacy Mark system, has also officially announced the organization has never endorsed PPAP. (*3)
However, why is PPAP considered dangerous, and why is there a growing trend to abolish it? Below are five reasons:
▼ Sending encrypted zip and password separately by email provides limited protection.
There is little point in sending a password-protected zip file and the password in separate emails if hackers can access the email system. If the first email with the attachment is accessible, the second email with the password will be equally compromised.
▼ Security software cannot detect viruses in attachments.
Currently, many security software programs automatically scan email attachments for viruses. However, if the attached file is zipped and encrypted, security software will not be able to check the contents. In other words, if the file contains a virus, it is likely to be delivered to your inbox undetected.
.jpg)
▼ Zip files encrypted with passwords are at high risk of compromise.
Passwords-encrypted zip files are considered in the industry to be relatively simple to crack. Unlike website logins, encrypted zip files are easy for cybercriminals to access because unlimited password attempts are allowed.
▼ Emails may be vulnerable to interception or access in transit.
Emails pass through multiple servers between the time it is sent and received by the final party. If any part of an email is not properly encrypted, an attacker can easily eavesdrop on the contents. Therefore, passwords written in plain text are extremely dangerous.
▼ Wasteful measures reduce work efficiency
The PPAP process requires a great deal of time and effort on both the part of the sender and the receiver. Multiple steps are necessary to create and send the encrypted file by the sender. The receiver has to access the PPAP system via the first email, then open the second email to copy and paste the password. This inefficiency can result in a decrease in productivity.
Alternatives to PPAP
.jpg)
Let us look at an alternative to PPAP for businesses to send and receive files securely.
▼ Cloud storage is the safest measure.
The most secure alternative to PPAP, and one that is actually used most often, is the use of cloud storage to send and receive files. With cloud storage, specifically, files are often shared in the way described below.
For this article, we will use our Tsukaeru Filebako cloud file sharing service (client version) as an example.
After installing the Tsukaeru Filebako desktop client, files can be easily shared in the familiar Explorer format.
The beta version, scheduled for an early 2021 release, will allow passwords to be added to public links directly from Explorer, without having to access the browser version (web version).
1.Right-click on the file name to share and then select “Create Public Link.”
2.The password can be directly entered in the pop-up window that appears.
The password-protected file can be easily shared by providing the recipient with the created link.
The ability to share files via URLs with cloud storage solves all of the potential PPAP problems. There is no need to encrypt the file each time they are sent or send multiple emails.
▼ 2FA (two-factor authentication) settings provide even greater security.
Recently, two-factor authentication has been increasingly implemented as a security measure to prevent identity theft and unauthorized logins. In the past, users were only authenticated with an ID and password when logging in. However, now, another level of authentication is being added to strengthen the identification process.
Of course, this two-factor authentication feature is also available with Tsukaeru Filebako.
To implement, select “Security” then “Two-Factor Authentication” from the settings screen, and choose between "Email Address" or "Application."
If email address authentication is chosen, recipients will receive by email the authentication code needed to log in.
▼ Tsukaeru Filebako provides reliable security.
When choosing a cloud storage service, robust security measures are extremely important. For this reason, we recommend Tsukaeru Filebako, the cloud storage service from Tsukaeru mentioned earlier.
Tsukaeru Filebako is a full security, cloud storage service that is hosted on its own servers in Japan and allows the setting of expiration dates for shared links and the remote deletion of device data. It can be installed on the same day, is easy to use even for beginners, and has an affordable and simple fee structure.
A two-week free trial is also available (completely free of charge with no need to sign a contract!). Please take advantage of this opportunity to try it out for yourself.
Click here for Tsukaeru Filebako details.
Sign up for a free Tsukaeru Filebako trial.
Contact us at Tsukaeru.
<Sources>
*1 Workplace Reform Starting with Changing the Habit of Attaching Files to Emails (PDF, Japan Institute for Promotion of Digital Economy and Community)
2* Automatic Encryption ZIP Files Discontinued by Cabinet Office; Cabinet Secretariat – Digital Minister: "Inappropriate" (Nihon Keizai Newspaper)
*3 Sending files as email attachments (Japan Information Processing Development Corporation)
Recently, we hear more and more about "cloud storage.” It's a great match for remote work and is expected to gain even more popularity among companies. In this article, we'll discuss the basics of cloud storage and the safe and affordable cloud storage service, "Tsukaeru Filebako."
With the number of companies embracing remote work this year, using the cloud is becoming almost mandatory and will continue post-COVID-19. Cloud services will also become a commonplace tool in the future, even outside of traditional remote work. If you're unfamiliar with cloud services, it is important to familiarize yourself with the easy-to-use tools.
What is cloud storage?
Cloud storage can be defined as "a service that allows the storage of files on a server on the Internet."
Normally, files used for work are stored in a local environment, such as a computer or server located in a company building. However, with cloud storage, the files are stored in the "cloud" on a dedicated server on the Internet, which has the following advantages:
・Files can be accessed anytime, anywhere, from any device (perfect for remote work).
・Files can be easily shared within a company or department, or with external collaborators.
・In the case of disruption, such as system malfunction or infrastructure damage, the data is still protected and available in the cloud.
Unique Features of Tsukaeru Filebako
As a cloud storage service for corporations, Tsukaeru Filebako has additional unique features in addition to the general advantages of cloud storage mentioned above.
・Unlimited number of users. As many users as needed can be added without worrying about cost, each with a personal folder.
・Affordable price of 9,800 yen per month for 1TB capacity
・Functions exactly as normal server storage by accessing through Explorer file display function.
・In addition to SSL communication, double encryption with a secret key is implemented.
・When an account is no longer needed, it can be simply deleted. Easy to manage and keep secure. No additional administrative work for situations, such as changing passwords when a user of a shared folder leaves the company, is required when multiple users share an account.
・Easy to transfer whole folders between other cloud services with copy and paste functions.
With our free trial service, why not experience the convenience of cloud storage with Tsukaeru Filebako?
Click here for details on Tsukaeru Filebako
Free webinar on the use and benefits of Filebako!
Wednesday, September 9, 2020
14:00-14:30 pm (Japan time)
Tsukaeru will host a free webinar (online seminar) to learn about the functions and use of Tsukaeru Filebako. Anyone can attend for free with advance registration.
We look forward to seeing you there!
Click here for more information and to register for the free webinar.
Contact us at Tsukaeru.
Ransomware is one of the most damaging cyber attacks. If a system is compromised, the virus will encrypt the data, making it inaccessible. In order to regain access, a “ransom” must be paid to the attacker.
In the past, ransomware attacks mostly targeted individuals and companies in general. However, attacks have recently targeted medical institutions in increasing numbers.
Cyber attacks against medical institutions are increasing, but why?
Recently, ransomware attackers have been changing their strategies. After initially focusing on individuals, they shifted their focus to companies because of potentially larger ransom amounts. Of those companies, medical institutions have become a target of choice. The data involved contains vital information for effective healthcare, such as patient medical history, medications, etc. Due to the importance of this data and the urgency of its need, ransoms are more likely to be paid.
To make it worse, attackers are now taking advantage of the stress and confusion in the medical field caused by the Novel Coronavirus. In fact, there have been a number of cases overseas where hospitals struggling with the increased burden of Novel Coronavirus care were infected with ransomware and were forced to pay to regain access to data.
Increasing ransom costs and decreasing chances of total data recovery
Depending on the size of the medical institution, the ransom is often around a few million yen to 20,000,000 yen. There have been cases where more than 100,000,000 yen was required.
Also, there is a possibility that even if the ransom is paid, there is no guarantee that the data can be recovered completely. Based on previous attacks, there is only a 50% chance of complete data recovery.
Necessary protective measures for medical institutions
The first and most important step to combat ransomware is employee awareness of cybersecurity.
The chance of ransomware infection can be reduced by strictly following the following basic rules:
・Do not open suspicious email attachments and links.
・Check and confirm the address of each email.
・Do not use a simple password.
Regular seminars and training for employees is also important.
Be fully prepared with cloud backup
Of course, no matter how many precautions are taken, it is not possible to reduce the risk of ransomware infection to zero.
Therefore, regular backups are strongly recommended. By backing up important data in the cloud, in addition to the usual data storage, it can be quickly and completely restored from the backup, avoiding the need to pay a costly ransom.
Tsukaeru Cloud Backup is a popular cloud backup solution that is completely compatible with medical and other institutions. Peace of mind is provided by high-level security measures such as strict encryption using the latest AES-256 protocol and the built-in ransomware protection function “Active Protection” that utilizes AI technology.
If you are looking for a low-cost, high-security backup solution, please visit the Tsukaeru website to contact us for more information.
Currently, a 30-day free trial period is being offered.
Click here for details on Tsukaeru Cloud Backup
Contact us at Tsukaeru
In June, the restriction on crossing prefectural borders was lifted in Japan, and in Europe, there is a movement to gradually open borders. It seems that the world is slowly moving to the normality of the past.
However, after this unprecedented crisis, there is one thing that is unlikely to be completely restored even if the pandemic disappears: our way of working.
Three keywords for defining work in the post-Corona age
With the spread of the Novel Coronavirus, many companies experienced remote work for the first time. Now, it seems that more and more people will return to regular work in the near future, but even so, many managers believe that everything cannot be restored to what it once was.
In the post-Corona age, where productivity and work-life balance are more important than ever, the three keywords are “collaboration,” “flexibility,” and “security.”
■ Collaboration
Accelerating innovation through collaboration with other companies and the use of freelancers will become more and more common in the future. Collaboration with outside entities is an efficient way to create new value and profit in the shortest time possible.
■ Flexibility
From this experience, many will realize that remote work is in fact possible. From now on, not only large companies, but also small- and medium-sized ones, will accept more flexible work styles to some extent, according to employee circumstances and lifestyles.
■ Security
Strengthening information security is essential to promote the collaboration and flexibility mentioned above. Instead of a passive attitude of “implementing minimum measures,” a positive mindset of “always pursuing the best and latest security measures” is required.
Will cloud storage become commonplace in the post-Corona age?
In order to strengthen collaboration with others and promote more flexible working styles, it is important to create an environment that enables smooth and secure file exchange. However, project management and file version management can quickly become complicated with the use of conventional email attachments.
To meet this need, the use of cloud storage is rapidly expanding. Files can be easily uploaded and downloaded when needed and are always updated to the latest version. There is no need to keep track of which version was sent to who when. Another advantage is that it does not require labor or cost to operate the file server in-house.
Reasons to use Tsukaeru Filebako
Tsukaeru’s Filebako cloud storage service is used by many companies, organizations, and educational institutions nationwide. Here are some excellent reasons for this growing support:
■ Easy and smooth collaboration
Packed with functions that facilitate collaboration, such as shared folders that are ideal for teamwork inside and outside the company, and weblink sharing that allows hassle-free file sharing. The simple and attractive interface facilitates immediate use.
■ Fast flexibility and work style diversity introduction
Tsukaeru Filebako is perfect for remote work file exchange. The official app (iOS and Android) allows remote work anytime and anywhere.
■ Highest-level security and full support
In addition to SSL communication, double encryption with a secret key is provided. Access authority for each file/folder and device/login history confirmation is readily available. Customer support from highly-experienced in-house staff is always available to help.
To be better prepared for the post-Corona age, why not consider trying Tsukaeru Filebako? To learn more, especially about our exciting 14-day free trial membership, please contact us!
Tsukaeru Filebako service details
Please visit the Tsukaeru website to contact us for more information.
In response to the spread of the new coronavirus, "telework" is now attracting new attention. Since an increase in telework means a reduced risk of infection, the government has also called on industries to promote telework actively. Until now, telework has had a domestic penetration rate of less than 20% (Note 1), but that number is about to change dramatically.
Epidemics, earthquakes, fires… Now is the time to create a telework-ready environment in case of emergency.
Most people think of telework as something implemented across the board, with everyone working from home all day. Therefore, many companies dismiss it by saying "telework would never work for us." However, the most important thing is to prepare an environment where employees can switch to partial telework immediately in an emergency. That way, when an emergency occurs that makes telework essential, like the new coronavirus, you don’t have to panic, but can make a flexible response like "Let's incorporate telework in this department for one week, starting tomorrow."
Benefits of telework
The benefits of telework are not limited to the ability to hedge risks in case of infectious disease outbreaks and natural disasters. By creating a telework-ready environment, you can expect the following benefits:
・Reduced costs for the company (office space, commuting allowance, etc.)
・Reduced employee commuting time and stress
・Improved work-life balance and productivity
・Improved corporate image, leading to more effective branding and recruitment
・Decrease in turnover due to circumstances such as childcare and elder care
・Increased employee motivation and engagement
Telework Spreads to Large Companies
Telework is also being implemented in large companies symbolic of Japan. At JR East, which has started work-style reforms such as the abolition of core time, approximately 10,000 employees are eligible for telework, equaling about 20% of the total workforce. Nissan Motors has also fully introduced a telework system, and an estimated 2,400 employees have registered for it.
Other examples include Japan Airlines (JAL) which allows about 4,000 people to telework, excluding pilots and cabin attendants. Recruit gives all employees unlimited teleworking days, and Shiseido has approved telework for approximately 14,000 employees excluding beauticians.
Why cloud storage is “practically indispensable” for telework
In order to create an environment where telework can be implemented at any time, it is essential to have the necessary tools. Cloud storage (online storage) tops the list.
Cloud storage is a service that allows employees to share files and access materials easily, from home or on the go, by uploading files and folders to the cloud. With cloud storage in place, teleworkers don't have to send files as email attachments every time, or worry about losing USB memory sticks. Because it is a cloud-based service, capital investment and expensive initial investment are not required, and it can be introduced easily. It is ideal not only for telework but also for everyday use, because it backs files up automatically and makes teamwork more efficient.
The simple and speedy Tsukaeru Filebako
That said, common concerns about cloud storage include: "How do we know that an individual service is secure?" "We use a lot of foreign-made services; can it interface with those?" and "The pricing structure of business plans is complicated, and we’re worried about extra costs." The answer to all these questions is the Tsukaeru Filebako from Tsukaeru.net. It has the following characteristics:
・Familiar, easy-to-use folder-style file server. No need to spend time and effort training employees.
・Simple and easy-to-understand interface developed by Japanese companies. Comprehensive customer support by our dedicated staff.
・Simple, clear monthly or annual rate plans with no hidden costs or additional charges.
・Full security measures such as double encryption of communication and triple backup of data. All data is stored carefully in our own ISO27001 (ISMS) certified data center in Nagano (in operation for 20 years).
There is also a free 14-day trial, so please feel free to contact us at no risk!
In addition, for more than 10 years, Tsukaeru.net has established an environment in which all employees can telework securely anytime, anywhere by combining the Tsukaeru Dokodemo Office, Tsukaeru Filebako, and cloud PBX. This experience and know-how means the Tsukaeru.net telework consulting service is also highly regarded, and for a limited time, we’re offering free consultation (100,000 yen at the regular price)! We look forward to hearing from you.
Tsukaeru Filebako functions and fees
Contact Form
Note 1: 2019 White Paper on Information and Communications – Ministry of Internal Affairs and Communications
