In November 2020, the Japanese government's Minister of Digital Transformation, Takuya Hirai, announced that the Cabinet Office would discontinue the use of password-protected zip file email attachments (PPAP) for security reasons.
In today’s article, we will provide an overview of PPAP, its problems, and safe alternatives.
What is PPAP?
.jpg)
PPAP refers to the process of sending an encrypted file (with password) attachment in an email and then sending the password to unzip the file in a second email. As a part of security measures, this method is used by many companies and organizations, as well as government agencies in Japan.
The abbreviation "PPAP" was coined by IT consultant, Akira Ootaishi, and comes from the following terms (*1):
-
P: Password-protected file is sent.
-
P: Password is sent separately.
-
A: Encryption (“angouka” in Japanese)
-
P: Protocol
Do other countries use PPAP, or is it only used in Japan?
.jpg)
While PPAP is a common security measure in Japanese companies, in fact, it is rarely seen overseas where password-protected zip files tend to be viewed suspiciously and treated as potential virus vectors.
It is not clear why PPAP has become so popular in Japan, but it seems to be one of the unique business practices that have developed in Japan.
The history of PPAP
PPAP is widely used in Japanese companies, and in many cases, its use is even an official company security policy.
The origins of this practice can be traced back to the early days when email was first used for business purposes, and this method of sending password-encrypted zipped files by email and then providing the password through another channel (fax, paper document, etc.) was developed as a security measure.
The above method was thought to be useful in becoming a Privacy Mark certified entity and spread rapidly in Japan. However, faxing or sending paper documents became too cumbersome, so it was gradually decided that passwords could also be sent by email, simplifying the method. As a result, the use of PPAP in Japan has remained unchanged to this day.
Why is PPAP dangerous? Why is it being abolished by the Japanese government?
As mentioned at the beginning of this article, the Cabinet Office has decided to abolish the use of PPAP. (*2) In response, the Japan Institute for Promotion of Digital Economy and Community (JIPDEC), which operates the Privacy Mark system, has also officially announced the organization has never endorsed PPAP. (*3)
However, why is PPAP considered dangerous, and why is there a growing trend to abolish it? Below are five reasons:
▼ Sending encrypted zip and password separately by email provides limited protection.
There is little point in sending a password-protected zip file and the password in separate emails if hackers can access the email system. If the first email with the attachment is accessible, the second email with the password will be equally compromised.
▼ Security software cannot detect viruses in attachments.
Currently, many security software programs automatically scan email attachments for viruses. However, if the attached file is zipped and encrypted, security software will not be able to check the contents. In other words, if the file contains a virus, it is likely to be delivered to your inbox undetected.
.jpg)
▼ Zip files encrypted with passwords are at high risk of compromise.
Passwords-encrypted zip files are considered in the industry to be relatively simple to crack. Unlike website logins, encrypted zip files are easy for cybercriminals to access because unlimited password attempts are allowed.
▼ Emails may be vulnerable to interception or access in transit.
Emails pass through multiple servers between the time it is sent and received by the final party. If any part of an email is not properly encrypted, an attacker can easily eavesdrop on the contents. Therefore, passwords written in plain text are extremely dangerous.
▼ Wasteful measures reduce work efficiency
The PPAP process requires a great deal of time and effort on both the part of the sender and the receiver. Multiple steps are necessary to create and send the encrypted file by the sender. The receiver has to access the PPAP system via the first email, then open the second email to copy and paste the password. This inefficiency can result in a decrease in productivity.
Alternatives to PPAP
.jpg)
Let us look at an alternative to PPAP for businesses to send and receive files securely.
▼ Cloud storage is the safest measure.
The most secure alternative to PPAP, and one that is actually used most often, is the use of cloud storage to send and receive files. With cloud storage, specifically, files are often shared in the way described below.
For this article, we will use our Tsukaeru Filebako cloud file sharing service (client version) as an example.
After installing the Tsukaeru Filebako desktop client, files can be easily shared in the familiar Explorer format.
The beta version, scheduled for an early 2021 release, will allow passwords to be added to public links directly from Explorer, without having to access the browser version (web version).
1.Right-click on the file name to share and then select “Create Public Link.”
2.The password can be directly entered in the pop-up window that appears.
The password-protected file can be easily shared by providing the recipient with the created link.
The ability to share files via URLs with cloud storage solves all of the potential PPAP problems. There is no need to encrypt the file each time they are sent or send multiple emails.
▼ 2FA (two-factor authentication) settings provide even greater security.
Recently, two-factor authentication has been increasingly implemented as a security measure to prevent identity theft and unauthorized logins. In the past, users were only authenticated with an ID and password when logging in. However, now, another level of authentication is being added to strengthen the identification process.
Of course, this two-factor authentication feature is also available with Tsukaeru Filebako.
To implement, select “Security” then “Two-Factor Authentication” from the settings screen, and choose between "Email Address" or "Application."
If email address authentication is chosen, recipients will receive by email the authentication code needed to log in.
▼ Tsukaeru Filebako provides reliable security.
When choosing a cloud storage service, robust security measures are extremely important. For this reason, we recommend Tsukaeru Filebako, the cloud storage service from Tsukaeru mentioned earlier.
Tsukaeru Filebako is a full security, cloud storage service that is hosted on its own servers in Japan and allows the setting of expiration dates for shared links and the remote deletion of device data. It can be installed on the same day, is easy to use even for beginners, and has an affordable and simple fee structure.
A two-week free trial is also available (completely free of charge with no need to sign a contract!). Please take advantage of this opportunity to try it out for yourself.
Click here for Tsukaeru Filebako details.
Sign up for a free Tsukaeru Filebako trial.
Contact us at Tsukaeru.
<Sources>
*1 Workplace Reform Starting with Changing the Habit of Attaching Files to Emails (PDF, Japan Institute for Promotion of Digital Economy and Community)
2* Automatic Encryption ZIP Files Discontinued by Cabinet Office; Cabinet Secretariat – Digital Minister: "Inappropriate" (Nihon Keizai Newspaper)
*3 Sending files as email attachments (Japan Information Processing Development Corporation)
As the COVID-19 crisis drags on, many companies are continuing to rely on remote work more and more. While it is becoming more and more popular as it can lead to a better work-life balance, recently, "remote work fatigue" is becoming a common problem.
Remote work productivity: Japan is the worst!
Last month (November 2020), Oracle released an interesting study (*1) on the state of remote work around the world in the wake of the COVID-19 pandemic. According to the survey, the rapid growth of remote work and the reduction of commute times has increased the number of hours worked in many countries. However, the opposite is true in Japan, where 34% of respondents said that their work hours have decreased (21% increased).
In addition, 46% of Japanese respondents said that the COVID-19 pandemic caused a decrease in productivity, significantly higher than the 15% who reported an increase in productivity. This is in stark contrast to the majority of people in most other countries who say their productivity has increased.
The power of technology to improve remote work operational efficiency
Various factors have been identified for the slow increase in remote work productivity in Japan, such as the need for experts in the subject matter to work closely together or the difficulty in creating environments in the family home that allow for concentration on work matters.
Technology, especially the cloud, is gaining attention as a means of improving remote work efficiency as of late. In fact, this prolonged remote work period has led to a rapid increase in the introduction of cloud storage and business communication tools that are ideal for remote collaboration in Japan.
Tsukaeru FileBako is ideal for remote work collaboration
Tsukaeru FileBako is the perfect solution for improving productivity and collaboration in remote work. Files are stored on a cloud server rather than in a local environment, making them accessible anytime, anywhere, and from any device, all with industry-leading security. Internal file transfers can be completed in seconds, without the need for email attachments.
For more information on the features and benefits of Tsukaeru FileBako, please check out the service details page below. We're also currently running a 30% off offer until December 22, 2020, so feel free to contact us!
Click here for more information on the Tsukaeru FileBako service.
Click here for details of the Tsukaeru FileBako 30% off campaign (until December 22, 2020)
Tsukaeru will also be hosting a free webinar on December 10 and 11, 2020, a must-attend event for anyone considering implementing cloud services. This webinar will also include case studies of Tsukaeru FileBako, so please join us if you are interested.
Click here for more information and to register for the free webinar!
Contact us at Tsukaeru
(*1) : “AI@Work” survey – Oracle Japan
Recently, we hear more and more about "cloud storage.” It's a great match for remote work and is expected to gain even more popularity among companies. In this article, we'll discuss the basics of cloud storage and the safe and affordable cloud storage service, "Tsukaeru Filebako."
With the number of companies embracing remote work this year, using the cloud is becoming almost mandatory and will continue post-COVID-19. Cloud services will also become a commonplace tool in the future, even outside of traditional remote work. If you're unfamiliar with cloud services, it is important to familiarize yourself with the easy-to-use tools.
What is cloud storage?
Cloud storage can be defined as "a service that allows the storage of files on a server on the Internet."
Normally, files used for work are stored in a local environment, such as a computer or server located in a company building. However, with cloud storage, the files are stored in the "cloud" on a dedicated server on the Internet, which has the following advantages:
・Files can be accessed anytime, anywhere, from any device (perfect for remote work).
・Files can be easily shared within a company or department, or with external collaborators.
・In the case of disruption, such as system malfunction or infrastructure damage, the data is still protected and available in the cloud.
Unique Features of Tsukaeru Filebako
As a cloud storage service for corporations, Tsukaeru Filebako has additional unique features in addition to the general advantages of cloud storage mentioned above.
・Unlimited number of users. As many users as needed can be added without worrying about cost, each with a personal folder.
・Affordable price of 9,800 yen per month for 1TB capacity
・Functions exactly as normal server storage by accessing through Explorer file display function.
・In addition to SSL communication, double encryption with a secret key is implemented.
・When an account is no longer needed, it can be simply deleted. Easy to manage and keep secure. No additional administrative work for situations, such as changing passwords when a user of a shared folder leaves the company, is required when multiple users share an account.
・Easy to transfer whole folders between other cloud services with copy and paste functions.
With our free trial service, why not experience the convenience of cloud storage with Tsukaeru Filebako?
Click here for details on Tsukaeru Filebako
Free webinar on the use and benefits of Filebako!
Wednesday, September 9, 2020
14:00-14:30 pm (Japan time)
Tsukaeru will host a free webinar (online seminar) to learn about the functions and use of Tsukaeru Filebako. Anyone can attend for free with advance registration.
We look forward to seeing you there!
Click here for more information and to register for the free webinar.
Contact us at Tsukaeru.
