Japan’s Ministry of Economy, Trade and Industry has published recommendations on cyber security. They are addressed not only to managers of government agencies and critical infrastructure companies, but also to other companies and organisations. In doing so, the Ministry wishes to raise awareness of the threat of cyber attacks and encourage measures to strengthen protection against them. The Ministry recommends:
- identifying and reducing risks,
- ensuring early detection of threats,
- ensuring appropriate response and means of recovery in the event of an incident.
The ministry stressed that risks can be reduced by using more complex passwords, confirming access privileges, using multi-component authentication and removing unnecessary accounts. Organisations should know the status of information assets, including devices belonging to the Internet of Things (IoT). In doing so, the Ministry points out that vulnerabilities in network security are often exploited in attacks. Staff, on the other hand, should be particularly sensitive to email attachments. Organisations should also implement and follow a procedure for backing up and recovering data in case of loss, prepare for incidents, review their incident response procedure, and prepare an internal and external communication system for reporting information security incidents.