Main menu


What is the danger of "PPAP"

Actually dangerous, how to send a file by e-mail. What is the danger of "PPAP" that each company is promoting abolition?

When communicating with people inside or outside the company by e-mail, as part of security measures, there may be cases where a compressed file with a password is sent and then the password is sent by another e-mail. This method, called his PPAP, has become a habit in the country, but there is a widespread movement to abolish it these days. In this blog, we will explain why PPAP is being discontinued and alternatives.

What is PPAP?

PPAP is a method of sending a compressed file with a password by e-mail and then sending only the password by another e-mail, which is an acronym for a series of steps. Even if one of the emails is sent by mistake, the recipient cannot open the file, so security can be guaranteed. This is an information sharing method that has been adopted by many companies so far, but there is a risk that it will be used as a route for malware infection such as Emotet, which is increasing recently, and it is used by many companies including the government. Is abolished.

* Malware : A general term for software that adversely affects computers and IT systems.

* Emotet : A type of malware that has a strong spreading power. When infected, there is a risk of being a stepping stone for all cyber attacks, such as sending other malware.

▼ PPAP is a word with four initials

P = Send a compressed file with a password

P = send password

A = encryption

P = Protocol (procedure)

Dangers of PPAP

Slip through antivirus software

Antivirus software automatically checks emails for viruses, but it cannot check compressed files with passwords. Therefore, if the compressed file contains malware, the recipient's PC may be infected with the malware and cause information leakage.

The effect of security measures is weak

PPAP, which sends a compressed file with a password and a password by separate mail, has the same file and password transmission route. If one of the emails is stolen, it will be easier to snoop on the password sent from the same network, and both the file and the password may be stolen. At first glance, PPAP seems to be a security measure, but it is vulnerable to attackers.

Damage spreading from compressed files with passwords

There are endless cases of malware infection via password-compressed files. At one company, an employee's PC was infected with malware, leaking some personal information such as the names and email addresses of people inside and outside the company. Suspicious emails have also been confirmed from third parties disguised as employees. Malware infection via such password-compressed files causes leakage of personal information, which not only causes a great deal of inconvenience to customers and business partners, but also spreads to other terminals in the company and is even more powerful malware. In the worst case, such as becoming a foothold for infection, it may lead to a situation where the business cannot survive.

More companies are abolishing PPAP

November 2020 Government announces the abolition of PPAP

In November 2020, Takuya Hirai, then Minister for Digital Transformation, said that the method of sending a password by the same route as sending a compressed file with a password is not appropriate from the viewpoint of security measures and convenience of the recipient. And announced the abolition of PPAP in the Cabinet Office and Cabinet Secretariat. As a result, more and more private companies are abolishing PPAP.

Softbank also decided to abolish

In February 2022, Softbank also abolished the use of compressed files with passwords in email accounts used by employees for business in response to the recent increase in malware infection countermeasures.

* Reference: SoftBank Corp. " Notice Regarding the Abolition of Use of Compressed Files with Passwords at Our Company " "

It is expected that the movement of each company to "de-PPAP" will accelerate further in the future regardless of the size of the company.

How to securely share files

While many companies are pushing for the elimination of PPAP, exchanging files is essential for day-to-day operations. For file sharing other than email attachment, there is "online storage" that the government also uses as an alternative. In addition, "groupware" and "chat" are also effective for sharing within the company.