July 6, 2020 / COVID-19 / by Janeth Giordano, Jr. Associate of Telecommunications, Media, and Technology
The changes caused by the global pandemic that we are experiencing due to Covid-19 have had multiple implications for the development of both personal and work lives of the majority of the world’s population.
One of these changes is the implementation of teleworking as a measure to maintain the operation of organizations and guarantee the health and safety of their employees during the health crisis. Although this form of work was already applied by some companies as part of their work scheme, the truth is that most of them were not prepared to take the leap and adopt a completely remote operation.
The transition to teleworking, also called home office, has represented an important opportunity to assess the needs for office space and to reinforce areas that were not considered before, such as cybersecurity, which in many cases was not considered a priority issue, but which, being forced to implement these new forms of communication and work, they are essential.
The new paradigm that massive teleworking represents has also led to an exponential growth in cyber attacks that, in the midst of the crisis that has been generated, seeks to take advantage of and exploit vulnerabilities in the systems and critical infrastructure of companies, through different threats.
In this sense, the Ministry of Communications and Transportation has published the Cybersecurity Guide for the safe use of telecommunications networks and devices in support of teleworking[1], which lists a series of general recommendations to minimize the risks and threats derived from the exposure of the personnel when performing remote work.
Thus, the main threats include malware, also known as malicious code, which refers to computer programs that are hidden in a device and that seek to compromise the confidentiality, integrity, or availability of data, applications, or the operating system (viruses, worms, Trojans, rookits and spyware)In addition to threats related to social engineering such as phishing, smishing, and vishing by means of which they seek to trick people into revealing confidential information either through an email, an SMS text message, or a call phone, which appear to be authentic.
Some of the recommendations for safe telecommuting include:
- Keeping operating systems and applications of computers, tablets or cell phones updated.
- Activating protection features such as firewalls.
- Installing and keeping antivirus updated.
- Securing the Wi-Fi network used, using a password other than the default one, and prevent access to public Wi-Fi networks.
- Setting different passwords for computers or files avoiding simple combinations. It is recommended that these are not stored in computer or physical files and that they are not shared with third parties.
- Verifying the authenticity of emails, SMS text messages, conference links, and calls received from unknown senders.
- Checking the reliability of the websites visited and making sure that the address starts with “https”.
- Knowing and applying “private browsing” and “safe browsing” functionalities, deactivating geographic location sharing, and logging out at the end of its use.
- In the case of cloud services, knowing the conditions of use and the privacy policies of the service to be used. Avoid uploading sensitive information with public or open access.
- Periodically backing up the information stored in the cloud and closing assignment at the end of activities.
- In relation to the use of teleconferences, it is recommended to download, install, and update the applications from the official website of the provider of said product or from the official app stores, as well as to protect the links to said teleconferences through strong passwords.
- Using, in case it is not provided by companies, a VPN virtual private network for its acronym in English, which allows a secure connection through the Internet between users and services or web pages.
Although most organizations that were already familiar with the teleworking scheme already incorporated many of these recommendations in their own security policies, there will be cases, for example, in which under the policy known as BYOD or Bring Your Own Devices, the employee must use their own devices for teleworking, which generally do not have the same use and security policies, in which case it is very useful to attend to this type of recommendation.
BGBG puts at your disposal its legal services to assist you in:
- Comprehensive compliance evaluation in accordance with the Federal Law on Protection of Personal Data Held by Private Parties
- Evaluation of specific compliance with physical, technical and administrative security measures in accordance with the LFPD and international best practices.
- Evaluation and, where appropriate, amendment, and implementation of policies to protect the computer assets of your organization.
- Continuous consulting on compliance with personal data protection regulations and international best practices for the generation and implementation of policies and processes for the protection of the organization’s assets.
For more information, do not hesitate to contact us at the following emails
cbello@bgbg.mx / jgiordano@bgbg.mx
[1] https://www.gob.mx/cms/uploads/attachment/file/555226/Gui_a_de_Ciberseguridad_SCT_VF.pdf
Pro Bono Leading Lights 2020