July 6, 2020 / COVID-19 / By Janeth Giordano, Jr. Associate Telecommunications, Media and Technology
The changes caused by the global pandemic we are experiencing due to Covid-19 have had multiple implications for the development of both the personal and working lives of the majority of the world’s population.
One of these changes is the implementation of home office as a measure to maintain the operation of organizations and ensure the health and safety of their employees during the health crisis. Although some companies already applied this way of working as part of their business scheme, the truth is that most of them were not prepared to take the leap and adopt a completely remote operation.
The transition to remote work, also called home officehas represented an important opportunity to evaluate office space needs and to reinforce areas that were not previously considered, such as cybersecurity, which in many cases was not considered a priority issue, but which have become indispensable when forced to implement these new forms of communication and work.
The new paradigm represented by the massive home office has also led to an exponential growth of cyber-attacks which, in the midst of the crisis, seek to take advantage of —and exploit— vulnerabilities in the systems and critical infrastructure of companies through various threats.
In this regard, the Ministry of Communications and Transportation has published the Cybersecurity Guide for the secure use of telecommunications networks and devices in support of home office
, which lists a series of general recommendations to minimize the risks and threats derived from the exposure of personnel when working remotely.
Thus, the main threats include malware, also known as malicious code, which refers to computer programs hidden on a device that seek to compromise the confidentiality, integrity, or availability of data, applications, or the operating system (viruses, worms, Trojans, etc.), rookits, and spyware). In addition to threats related to social engineering such as phishing, smishing, and vishing, through which people are tricked into revealing confidential information either through an email, SMS, or phone call that appear to be authentic.
Some the recommendations for safe home office include:
- Keep operating systems and applications of computers, tablets, or cell phones up to date.
- Activate protection functionalities such as firewalls.
- Install and keep antivirus up to date.
- Secure the Wi-Fi network available using a password other than the default one and avoid accessing public Wi-Fi networks.
- Set different passwords for computers or files, avoiding simple combinations. It is recommended that such passwords are not stored in computer or physical files and that they are not shared with third parties.
- Verify the authenticity of emails, SMS, conference links, and calls received from unknown senders.
- Verify the trustworthiness of the websites visited; make sure the URL starts with “https”.
- Know and apply “private browsing” and “secure browsing” functionalities, disable geo-location sharing, and log off when you finish using them.
- In the case of cloud services, know the use terms and privacy policies of the service to be used. Avoid uploading sensitive information with public or open access.
- Periodically back up the information stored in the cloud and close the session at the end of activities.
- Concerning teleconferences, it is recommended to download, install, and update the applications from the supplier official website of the product or the official app stores, as well as to protect the links to such teleconferences using strong passwords.
- If not provided by the companies, use a virtual private network (VPN), which allows a secure Internet connection between users and services or web pages.
Although most organizations already familiar with the home office scheme previously incorporated many of these recommendations in their own security policies, there will be cases in which, for example, under the policy known as BYOD or Bring Your Own Devices, the employee must use their own devices for home office, that generally do not have the same use and security policies, in which case it is beneficial to address these types of recommendations.
BGBG offers its legal services to assist you in:
- Evaluation of integral compliance under the Federal Law on the Protection of Personal Data in Possession of Private Parties
- Evaluate specific compliance with physical, technical, and administrative security measures under the Federal Law on the Protection of Personal Data in Possession of Private Parties and international best practices.
- Evaluation and, if necessary, modification and implementation of policies to protect your organization’s IT assets.
- Continuous consulting on compliance with personal data protection regulations and international best practices for the generation and implementation of policies and processes to protect the organization’s assets.
For more information, please do not hesitate to contact us at the following e-mail addresses