As if there were few concerns that the coronavirus is causing us, we add one more that is directly related to the massive incorporation of a large part of the population to telework: it is about increasing the possibilities that the teams we work with from home are attacked by cyber criminals.
What is the reason for this increase? In another article on this blog We have already commented that the vast majority of companies in Spain were not prepared to implement teleworking before the arrival of this crisis (according to Eurostat, only 4% of Spanish workers usually carried out their tasks outside the offices). Therefore, the companies that have been able to implement it have done so at full speed. For this reason, there is a risk that the necessary protection measures could not be established, which, with more time, would have been more rigorous and perfectly adapted to private homes.
Cybercriminals have taken advantage of this situation of slower adaptation to installations to try to act on some point of weakness in the system when it comes to cyber protection . So much so that the CCN (National Cryptological Center) has alerted the population that the activity of cybercriminals is increasing in the form of ransomware , phishing , remote code execution, exfiltration of information …
Likewise, we can also consult the CCN document ” Safety recommendations for teleworking situations and reinforcement in surveillance ” with technical solutions for those who work remotely and with secure options to manage email from home. The best options for conducting virtual meetings are also indicated.
On the other hand, the National Intelligence Center (CNI), usually more oriented towards professionals in the Information Technology Departments, also makes the following recommendations to teleworkers .
- The first step is to make sure that your operating system and your antivirus are correctly updated.
- If you access your equipment remotely, exercise extreme caution. Do not use the same connection as for personal affairs and as far as possible use a trusted VPN.
- If you organize meetings remotely, avoid intrusions. Make sure that only scheduled users access the meeting and that they do so with a password.
- If you access the internet with your work team, use the VPN provided by your organization. It is important to establish a second authentication factor.
- If you receive emails from official institutions about the Covid-19, do not be tempted to open them. No official information will reach your email account.
- In any case, as a general advice for any file received from third parties, it activates the display of file extensions to avoid the execution of harmful code. Before opening it, check the file extension (.docx, .pdf, .xlsx, …) and check that it does not show any unusual pattern (.exe, .vbs, .ps1, .jar, .scr, .cpl, .cmd , etc.).
- And finally, since when haven’t you backed up? Remember that you should make regular backups. It is a preventive measure that will reduce the impact of possible incidents.
In fact they are rules that we all must follow when using equipment connected to home networks, regardless of whether we telework or do something personal. If those of us who telework momentarily in our homes, in these confining times, take into account and apply all these practical tips , we will be able to match the appropriate protection measures for our equipment to those we maintained in the corporate environment.