- Open administration
The use of digital services increases by 11%: balance of the AOC 2023
Due to the alarm condition caused by coronavirus, many administrations and public bodies are promoting telework to ensure the continuity of their functions and services. Teleworking, however, can present cybersecurity risks if it is not planned in time, staff has not been adequately trained, and equipment and connections are not properly configured.. Given the current context of emergencies, this may not have been the case in many cases; for this reason we offer you one selection of the main basic protection measures to take into account that can help you to tele-work minimizing the security risks in the processing of the information of your organization.
It is essential to keep in mind that the current situation is very attractive for criminal "hackers" to steal passwords and hijack confidential information in exchange for a ransom. Cases of this type have occurred in recent months in public administrations with serious economic and reputational damage.
This selection was made with the aim of facilitating a practical and executive guide, aimed at non-expert users of medium and small public administrations, who do not have the resources to apply a complete and advanced security plan. We want to avoid over-information and make non-viable recommendations in the circumstances we are in. For users who are interested in delving into this topic, we provide additional links at the end of the guide.
These recommendations are general in nature. If your organization has its own cybersecurity guide, pay attention to that one.
Follow the safety instructions of the technological manager of your organization
Make use of the tools and applications authorized by your organization. If you need to use other solutions be careful and use only trusted applications.
Further…
From your home work team you will have access to the confidential information of your organization. Whether you are using a corporate computer or a personal computer, a series of protective and preventive measures must be taken into account. If you use a corporate work team, the most common is to comply with most or all of the recommendations through the security policies that the administrator has forced.
Make sure that your system and applications are up to date with the latest version of each of them and that automatic version updating is enabled.
- For Windows
- For MAC
Verify that your computer has an active anti-virus and anti-malware system.
- For Windows: active Microsoft Defender Anti-malware
- For MAC: install a market solution with a free version: Kaspersky, Avast, AVG, Bitdefender, etc.
Apply the screen lock automatically after ten minutes.
Further…
Avoid using unfamiliar and trusted WiFi public networks to remotely access the organization's services.
Further…
All the office documentation that you generate on the private computer that you use for tele and are not stored on the server of the organization, surely will not have an automated backup system. Therefore, it is recommended that you take the precaution of backing up.
Back up the documents generated locally through one of the following mechanisms:
- USB sticks: You should have previously cleaned or formatted the device to ensure that there is no risk
- External hard drive
- Cloud storage service authorized by the organization
Use, whenever possible, access to digital certificate information systems or dual factor authentication systems to prevent theft of your password. (Dual-factor systems are based on one-time codes that are sent via SMS or to an APP)
Use complex passwords: combination of special characters, upper and lower case letters and numbers.
Don't write corporate passwords anywhere
Si you install digital certificates in software on your personal computer (TCAT-P, idCAT Certificate) uses the "Enter Password for private key" option: this way you can only use the digital certificate if the password is known.
Further…
Avoid browsing unsecured pages and avoid installing any questionable software or content.
Further…
El Phishing is a type of cybercrime that consists of sending fraudulent emails with the aim of stealing your password or other personal information. It is one of the most used scams by computer criminals. The operation of the phishing is simple: it receives an email, with a legitimate appearance asking to update, validate or confirm information through a link. After clicking on it, you will be redirected to a fake web page, where the password or other data is stolen.
Do not click on links, or download any attachments from suspicious emails. Suspicion of emails asking for unusual actions to reset passwords. Check the sender's address (not the alias) for seemingly legitimate emails.
Further…
Close all connections to information systems and corporate websites.
Back up any local documents that you worked on that are not covered by the corporate backup.
Plus…
Users who wish to extend this information are encouraged to visit the following specialized websites:
This set of recommendations has been developed from AOC's own resources, from the guidelines of the Catalan Cybersecurity Agency, the Catalan Association of Telecommunications Engineers (Telecos.cat), consultants Genís Margarit Contel and Cristina Ribas Casademont, and the documents in the “More information” section.
From AOC we would like to thank all the selfless and proactive contributions we have received and which are very useful and valuable at this time to guarantee the security of public sector information systems.