Teleworking may jeopardize the cybersecurity of a large number of Spanish companies

• S2 Grupo has pointed out that the lack of security in communication systems between employees’ homes and the company is one of the main access doors for cybercriminals.
• The cybersecurity company recommends the incorporation of encrypted communication systems, such as VPNs, that cyber-protect the information handled by teleworking.

  Valencia, March 18, 2020.- Given the decree of the Spanish Government of the state of alarm, many companies have opted for teleworking in order to continue operating. S2 Grupo has warned that most of the Spanish companies and organizations, although they have multiple cybersecurity mechanisms, are not prepared to be cyber-protected through teleworking and this could jeopardize their security. "Teleworking is an alternative to avoid contagion and to maintain economic activity. However, in Spain there are many SMEs and companies or organizations of any size, which had never considered it. In the current situation, they have practically been forced to implement it and many are not prepared for it, mainly, from the point of view of cybersecurity", said José Rosell, managing partner of S2 Grupo. “At the time when remote work is established, there is communication between a person's home and the office where the computers or data with which they have to work are located. This means that there will be data traffic between both places and this requires doing so with guarantees so that they cannot be captured by third parties, such as cyber-criminals”, explained Miguel A. Juan, managing-partner of S2 Grupo. The company has been pointed out that in order to cyber-protect companies or organizations, it is essential to establish a secure communication line between the place where the worker is and the company where the data is, since they can be very well shielded in their cybersecurity but there are leaks through the communication channel with the professional who works from outside the company working remotely. This is achieved through VPNs or virtual private networks, which are like tunnels through which protected data passes because it has been encrypted. “Companies are now responsible for the custody of a lot of data. Personal data, economic data, etc. When this communication is established, there is a risk that a cybercriminal will intercept these communications and obtain credentials that will then allow them to enter the company and access the information. This risk is minimized if VPNs are used”, clarified Miguel A. Juan. On the other hand, S2 Grupo has highlighted that another additional danger is that the worker's home environment is not part of the company's ICT network and does not follow the same cybersecurity criteria as the company. “A company can have all the security systems it wants, but the problem is that if this person at home has a computer connected to another computer that has a virus or malware, or that is on or is also used by children to download games or any application, a door of entry can be opened for cybercriminals to enter the company", said José Rosell. As they have reported, this is the most common way through which cybersecurity problems such as ransomware or requests for ransoms occur on a daily basis to companies, among others. "We can take precautions not to be contaminated by malware, but if an employee behaves poorly in cybersecurity, the company may be contaminated by malware or a cyber-attack", concluded Miguel A. Juan.   More information: prensa@s2grupo.es