Friday, September 22

The double standard of the State against teleworking: companies must provide equipment, the administration does not

The pandemic caught us all, without a doubt, by surprise, and the General State Administration (AGE) was no exception. Overnight going to the same office as always posed a significant risk to the health of workers, and many organizations, including public ones, they opted for a part of their employees to work at home.

The suddenness and unexpectedness of the change meant that, in many cases, those officials who left to telework had to use personal devices to continue carrying out their work due to the lack of State resources to provide each of them with adequate professional equipment, according to Explain to Xataka the unions Workers’ Commissions (CCOO) and the General Union of Workers (UGT). A circumstance that the Government plans to extend at least until December 2023, according to the draft teleworking decree for public employees.

This moratorium draws particular attention because represents unequal treatment when compared to what the law requires of private sector employers that have part of their workforce teleworking. “The Distance Work Law, in its third transitory provision, specifies that companies are obliged to provide the means, equipment, tools and consumables required for the development of remote work, as well as the necessary maintenance,” he explains. to Xataka Raul Rojas, law firm partner ECIJA expert in labor law.

The law requires this even in cases where remote work is used exceptionally as a health containment measure derived from Covid-19, and, of course, also in agreements to formalize long-term telework, for which the State obliges employers to offer rights to their employees that the Administration itself does not give to its own.

From the Ministry of Finance and Public Function they explain to Xataka that this moratorium responds to the need on the part of the State to have the necessary time to carry out a correct planning of the existing resources for the implementation of teleworking, and they hide behind the fact that it has been negotiated with the unions. But they do not make any comment about the disparity of criteria between what they ask their officials and what the State demands from the private sector.

They also point out that the ordinary modality of provision of services right now is face-to-face, and that officials can only take advantage of teleworking for 20% of their working day, that is, one day a week, with the exceptions of cases in which the worker is classified as especially sensitive for medical reasons or is in mandatory quarantine situation by Covid.

The state covers its back

Until now, the establishment of face-to-face attendance as an ordinary work modality serves the State to cover its back, as Xataka has learned. Because the Distance Work Law of the private sector only regulates labor relations between the company and employees who telecommute at least 30% of their working day. Therefore, Until now, it would not be demanding anything from entrepreneurs that it does not establish for its own operation..

The General State Administration decreed last September that its officials should return to the office for at least four days from October 1. Until then, public workers they had the possibility of teleworking up to four days a week. This requirement has been maintained even with the increase in infections that we have experienced in recent weeks, the unions explain.

That same October 1 was when the Distance Work Law established that it would begin to sanction companies that fail to comply with the conditions set out in the teleworking agreement, including the provision of the necessary professional devices for all those employees who work more than 30% of their workday remotely.

However, once the royal decree that will regulate the teleworking of civil servants is approved, and that will allow them to work remotely for up to 60% of their working day -presumably, starting next summer-, the moratorium planned by the Government will create a situation of inequality between public institutions and private companies, at least on paper. In practice, several sources from the private sector consulted by Xataka indicate that they do not know of cases of sanction for breaching the Remote Work Law, which leads them to think that the State is not being too strict in this regard, at least for the moment. .

We telecommute better and better: remote productivity has skyrocketed since the start of the pandemic

A cyber security problem

Beyond the damage that these circumstances entail for civil servants and the inequities they create between the public and private sectors, they are also a problem for all citizens, since using personal devices for work can lead to cybersecurity issues which, in the case of the Public Administration, are especially serious given the sensitivity of the data they handle.

In fact, the Administration itself, through the Internet Security Office, a service that belongs to the National Cybersecurity Institute (INCIBE), discourages the use of personal devices for professional purposes because, as he points out, if the computer is infected, it can end up infecting the company’s server, critical information can be lost by not having backup copies, and confidential information can be revealed by not using encryption mechanisms to protect it.

Officials who telework on personal computers consulted by Xataka explain that the Administration has taken several cybersecurity measures, such as programs that allow them to connect remotely safely through a VPN, although computer security experts questioned by this means in this regard consider these precautions insufficient.

If you lower your salary, it is not a four-day workweek, it is a reduction in hours: the controversy over the cuts that confronts companies and unions

“VPNs are safe, of course, but there are things they don’t protect against. If your computer is compromised by a Trojan, it doesn’t matter if you have a secure connection to a virtual desktop, because the malware has access to everything, it can enter certain applications and even take screenshots. Personal teams will always be more exposed, because you don’t have professionals to ensure that everything is fine“, Explain Deepak Daswani, cybersecurity expert. It also points out that VPNs are not infallible and can be compromised.

If the equipment is used for different purposes, he points out, it may have been previously compromised or compromised in your personal use. Furthermore, these devices are often used by more than one family member, who may unknowingly download malware by not having the precautions that the worker can have.

A secure connection is useless if we later leave the computer in our house without blocking. Could our son or daughter unintentionally do something to compromise the equipment while we’re not around? The answer is yes”, says Rafael García, CTO of the cybersecurity company Hack by Security.

Hybrid work, telecommuting, full remote… What does all the new terminology associated with work flexibility mean?

The anger of the unions

Trade union organizations have denounced this circumstance because they consider that the State should take charge of both the equipment from which its employees work and other expenses derived from carrying out their professional activity at home. And, although you can understand that in the first moments of the pandemic, officials’ personal devices were used in an exceptional way to deal with a totally unexpected situation, They think it’s taking too long..

“Right now there is no organization in this regard within the Administration, but the problem of having to continue offering public services far from the offices has been responded to as best it could. It is a patch”, says Javier Martínez, communication secretary of the Sector of the General Administration of the State of the CCOO.

From the UGT, on the other hand, they point out that it is not acceptable that public employees endanger their personal equipment and invest their own resources -for example, in an internet connection- to keep state services running. “The SEPE cyberattack affected some personal computers of officials who worked remotely, and the Administration has not taken care of the necessary repairs. We do not have to take that risk on our computers”, exemplifies Antonio González, spokesman for UGT-Public Services in the AGE sector.

The sanctions for breaching the Teleworking Law begin to be applied today: very serious offenses can receive fines of up to 225,000 euros

The unions also explain that many officials have agreed to make their devices available to the Administration because it was the only alternative they were offered so they didn’t have to go back to the office.

In other cases, given the impossibility of State bodies to provide their employees with adequate equipment to work remotely, mainly for budgetary reasons, and the lack of adequate personal devices, some officials had to take their desktop computers home. The unions also explain that some organizations have delivered the appropriate equipment to their workers to telecommute, although they emphasize that they are the least.

More than 1,000 cybercriminals arrested in an Interpol macro-operation: they used fake investment apps or 'The Squid Game' to scam

no training

In addition, the unions denounce that To date, employees who work remotely have not received any type of training to handle teleworking tools, although this is something to which the Government has committed in the royal decree that will regulate the remote work of public employees. Therefore, once it is approved, you will have to do it.

We are not aware that there has been any type of training of staff who have switched to teleworking Until now. The Ministry of the Interior has been the only one, at least to our knowledge, that has sent three emails with basic information such as ‘do not open an email from an unknown sender’ or ‘do not click on links that reach you by SMS on your mobile’, but they were more informative than educational”, explains Javier Martínez, from CCOO. From UGT confirm this information.

“The worker must receive training yes or yes, to follow the minimum security measures with the equipment, such as the use of passwords to access, disk encryption, the use of an antivirus or the creation of backup copies, among others. Also so that he is aware that this device should only be used for one purpose, the professional, and that he should not play games or download personal files with it while using it for work”, explains Rafael García.

I have negotiated with crackers in a ransomware attack: they asked us for 1 bitcoin or we lost all our information

The officials consulted by Xataka also explain that the devices they have used to telework have not been reviewed by the IT teams of the organizations in which they perform their duties, and that they themselves had to install the necessary programs to work remotely from an email that was sent to them at the beginning of the pandemic, in which they specified the instructions to do so. If the employee had any questions, they point out, he could call a telephone to have it resolved.

They also explain that the programs they were ordered to install they checked the equipment to make sure everything was up to date and, if not, he asked them to do so.