Cybersecurity for the Border: Navigating Challenges in El Paso
- Brandon Alsup
- Jun 2
- 6 min read
Updated: Nov 4
El Paso’s business community has always thrived on resilience, grit, and cross-border opportunities. However, this unique geography also presents cybersecurity challenges that are not common in most areas of the United States. At Kosh, we’ve collaborated with logistics and manufacturing clients in El Paso and Santa Teresa. We've learned that cybersecurity is not just a technical issue; it’s also a cultural and operational one.
Cross-Border Data, Cross-Border Risks
While it’s common to view “cyber threats” as global, businesses in El Paso sit at a literal international crossroads. Data moves across borders as freely as freight. Yet many companies do not fully grasp how regulatory compliance, data privacy, and supply chain exposure are affected when operating in a binational context.
Is your customer data stored in the U.S. or Mexico? / ¿Sus datos de clientes están almacenados en EE.UU. o en México?
Are your vendors using cloud-based platforms headquartered elsewhere? / ¿Sus proveedores utilizan plataformas en la nube con sede en otros países?
Do your IT policies account for both U.S. and Mexican regulatory standards? / ¿Sus políticas de TI contemplan las normativas de EE.UU. y México?
You don’t have to be a Fortune 500 company to face compliance scrutiny. Mid-sized manufacturers and distributors are expected to meet security standards set by larger partners, often without the necessary internal expertise.
Important First Steps
To increase your cybersecurity posture, consider taking the following initial steps:
Discuss with your IT Provider: Have a conversation about where your cloud services physically store data. / Hable con su proveedor de TI sobre dónde se almacenan físicamente sus datos en la nube.
Review Contracts: Scrutinize contracts with vendors and partners to identify any data compliance language. / Revise los contratos con proveedores y socios para identificar cláusulas sobre cumplimiento de datos.
Consult Legal Advisors: Ask your legal or compliance team (or consultant) about specific obligations under both U.S. and Mexican laws. / Consulte con su equipo legal o de cumplimiento sobre las obligaciones específicas en ambas jurisdicciones.
Spanish-Language Phishing & Cultural Targeting
There has been a notable increase in phishing scams and ransomware kits targeting Spanish-speaking users. These messages are becoming increasingly sophisticated—they are not just poorly translated anymore. They incorporate familiar regional phrases, reference local logistics providers, and even mimic vendors or government agencies in both nations.
A Real Example
A scam email pretends to be from "Aduanas El Paso," warning users of delayed shipments and linking to a fraudulent tracking form. Written in fluent Spanish, it references a real location and resembles a normal business email—until you hover over the link and discover its URL doesn’t match the official site. The email tone may also seem slightly off or too urgent. Clicking it could lead to malware installation.
Be Aware of Signs:
The sender uses an unfamiliar domain. / El remitente usa un dominio extraño.
The tone is overly urgent. / El tono es demasiado urgente.
The link doesn’t match the official website. / El enlace no coincide con el sitio oficial.
This is why having bilingual staff and implementing Spanish-language phishing awareness training are crucial. It’s essential to understand the cultural and industry-specific nuances that attackers could exploit.
If you're uncertain about what constitutes a risky email or wish to verify your current systems, start with a cybersecurity assessment.
El Paso’s Strength Is Also Its Vulnerability
If you’ve done business in El Paso for any time, you know relationships are key. This community thrives on loyalty, family ties, and taking care of local partners. However, that same trust can be exploited by bad actors.
The instinct to trust familiar email addresses, click on invoices from known suppliers, or skip two-factor authentication because "we know them" is precisely the environment attackers depend on.
Instead of viewing this trust as a liability, we urge clients to extend that same loyalty to cybersecurity. Protecting the systems your team, vendors, and customers rely on encapsulates that trust.
Next Steps: What to Do Now
Review Cross-Border Data Flows:
Identify where your information resides and which laws apply.
Consult your cloud provider about data residency. / Pregunte a su proveedor de nube sobre la ubicación de los datos.
Check where your backups are kept. / Verifique dónde se guardan sus copias de seguridad.
Assess whether sensitive data is shared with cross-border partners. / Evalúe si comparte datos sensibles con socios que operan en ambos lados de la frontera.
Implement Spanish-Language Cybersecurity Training:
Go beyond mere translation—tailor the training to include real examples from logistics and manufacturing. / No se limite a traducir—adapte la capacitación a ejemplos reales del sector logístico y manufacturero.
Utilize phishing simulations that highlight common Spanish-language scam tactics. / Use simulaciones de phishing que reflejen tácticas comunes en español.
Conduct Supply Chain Vetting:
A weak link in your vendor chain can pose significant risk.
Inquire: What cybersecurity protocols do you follow? / ¿Qué protocolos de ciberseguridad siguen?
Do you require MFA (multi-factor authentication) for your systems? / ¿Exigen autenticación multifactor (MFA)?
Have you conducted a security audit in the past year? / ¿Han realizado una auditoría de seguridad en los últimos 12 meses?
Frame new conversations around mutual trust: “We value our relationship and want to ensure we’re both secured.” / “Valoramos nuestra colaboración y queremos asegurarnos de que ambos estemos protegidos.”
Consult a Trusted Advisor:
You don’t need a full-time Chief Information Security Officer (CISO) to start creating a solid plan.
At Kosh, we help organizations understand their vulnerabilities, plan enhancements, and communicate security maturity to their customers and partners. / En Kosh, ayudamos a las organizaciones a entender sus riesgos, planificar mejoras y comunicar su madurez en ciberseguridad.
Learn more about what cyber insurance entails—and what it does not cover.
Understanding Cross-Border Compliance: What El Paso Businesses Must Know
Logistics and manufacturing firms operating along the El Paso–Juarez border need to manage cybersecurity risks while navigating a complex legal landscape that spans U.S. and Mexican regulations.
Key Mexican Requirements
LFPDPPP: Consent for data collection, enforcing ARCO rights, notifying INAI of breaches, and appointing a Data Protection Officer (DPO).
Security Standards: Although specific technologies aren't mandated, aligning with ISO 27001 or NIST is advisable.
Programs like NEEC: Trusted trader programs require secure data, personnel verification, and cargo monitoring.
Related U.S. Regulations
State-specific laws such as CCPA (California), HIPAA (healthcare), and the new Maritime Cybersecurity Rules for transportation.
C-TPAT: (Customs-Trade Partnership Against Terrorism) closely parallels NEEC for logistics and customs operations.
Common Risk Areas
Breach Notification Timelines: Mexico requires breach notifications within 72 hours; Texas permits 45 days. Are you prepared for both?
Data Flow: Under the USMCA agreement, data can legally cross borders, but rules from each jurisdiction apply.
Vendor Compliance: You may be liable if a vendor's poor security results in a breach. Conduct thorough vetting.
Implementing Best Practices
Develop incident response plans that comply with both jurisdictions.
Perform regular audits, revising policies to align with both national and international standards.
Stay updated on Mexico’s pending cybersecurity legislation, as it could rapidly change expectations.
In border cities like El Paso, cybersecurity is vital not only for defending your business but also for maintaining trust in a shared economic environment. Businesses in El Paso don't just seek generic IT support; they require partners who understand regional dynamics—who can speak the language, comprehend relevant industries, and navigate cultural landscapes.
If this sounds like what your business needs, contact our El Paso team. / Si eso es lo que necesita su negocio, hablemos.
Resources for a Deep Dive into Laws, Regulations, Compliance, and Best Practices
Here are essential official links and resources to explore critical Mexican and U.S. cybersecurity, data protection, cross-border compliance requirements, and best practices:
Mexico: Official Laws, Guidelines, and Best Practices
Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP)
- Overview and guidance (INAI, English): Guide to the Protection of Personal Data in Mexico (PDF)
- Privacy Impact Assessment Guide (INAI, Spanish): Guía para la elaboración de evaluaciones de impacto a la privacidad (PDF)
National Data Protection Authority
- INAI (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales)
National Cybersecurity Strategy
United States: Official Laws, Guidelines, and Best Practices
General Data Protection and Privacy Laws
Cybersecurity Standards and Best Practices
Customs and Border Security Programs
Cross-Border and Bilateral Best Practices
U.S.-Mexico Cybersecurity Cooperation and Best Practices
These resources offer direct access to official laws, guidelines, and frameworks for both Mexican and U.S. requirements, as well as insight into cross-border best practices and collaboration.
Disclaimer
The information contained in this communication is intended for limited use for informational purposes only. It is not considered professional advice and is general information that may or may not apply to specific situations. Each case is unique and should be evaluated independently by a professional qualified to provide advice tailored to protect your individual situation. Kosh is not liable for improper use of this information.
Comments