Filipinos urged to protect data, be safe online during Holy Week
MANILA, Philippines (UPDATED) – The National Privacy Commission (NPC) reminded government agencies, businesses, and individuals to protect personal data during the Holy Week.
In a statement on Wednesday, April 17, the NPC recommended the following actions:
- Place non-mission-critical systems offline, especially those that contain or have access to personal data.
- For systems that are kept offline, ensure that all system activities are recorded and the system logs are secure.
- Back up files, systems and databases. If possible, do not bring them outside the office such as in portable devices.
- Ensure that workstations are shut down properly and electrical connections are cut off accordingly.
- Discourage physical breaches by securing office premises adequately.
- Make sure all physical documents containing personal information are secure in locked file cabinets.
- Log out all accounts in computers.
- Ensure that proper system updates are done so that the system and even computers are protected from threats and possible attacks.
- Ensure that appropriate intrusion detection systems (like firewall and anti-virus) are in place and properly working.
- Ensure that the organization has a response and recovery plan that would be useful in times of emergencies, disasters, or even system attacks.
- Ensure that the employees are reminded and educated about the organization's security measures.
The privacy body issues these reminders every year. This is to prevent incidents like the Commission on Elections' leak of voters' data, which took place during the Holy Week break in 2016. (READ: What have we learned a year since 'Comeleak'?)
In 2017, NPC Commissioner Raymund Liboro likened these measures to what people do when going on vacation or leaving home for a long period of time.
"You make sure that security precautions are in place to ensure that break-ins do not happen. The same way our DPOs should safeguard their IT systems, as well as ensure that adequate physical security are in place during times of minimal staffing," said Liboro.
He also pointed out that the banking sector is vulnerable to data breaches. "The Bangladesh bank heist of 2016 also happened on a long weekend (Chinese New Year)," he said.
The agency's website contains information and tools for DPOs and citizens. (READ: NPC outlines 90-day plan for data protection officers)
Tips for individuals
Liboro then issued reminders to individuals for the protection of personal data on their devices during the holidays:
- Double-check if your laptop or mobile phone has been updated with the latest security patches. "Being on the road or away from your home network would mean that data connectivity would be slow and quota is very limited, and so you won't be able to do this reliably," said Liboro.
- Make sure your personal and work data are backed up securely. "As history has shown in dramatic fashion, both the Bangladesh central bank and 'Comeleak' incidents were done during long holidays, as this is a preferred time for criminals to act online."
- Turn off your home network router if nobody is going to be left at home. "Powered-off devices, not just home appliances, will not only save you money from unnecessary electricity consumption, but also deny criminals an avenue to attack your home remotely."
- Be aware of phishing scams and fake websites. "Users need to be vigilant of emails and fake websites that aim to extract log-in credentials from unwary users. There has been an increase in these, and users need to be cautious in accessing their accounts from their own devices and most especially from shared devices."