With the upcoming All Saints Day and the long holidays brought about by the ASEAN Summit, the National Privacy Commission reminds Data Protection Officers (DPO) of government offices and private companies to protect their networks and data processing systems from data breaches by taking the necessary precautions.
The Commission would also like to remind individuals going out of town to secure their personal files as well as their homes, particularly during long weekends and holidays.
Personal data breaches have been known to happen during holidays because of the minimum compliment of personnel available during these times. The largest personal data breach in the country's history, the COMELEC data breach of 2016 happened during a long weekend, while Bangladesh bank heist which also involved a Philippine bank happened during a holiday.
Close to five thousand organizations that process personal data have registered their DPOs with the NPC.
The NPC recommends the following precautions to safeguard networks and personal data held by organizations.
- Place non-mission critical systems off-line especially those that contain or have access to personal data.
- For systems that are kept off-line, ensure that all system activities are recorded and the aforementioned logs are secure.
- Password protect or encrypt files and databases on servers, desktop computers and other devices.
- Conduct a backup of systems and databases.
- Information Security team needs to retain the ability to remotely monitor systems and be ready respond to any unusual activity.
- Discourage physical breaches by securing office premises adequately.
Privacy Commissioner Raymund E. Liboro likens the protection of personal data during long holidays to securing one's home when leaving for an out of town trip, "When one leaves for a long vacation or when you leave home for a long period of time unattended, you make sure that security precautions are in place to ensure that break-ins do not happen. The same way our Data Protection Officers (DPO) should ensure that their I.T. systems are secure, and that adequate physical security is in place during times of minimal staffing". Chairman Liboro said.
"Breach management protocols need to be in place to ensure compliance with the Data Privacy Act as well as minimize the damage brought about by the breach". Liboro added
Data Protection for individuals
For individuals going on the road for the holidays, Privacy Commissioner Liboro recommends doing the following for data protection measures for their devices: (in italics: direct quote from Privacy Commissioner Liboro)
1. Double-check if your laptop or mobile phone have been updated with
the latest security patches
"Being on the road or away from your home network would mean that data connectivity would be slow and quota is very limited, and so you won't be able to do this reliably"
2. Make sure your personal and work data are backed up securely
"Personal records and files that contain personal data, like passports, health records, bills or tax returns should be kept secure, and if they are no longer relevant, it's a good idea to destroy them by shredding them or burning them"
3. Turn off your home network router if nobody is going to be left at home
"Powered-off devices, not just home appliances will not only save you money from unnecessary electricity consumption, but also deny criminal an avenue to attack your home remotely."
4. Be aware of Phishing scams and fake websites
"Users need to be vigilant of emails and fake websites that aim to extract log-in credentials from unwary users. There has been an increase in these, and users need to be cautious in accessing their accounts from their own devices and most especially from shared devices"
5. Do not connect to Wi-Fi Networks you do not know.
"Just because a Wi-Fi network announces itself to having free internet it doesn't mean you should connect to it, only connect to official and trusted wireless networks of hotels and resorts."