by Aerol John Pateña/Philippine News Agency
MANILA — The National Privacy Commission (NPC) reminded public and private offices to be vigilant against hackers and thieves during the Holy Week break.
In a statement on Wednesday, Privacy Commissioner Raymund Liboro said personal information controllers (PICs), personal information processors (PIPs) and data protection officers must ensure that the personal information they manage must be protected in view of the increased likelihood of cyberattacks during long holidays.
“The use of strong passwords is essential in protecting personal information from malicious intentions. One precaution that PICs, PIPs, and DPOs should do during the long break is password-protect or encrypt files and databases on servers, computers, and other devices in their organization. If necessary, change passwords,” he added.
The NPC urged offices to implement the following measures to ensure data security and protection:
– Place non-mission critical systems offline especially those that contain or have access to personal data.
– For systems that are kept offline, make sure that all system activities are recorded, and the logs are secure.
– Conduct a backup of files (digital and non-digital), systems (e.g. server access, files, logs), and databases. If possible, do not bring them outside the office such as in portable devices.
– Ensure that respective workstations are shut down properly and electrical connections are cut off accordingly.
– Discourage physical security breaches by securing office premises adequately. Keep personal valuables safe.
– Make sure all physical documents containing personal information are secure in locked file cabinets.
– Log out all accounts in computers.
– Ensure that proper system updates are done to ensure that your system and even computers are protected from threats and possible attacks.
– Appropriate intrusion detection systems (e.g. firewall, anti-virus) must be put in place and properly working.
– The organization should have a response and recovery plan that would be useful in times of emergencies, disasters, or even system attacks.
– Employees must be reminded and/or educated regarding the organization’s security measures that must be observed (e.g. accessing work documents outside the office premises)
“Digital and physical break-ins are more likely to occur during long breaks when there’s minimal staffing in offices,” Liboro said.
