NPC advisory: Secure data systems before taking Holy Week break
(File photo from AP)
The National Privacy Commission (NPC) reminded business and government agencies on Tuesday to secure data processing systems before going on their Holy Week break,
Netizens should also be alert and be mindful online safety during the long weekend, the NPC added.
In a statement, NPC Chairman Raymund Liboro likened the protection of personal data during long holidays to securing one’s home when leaving for an out of town trip.
“When one leaves for a long vacation or when you leave home for a long period of time unattended, you make sure that security precautions are in place to ensure that break-ins do not happen,” Liboro said. “The same way our DPO’s should safeguard their information technology (IT) systems as well as ensure that adequate physical security are in place during times of minimal staffing.”
The commission issued an advisory for data protection officers (DPOs)reminding them to secure data processing systems for the Holy Week long weekend to prevent a data breach similar to what happened to the Commission on Elections during the Holy Week last year.
The minimal staffing during the Holy Week makes data processing systems vulnerable not only to online data breaches but to physical security breaches as well.
In its memorandum, the NPC recommended that DPOs place non-mission critical systems off-line, especially those that contain or have access to personal data.
For systems that are kept off-line, DPOs should ensure that all system activities are recorded and the logs are secure.
DPOs were also advised to protect desktop computers and other devices with passwords, encrypt files and databases on servers, and conduct a backup of systems and databases.
Information security teams also need to need to retain the ability to remotely monitor systems and be ready respond to any unusual activity.
IT centers should also be able to secure their premises adequately to discourage physical breaches.
Liboro said the banking sector might also vulnerable. He noted that the Bangladesh bank heist of 2016 also happened on a long weekend, during the Chinese New Year.
“The economic significance of the financial sector is the reason why we are looking to have a general assembly of DPOs from the finance and banking sector next,” Liboro added.
For individuals going on the road for the holidays, Liboro recommended several data protection measures for their devices. He said they should double-check if their laptops or mobile phones had been updated with the latest security patches.
“Being on the road or away from your home network would mean that data connectivity would be slow and quota is very limited, and so you won’t be able to do this reliably,” the commissioner said.
Gadget and laptop owners should also make sure their and work data are backed up securely.
“As history has shown in a dramatic fashion, both in Bangladesh central bank and Comeleak incidents were done during long holidays, as this is a preferred time for criminals to act online,” Liboro said.
If nobody will be left at home, the network router must be turned off.
“Powered-off devices, not just home appliances, will not only save you money from unnecessary electricity consumption, but also deny criminal an avenue to attack your home remotely,” Liboro said.
The commissioner also reiterated warnings about phishing scams and fake websites.
“Users need to be vigilant of emails and fake websites that aim to extract log-in credentials from unwary users,” he sai.d “There has been an increase in these, and users need to be cautious in accessing their accounts from their own devices and most especially from shared devices.”
The NPC is a regulatory and quasi-judicial body created in March 2012 by the Data Privacy Act of 2012 (Republic Act No. 10173). The agency is mandated to uphold the right to data privacy and ensure the free flow of information, with a view to promoting economic growth and innovation. /atm
