Reader Advisory

Some articles posted in The SlickMaster's Files may contain themes, languages, and content which may neither appropriate nor appealing to certain readers. READER DISCRETION is advised.

Monday, June 21, 2021

Kaspersky shares tips on what Filipinos can do to fight data breach

06/12/2021 09:48:34 AM

What can you do — or not do — in case you get hit by a data breach?

Kaspersky has shared some tips on what a company, a government, or an individual can do in case they fall victim to this cyberattack that involves private and confidential information has been exposed or shared without the owner’s permission.

According to Kaspersky’s 2020 figures, small and medium businesses would need a whopping $101,000 (P4.8 million) if they get hit – much lower compared to an enterprise-level company with $1.09 million (P52.4 million). Both big and small organizations also stand to incur reputational damage which could result in loss of customers.

In case a government organization’s highly classified information has been compromised, expect that military operations, political dealings, and details on critical national infrastructure can pose a major threat not just to the government but to its citizens, too.

As for an individual, a single case of a data breach would lead to the possibility of being a victim of burglary or car theft if their home address, location, or vehicle registration details are shared publicly. The worst-case scenario is they could become a victim of identity theft.

Identity theft occurs when a victim's device is hacked, which then leads to potentially losing priceless personal photos and videos, as well as access to online accounts like social media and email, and then get blackmailed, lose money if cybercriminals get hold of the victim's financial information, be charged for loans if they get their social security or passport details — all simply because someone else now the data and they can pretend to identify themselves as such.

Moreover, the question falls whether if Filipinos are really aware of what they can act upon in this situation, especially that a string of data breaches affecting them have been reported quite frequently in recent years up to the present. 

In April, almost 900,000 Facebook accounts of Filipino users were reportedly included in a large-scale data leak that affected over 506 million users worldwide. The same month also saw around 345,000 sensitive court documents of ongoing legal cases were found to have been made publicly available. As if these incidents weren't enough, data of about 3.3 million users of an online lending platform was reported to have been sold on the dark web earlier this year.

Not only that. In 2019, the country’s military database was hacked; exposing the personal details of almost 20,000 personnel as a result. In the same year, private details of about 900,000 clients of a pawnshop operator were affected by a breach. There were several more but the massive leakage of personal information of 55 million Filipino voters in 2016 remains to be the biggest data breach in the history of the Philippines.

Neighboring countries such as Singapore, Malaysia, Thailand, Vietnam are all in the same predicament, making the region a hotspot of data breaches.
“Generally, a data breach happens due to weaknesses in user behavior (human) and technology. Our devices get more connective features so there are places where data could slip through. There is no specific sector or person that’s being targeted as cyber criminals do not discriminate. Anyone is vulnerable,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky. 
Cybercriminals responsible for data breaches use manipulation techniques like social engineering to exploit human error and penetrate the system; and it comes in many forms, like offering time-sensitive opportunities, mass phishing, carrying out personalized and targeted attacks, intercepting communications, posing as someone legitimate, and many more.

Among users of Kaspersky products in the country, the cybersecurity company has reported a 160.43% rise in detected web threats under social engineering attacks from Q1 of 2019 (7,674,407) to Q1 of 2021 (19,987,120). These attacks were stopped from further progressing by Kaspersky solutions in the devices of users in the country.

So what should be done when you or your company gets hit by a data breach? Kaspersky discusses some of its tips below:

Here is a five-step guide for organizations whether big or small, private or public:

1. Assess the situation. Evaluate the risk of the data breach to customers. Risk assessment helps you decide the next steps to take. If it’s a high risk, inform the customers without undue delay, perhaps even before reporting to authorities.  Be transparent
2. Be transparent. In 40% of businesses around the world, employees hide an incident when it happens. Hiding an incident may lead to dramatic consequences, increasing the damage caused. It may also result in customers losing trust in the business on top of negative news coverage. Tell customers what happened and give them advice on what to do next. 
3. Document everything. Document every data breach, even if you don’t have to report it. Record what happened, the steps you took, and why the breach was reported or not reported.
4. Learn lessons. Once the cause has been identified, fix it. Next, make sure all staff receive training in how to prevent future breaches. Human error causes most data breaches.
5. Notify parties. If you’re processing data for other organizations, don’t forget to tell them about the breach. They will have steps they must take too.

Here are pointers for Individuals who suspect being a victim of identity theft:

1. Discover the source. To correct the problem, you should find out the origin of the attack. Think of your most recent online activity. To limit your exposure, ensure logging in using a secure connection. Also, avoid using linked accounts and similar passwords to not allow a cybercriminal to daisy chain your information. “Daisy chaining” allows all of your accounts to be compromised by breaking into just one. Run a reliable antivirus solution to detect and remove malware in your device.  
2. Start making calls. Begin with any companies where the fraud occurred and ask them to close or freeze your accounts and change all of your login and password information.
3. Cover your bases. Keep an eye on your credit reports beyond 90 days and flag anything fraudulent immediately. Limit the number of credit services you use to reduce the long-term impact of identity theft. 

To prevent data breaches, here are some surefire ways that Kaspersky recommends:

1. Always be on the lookout for new patches and updates for your software. Keeping the operating system fresh and running the latest version simultaneously removes outdated features and brings in fixes to previous security flaws. This practice is usually mandatory for organizations but is optional most of the time for individual users. 
2. Encryption is key to protecting extremely sensitive information and assets. Not only is it cost-effective to implement, but it can also give an additional layer of protection for remote workers as well as increase the integrity of your data. For individual users, there is a wide array of free or low-cost encryption software available online. 
3. Using devices that are no longer supported by the manufacturer will attract unnecessary risks. Upgrading devices ensures that users are protected against newer vulnerabilities. Although businesses might be hit with a substantial expense in the upgrading process, data breaches are proven to be more costly. 
4. Enforce strict Bring-Your-Own-Device (BYOD) security policies by requiring the use of business-grade VPN services or antivirus software. Social engineering tricks usually target employees or individuals that have access to an organization’s networks and systems through insecure devices. 
5. Observe safe practices like using strong credentials or activating multi-factor authentication. 
6. Educate employees on how to avoid socially engineered attacks and use the best security practices. Knowing how these attacks propagate is half the battle. Individual users must also take it upon themselves to be knowledgeable on how to spot a potential attack when there is one.
Small and medium businesses, which are also not immune to cyberattacks, can avail up to 40% in savings on the KEDRO security solution by visiting this link.

Incidentally, Kaspersky is offering free e-gift vouchers (choice of Grab, GCash, or PayMaya) for every purchase of:
Kaspersky Total Security (valid for 1 year for 1 device) or 
Kaspersky Internet Security (valid for 1 or 2 years for 1, 3, or 5 devices)

Participating Kaspersky products are available from official partner stores in Metro Manila, official partner e-stores, and via Shopee and Lazada. Promo runs from May 29 to June 30, 2021. For the complete list of participating stores and for more information about the promo, please visit this link.

Author: slickmaster | © 2021 The SlickMaster's Files

No comments:

Post a Comment

Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!