According to Paul Prantilla, Director of IT Operations, Red Rock IT Security., the Philippines is the 10th most attack country in the world, with massive data breaches. It only takes one person to click malicious files, URL, or email attachment to get hacked.
“Even opening a PDF file that is malicious could give an attacker the power to hack organizations and attackers just need to make a malicious file look legit,” said Paul.
Personally Identifiable Information (PII) is the new “gold rush”, Prantilla mentioned. This personal information that we give to social media accounts, somewhere along the way, reached hackers and the government noticed that these weren’t right. That is why the government created laws and regulations restricting people not to give information to anyone.
PII is any data that could potentially be used to identify a person. Examples include a full name, Social Security number, driver's license number, bank account number, passport number, and email address.
Entertainment industry is one of the prime targets of hacking. Example here is the Sony Pictures’ hack issues in 2014. Celebrities are target as their online life contains official and unofficial records. Data that can be used for identity theft and sell to multiple people. It can also be used for blackmail and extortions.
Chat leaks and accidental exposure on social media can also be used to find out important information.
Unfortunately, IT security is not taught in schools. Instead, students are taught to create complex software as quick as possible.
How do hacks happen?
- Malicious Links form emails – URL asking you to login to a website, and file attachment (pdf, rar, etc.).
- Dumped Accounts – any website or online services that we used can be targeted by hackers.
- Shared Passwords – These are public information that can be used as scare tactics, like they’ll say, “I know you’re watching porn, or you have these scandals”.
How to protect ourselves and our devices?
Always update the software of your device – make sure automatic update is enabled.
Always update anti-virus software.
Always enable firewalls.
Don’t use the same email password on different social media accounts.
Protect browsing activities – recognize malicious sites and email.
Protect Accounts and Passwords – use Two Factor Authentication; OTP implementations (Google Authenticator or via SMS); and use LastPass (Browser Integrated Password Manager) so you won’t have to remember all your different passwords. Can be synched across multiple devices securely.
How to properly dispose or repair devices
Make sure remote wipe is configured.
Never leave your device unattended.
Double wipe your files before you sell it.
Never leave them on repair shops.
What to do when you are hacked?
Backup three times.
Change passwords in different computers.
Contact IT security department.
Monitor your credit card transactions.
*Pro tip: Go to https://haveibeenpwned.com to know if your email address has been hacked in the past.