How to protect your company from hackers

Be extra vigilant. Don’t trust everything you receive in the email.

Keep your personal information private. Invest in information technology (IT) systems that will help protect your company from hacking.

These were the tips given by Dexter Laggui, president and chief executive officer of Laggui and Associates, Inc., which works with companies that want to put information systems security in place.

Laggui said that in today’s digital age, crimes committed through the Internet is growing. Individuals and companies alike are targeted.

“Among the most prolific and hottest crimes committed now that has affected many is phishing,” said Laggui.

Phishing involves sending of fraudulent email that tricks the victims to provide important financial information which is then used to hack into the victim’s bank accounts.

“This has been happening and a lot of life savings have been washed out and transferred to bank accounts registered in other countries like in China,” Laggui said.

He said individuals and companies should avoid sharing information that would spread in the Internet.

“Criminals now study you through the different social media windows like LinkedIn, Facebook, Instagram and more.

You should avoid uploading your personal information there like where you work or flaunt how much you’re making and where you live and what car you are driving.

This also makes you an easy target for kidnapping. These cases usually increase as election period draws nearer,” he said.

Banks usually return the amount that an individual loses to hackers, but only after a long investigation that proves the account was indeed hacked.

“For companies however, the banks are not as lenient because companies are expected to have in place security systems that protect their private data,” he said.

For companies, he said there are means to protect their system from hackers.

“For companies who are just starting, complying with the ISO/IEC 27001 is a good start.

If your company is now into credit cards and payment systems, you can implement PCI DSS (payment card industry data security standard) and if you’re into lending, you can be guided by the BSP circulars,” he said.

“If you’re into all of these already, then you can adopt the COBIT or control objectives for information and related technology,” he added.

Laggui said small and medium enterprises that don’t prioritize investments in systems security  should start changing their mindset.

“Companies should now start to recognize that information is an asset that is critical to business.

There should be a cultural change in your companies to have that mindset that like land, labor or capital, information is an asset that needs to be suitably protected,” he said.

He cited the case of Sony which fell victim to a group of hackers that called themselves “The Guardians of Peace” last year in November.

As a result, Sony lost at least $500 million in movie production cost and about 100 terabytes of intellectual data and personal data – from salaries to health information – of all employees exposed. A top executive resigned.

“That was one of the ugliest cases of cybercrime which caused (a) huge loss. For Sony it was not just money, it also affected their credibility,” he said.

Laggui said there are laws existing in the country now that address this, such as the Cybercrime Prevention Act of 2012.

Victims may also file cases of grave threats, coercion and intellectual property theft.

“That is, if the culprit gets caught which is usually a long and frustrating process,” he added.

For companies that got victimized, employees can also file cases against the company for failing to protect their personal information through the Data Privacy Act of 2012.

“Companies are liable and penalties include companies paying, I think, from P200,000 to P2 million and two years jail time,” he said.

TAGS: bank accounts, Cebu, Cebu City, Facebook, hackers, Inc., Information Technology, Instagram, IT