There are 18 official public holidays in the Philippines. As we all know, when these dates fall close to a weekend or if the government pursues holiday economics, most Filipinos make plans in advance to take advantage of extended holiday breaks. This year, we can get to do that at least 12 times.
Unfortunately, cybercriminals get excited about holidays, too. To refresh everyone’s memory, the $81-million Bangladesh Bank heist back in 2016 is an example of a successful cyber attack, which happened on the first day of Lunar New Year, a national holiday in the Philippines and the rest of Asia.
“Now that the world has reopened, travel is back with a vengeance this year, hence the term ‘travel revenge’. Whether Filipinos are scheduling holiday trips or just staycation-ing during the long weekends, it’s important to observe simple digital security practices so you can get to sit back and relax as you take your well-deserved vacation. Security-first thinking opens doors for a more enjoyable holiday break, especially for Filipinos who are amongst the world’s most active online users,” comments Chris Connell, Managing Director for Asia Pacific at Kaspersky.
Both individuals and companies are advised to be extra mindful of personal cybersecurity best practices and internet hygiene when on a holiday.
For companies, Kaspersky suggests to:
- Conduct drills
- Stress to vacationing employees why data encryption, two-factor authentication, strong passwords, and locking devices when not in use are important.
- Discuss the steps to take if their device ends up getting stolen.
- Advise staff about charging smartphones in a wall socket, not through USBs at airports and other public places (these can be used to steal data from a device and infect it with malicious software, such as spyware.
- Educate employees about the dangers of public WIFI (and even hotel WIFI unless it is encrypted and password-protected) and how to use a secure connection such as with a VPN.
- Log out
- Terminate unnecessary VPN connections to the corporate infrastructure.
- End unnecessary sessions that employees have left on any devices for an extended period of time. This also applies to corporate messengers, web apps and any other services.
- Check that the list of employees with access to the corporate network via VPN or RDP include only authorized users. Revoke access from those who don’t need it.
- Create special “emergency” admin accounts for potential incident response over the holidays. The rights granted to regular admin accounts can even be temporarily restricted so that attackers cannot exploit them.
- Install patches for all key applications. This process is far simpler if your company uses security solutions with a built-in patch management system.
Meanwhile, Kaspersky encourages individuals to:
- Only browse trusted apps and websites and be careful about personal information you input like credit card numbers or home address.
- Do not click on links or open email attachments from travel sites when receiving confirmations. Trusted companies include such letters in the bodies of their emails. Malware is often disguised as an attached confirmation letter.
- Bring two or three or more credit or debit cards to have a backup plan in case of loss or needing to cancel one.
- Never leave valuables unattended. Put large amounts of cash and mobile devices or laptops in the hotel safe.
- Use a credit card as most have built-in protections against fraud. There is no protection against a scammer if you send them cash or even check or debit card payment in some cases. A money transfer service is not advisable.
- Ensure their devices has security software installed, ideally with anti-theft technology.
