Security is one of the biggest concerns people have when working with an OFS. What if my OFS gets hacked? How secure is the internet in the Philippines?

I understand these concerns. We often see it in the news and in movies about how hackers can steal your information.

The thing is, most of the technology is the same.
A bunch of my team use MacBook Airs.
A bunch of my team have iPhones.
Their Windows computer has the same security as your Windows computer.
Routers are made by Cisco or Linksys or… the same companies who make your router.

The biggest security vulnerability is actually you and your OFS. Humans are the weakest link in the data security chain. This vulnerability is so prevalent there’s a name for it: social engineering.

Social Engineering is when an individual cons somebody into providing access to them even if they are not supposed to get that access. They can use tactics that either put people at ease or seem familiar or evoke fear and panic to their mark to achieve their goal of breaching security.

Check this out.  This week my team got an email from me:

Except…I didn’t send it.  Someone was purposefully spoofing email as me.

It’s the second time it has happened. The first time it happened gmail didn’t catch it.

Fortunately there weren’t serious consequences involved, but if there were this is a legitimate security concern.

My team has been advised to make sure any email from me or my business partner are actually from us.

Here are a couple things you can tell your team to increase security:

1. Think before you click. Don’t click unfamiliar links and attachments. When receiving links, check the URL by hovering on the link and seeing the actual URL at the bottom of your browser. If that does not work, do a right-click (or a 2-finger gesture tap), use the copy link option in the floating menu, and paste the copied URL to a note app. This will allow you to check the link’s validity without opening it.

2. Check the sender of important emails by viewing the original or raw message.
Do not ever provide personal information or passwords until you’re 100% sure of the source.  Companies will never ask for username/password.

3. Don’t download files you don’t know, especially if you are not expecting to receive any.

4. If you’re really worried about data security, you can also encrypt or password-protect your files. You can do this for Google Drive (https://support.google.com/docs/answer/10519333?hl=en) and One Drive (https://support.microsoft.com/en-us/office/protect-a-document-with-a-password-05084cc3-300d-4c1a-8416-38d3e37d6826)

I know a lot of people worry that the Philippines is less secure.  It’s not.
They’re not more likely to get hacked than you are.
Their internet isn’t less secure than yours is.

Data security comes down to social engineering almost every time.

John