Event Recap: Improving Your Cyber Defense By Building a Strong Cybersecurity Culture in Your Organization

The pandemic has led to an alarming increase in cyber attacks, with remote work making networks more susceptible to security breaches as they tend to be less safe. Consequently, organizations must take decisive action and prioritize installing security measures that protect computer systems, networks, and data against potential risks or threats.

Companies must foster a robust cybersecurity and data privacy culture beyond investing in technology to ensure protection. Employees should be reminded regularly of their role in keeping the organization secure, as it is an integral part of a proactive defense against malicious threats.

To strengthen organizational data privacy and security, employees must also remain aware of potential threats, respect confidential information, and understand the repercussions of failing to uphold these standards.

On February 28, 2023, April E. Sumabat, Privacy and Compliance Professional, and Former National Privacy Commission Officer, and Christoper Paz, Cybercrime Division Chief of the National Bureau of Investigation (NBI), shared the importance of building a cybersecurity culture and  employees’ roles in having a strong cyber defense.

Best Practices To Ensure Data Privacy

During the first half of the webinar, Ms. April discussed different privacy laws around the world and highlighted RA 10173, also known as the Data Privacy Act of 2012.

She also emphasizes that an organization must comply with the relevant privacy laws and regulations to uphold the data subject's rights.

To clearly understand the matter, Ms. April shares what Personal Data pertains to and the difference between Personal Information (PI) and Sensitive Personal Information (SPI).

She also discussed the Data Privacy Principles, which are: Transparency, Legitimate Purpose, and Proportionality.

What is a Personal Information Controller (PIC) and a Personal Information Processor (PIP)?

Ms. April then discussed the key differences between a PIC and a PIP.

A PIC can be an individual, a judicial entity, or any other organization that controls the processing of personal data or requests another to handle it for them. On the other hand, PIP refers to any individual, legal entity, or organization that a PIC entrusts with processing personal data related to the data subject.

The responsibilities of these two are: to adhere to data privacy principles, uphold the rights of the data subject, and implement security measures.

Rights of a Data Subject

To give a more comprehensive understanding of people’s rights, Ms. April enumerated the Rights of Data Subjects and explained each one:

1. The right to be informed
2. The right to access 
3. The right to object
4. The right to erasure or blocking
5. The right to damages
6. The right to file a complaint
7. The right to rectify
8. The right to data profitability 

Complying with the DTA and Data Breach Management

Ms. April delved into the Data Life Cycle to comply with the DTA and explained how valuable the 5 Pillars of Compliance are.

Although it may not be feasible to anticipate every risk and threat to data privacy, being prepared is essential for staying compliant with these regulations. Furthermore, having a basic understanding of the principles in place will aid businesses in becoming agile and proficient at upholding compliance.

She also differentiated Security Incidents and Data Breaches to give a better understanding of the two. And then provided requirements, reportorial requirements, and penalties regarding the DTA. 

Lastly, she gave the Data Privacy Act for organizations to better understand how to comply with the DTA. 

Building a Culture of Cybersecurity and Data Privacy in the Workplace

Mr. Christopher started the second half of the webinar by providing an overview of the NBI case reports over the past three years. He enumerated the top 3 cases: online fraud, cyber libel, and identity theft.

These crimes can severely affect organizations through financial losses, reputation damages, and legal repercussions.

Mr. Christopher emphasizes that companies must remain vigilant against cyberattacks and proactively protect data and organizations’ systems.

Throughout his 20 years of service in law enforcement, he also detailed the various cyber threats and difficulties he has encountered. To know more about this, watch the full webinar here.

Essential Practices in Cybersecurity and Data Privacy

Mr. Christopher highlighted essential practices to ensure that individuals and organizations stay protected in this digital world. Here is a list:

1. Implement measures to secure the IT infrastructure
2. Develop a plan for responding to potential security incidents
3. Develop and enforce cybersecurity policies

Mr. Christopher gave critical policies that companies should have: acceptable use policy, password policy, data protection policy, email security policy, incident response policy, remote access policy, bring your own device policy.

4. Invest in cybersecurity tools
5. Train employees
6. Stay up-to-date

Roles of Employees in Cybersecurity

While it is true that human error can contribute to cybersecurity incidents, Mr. Christopher believes that employees can be your best ally in the fight against cyber threats. 

Here are key roles employees play in an organization’s cybersecurity:

• First line of defense. Organizations can arm their employees with the knowledge to recognize and report potential security threats.
• Assets in implementing security measures. Organizations can ensure that measures are understood and correctly implemented by involving employees in the process.
• Valuable source of information. Organizations can identify the severity of an attack by getting information from employee reports.

Lastly, Mr. Christopher emphasized that cybersecurity is a shared responsibility. While IT departments and security experts have a crucial role, every employee has a role to play in protecting the company and customers’ information. By fostering a culture of cybersecurity, employees can be encouraged to actively protect sensitive data.

Establishing Solid Cybersecurity to Stay Ahead of Evolving Cyber Attacks

With more organizations operating remotely or shifting to a hybrid workplace, learning how to protect systems from cyber threats is now essential for businesses. 

The most effective way to mitigate these risks is to equip your employees and the organization with the proper knowledge and skills regarding cybersecurity to safeguard networks and private data.

Don't miss out and learn how you can strengthen your organization’s cybersecurity. Click here to watch the full webinar.
Keep ahead of the latest HR trends by visiting our events page. If you're searching for reliable posts like this, visit our blog page.

About the Author

Atty. Lester Nazarene Ople

HR Evangelist and Consultant

Lester Nazarene Ople has been an HR professional since 2007. He is currently the Head of Business Development and an HR Evangelist for Sprout Solutions. Lester is also a fellow at the Arellano Law Center for Legal Education and Research and faculty at the Philippine Law School teaching Labor Law.