Law against cybercrime provides for corporate liability, experts warn

AS THE hype over the newly signed cybecrime law seems focused on the provisions on libel and the ability of the justice department to order a shutdown without a court order, businesses are being warned of other provisions that could also affect them.

In a discussion sponsored by the Canadian Chamber of Commerce in the Philippines, National Computer Center group head Frederick Amores and Ng Khai Development Corp. president and Sun.Star Cebu columnist Wilson Ng gave their own views on the new law.

Amores warned that the law also provides for corporate liability, if proven that there was a lack of supervision on the part of the company to prevent any of its employees from committing a crime using office equipment.

“You should be careful about what your people do in behalf of the company,” he said.

An example of this is the sending out of spam mail. The law has provisions against sending unsolicited commercial communications, prohibiting the advertisement or offer for sale products and services unless there is prior affirmative consent from the recipient.

Supervision

Such mails should also have a “simple, reliable way” for the recipient to reject or accept the communication. The source of the mail should not be disguised or have misleading information that would induce the recipient to read the message.

Amores said that even if companies do not have specific orders for employees to send out spam, they could be considered negligent and liable for violation of the crime if they fail to supervise their employees in their manner of marketing their products or services.

He also warned against giving too much access to low level employees, saying vital and sensitive records should be accessible to only to the right people.

Both Amores and Ng agreed that most organizations fail to remember that the threat of cybercrime can also happen from within the organization because they are so focused on protecting themselves from external threats.

“We always think of protecting from the outside but we leave out the inside,” Amores said.

For his part, Ng warned that hackers can program other people’s computers to send the spam mail and this could affect an organization if its IP address has been recorded as a source of spam mail. Most of these viruses planted by hackers are spread through mail attachments and chain mail.

He cautioned managers to discourage personnel from forwarding chain mail, saying some recipients who don’t like receiving them could opt to mark these as spam, placing a user’s IP address on record as a sender of spam mail. Some of the company’s official communications end up deleted or diverted to a spam folder instead if this happens.

Restrict activities

Ng also said it would be wise to restrict computer activities of employees, as internal files could be prone to employee abuse.

He said that if they are free to do as they please, many would end up downloading video and music files, which affects bandwidth. Or they could end up spending more time on social media or watching porn and commiting cybercrime instead of working
during working hours.

Some safety tips Ng gave out were to use anti-virus software and install updates regularly. He also encouraged the use of difficult passwords, including an interval of small and capital letters with numbers. Most hackers crack passwords just by guessing.

Ng also urged companies to and device users to use Wifi security features, close unnecessary ports, reduce employee privileges, invest in firewalls and security applications, uninstall unnecessary software and to maintain back-ups for critical files.