Four cyber security tips for APAC businesses to consider
In the slipstream of the Covid-19 crisis, the threat of cybersecurity is on the rise. The pandemic has resulted in more people working from home, bringing with it a new wave of cyber risks to contend with.
This, coupled with the introduction of new cyber security laws across APAC and changes to data protection rules, has meant that it is now critical for organisations to actively review their cybersecurity and data handling practices. Lauren Hurcombe, a senior associate at global law firm DLA Piper in Hong Kong, shares four practical cybersecurity tips for APAC businesses to consider:
Remote working is not a one-time thing
The general trend is that there will be a continued increase in working from home arrangements going forward. One of the biggest challenges businesses have faced is having sufficient IT support for this new way of working, both in terms of infrastructure and people. When internal resources are limited and teams are stretched, businesses are open to security vulnerabilities, as employees typically cut corners and do not adhere to the same standards as if they were in the office.
But this is more than simply having more IT people on the ground and improving network security or implementing monitoring tools, businesses need to ensure that they have proper policies in place, and invest time educating and training the workforce in maintaining proper security protocols to minimise the threat of a cyber incident when working remotely.
Incidents and breaches are on the rise
The amount of businesses being affecting by cyber incidents is rapidly growing, as attackers look for ways to benefit from potential weakness in network systems and exploit uncertainty created by the current climate. What is interesting, is that we are seeing ransomware attacks, in particular, become more sophisticated with cyber criminals now stealing and encrypting large amount of valuable data (as well as blocking access to systems), to use as leverage.
This is of particular concern in the current digital era where more and more organisations rely on big data as a key business driver, and for those industries operating in sectors which utilise more sensitive data sets. In the past and coming 12 months, cybersecurity and privacy regulators in the APAC region have introduced stricter cyber incident and data breach reporting requirements, so there is an added regulatory compliance element to consider when managing cyber incidents.
Businesses of all sizes need to be alive to the real possibility of falling victim to a cyberattack, and ensure they have detailed and robust incident management procedures and response teams in place, to minimise the resulting impact.
A cybersecurity strategy is important
The reality is a proper cybersecurity programme helps ensure businesses remain functional and operational, in particular in the current climate where reliance on connectivity and technology is paramount. However, when it comes to business spend, cybersecurity has historically been neglected, as the C-suite struggle to balance significant security expenditure with the economic benefits for the business (given the return on investment is often unclear).
In practice, this often comes down to managing the current and future risks in the most cost-efficient way and adopting appropriate mitigation strategies. Ultimately, those businesses who start the planning process early, and adopt / implement a compliant strategy in line with relevant cybersecurity laws and regulations, will be better prepared to deal with future challenges and disruptions in this space.
Revisiting data privacy compliance
APAC is unique in that organisations operating in the region, need to comply with various and differing data protection regimes. This means, ensuring that regional data compliance programmes are regularly reviewed and updated to take into account recent changes in data laws across APAC – in particular with regards to data localisation, overseas data transfers and security measures.
Businesses should keep in mind that APAC data regimes generally support business growth, meaning compliance can often be used as an advantage to help facilitate more innovative data analytics and commercialisation activities as part of global business models, in contrast to more restrictive data regimes in other parts of the world.