MyDigital has warned governments and organisations that cybersecurity threats can quickly overtake traditional approaches to data security as economies continue to shift to digital and online models.
According to its chief executive office, Fabian Bigar, “The global direct monetary losses to cybercrime in 2020 were estimated to have nearly doubled to USD945 million from USD522 million in 2018.”
“The full economic costs of cybercrime including direct, indirect and upstream systems in 2020 have been estimated to be around USD4 trillion, about four per cent of the global gross domestic product.”
Interestingly, Malaysia’s Personal Data Protection Act (PDPA) which is the sole data privacy law in the country does not cover any data collected by the government. There is hope – the PDPA is expected to be reviewed in line with the Malaysia Digital Economy Blueprint.
It is without question that in today’s environment, cybersecurity is just as important as personal safety. Only forget about Hollywood-type of data breaches where the target is usually clueless with seemingly no defence against a random person with a laptop. The truth is, there are established ways to maximise security of your data and stop cyber attacks.
Use a password manager
Complicated passwords with numbers; upper and lowercase letter; and symbols are great but are also difficult to remember. A password manager keeps it fool proof – and perfect for those who change passwords regularly (in fact, everybody should!)
Attacks are not always to steal money; losing important company data or files could be just as damaging. Be informed of the best and most secure ways both online and offline.
Secure wireless connection
Your company internet should be safe but with hybrid working arrangements and international travel back on track soon enough, it’s only a matter of time before a company laptop needs to connect to a public wi-fi. Having a reliable and reputable VPN service is vital to extend security beyond the office environment.
Note the word everyone, thus employees and employers should all be trained. Any security expert will tell you that cyberthreats are constantly evolving and so should those who have access to company files. Proper training sessions are the best since its unrealistic to expect everyone to go through cybersecurity documents and understand all its technical terms.
The dangers of phishing
Phishing is constantly getting more complicated, so a proper training for this is needed too. Such is the threat level of spear phishing or whaling, and even normal phishing, that large organisations with very sensitive data to protect even has their IT departments send out bait phishing emails to their staffs and see who responds to them. Those who do will get a quick answer from the IT guys.
Principle of least privilege
Also known as POLP, it’s a system where every employee has just enough privileges to get their job done. Some key benefits are outsiders with nefarious intentions will have to waste time looking for the proper person to compromise a specific type of data, and even if credentials are breached, it won’t be for anything more than that particular user can access.
Supervise your contractors
It’s inevitable to have parties from outside your company be given access to office computers or WiFi. But first, make sure that they are briefed on the necessary cybersecurity policies. Compared to our early reference to Hollywood dramatization, freelancer or contractors could be exposing your organisation’s data – deliberately or otherwise.