|Inside a Security Operation Centre in Thai Binh province.
(Photo: VNA/VNS/The Duyet)
Since digital transformation is inevitable in all sectors, digitizing data has made these pieces of valuable information a tempting target for cyber criminals, who are increasingly sophisticated, says IT expert Nguyen The Hoang Anh of the Institute of Information Technology of the Vietnam Academy of Science and Technology.
“Risks to information safety come first from viruses and malware programs. A second risk comes from a lack of caution on the part of software service providers and social utilities,” said Hoang Anh.
IT experts agree that while large corporations obviously have the resources to build data protection systems against cyber security risks, most small and medium-sized enterprises feel they can’t afford the investment.
They usually spend less of their budget on IT systems, according to Duong Manh Hung, CEO of the Vietnamese Network Security Company (Vsec).
“During the current epidemic, many domestic SMEs are reducing their investment in information and data safety systems – for example, spending less to upgrade their systems, monitor system errors, or check whether or not their systems are safe. This increases their risk of cyber attacks,” said Hung.
The question is what smaller organizations and businesses can do to protect their information and promote data privacy.
“Digital transformation is inevitable. Every organization is making a drastic shift, which starts with data digitization followed by technology application to create a better way of operating and trading,” Vsec’s Deputy Director Le Thanh Tung said.
“But this creates the risk of information/data loss from data manipulation, application connection, or communications between organization members and outsiders.”
Another question is what individuals and businesses need to do to maximize the benefits of digital transformation.
“During digital transformation, it’s necessary to clearly set information security rules for all – businesses, state agencies, and government organizations. Sometimes security loopholes can only be detected indirectly. Even if information is encrypted, managing the information is another matter,” said Nguyen Huy Du, CEO of DuCapital Holding which specializes in developing new technology.
Echoing Du’s views, Vsec’s Deputy Director Tung talked about ways to ensure information security for remote work, “First and foremost, it’s essential for organizations to train employees in information security and the importance of complying with the rules.”
“Second, it’s necessary to regularly update the software used for online meetings, especially after any breach is detected. Upgrading should be done from the manufacturer’s official website. Third, it’s extremely important to install a firewall or anti-virus software, which needs to be updated frequently,” said Tung.
Tung insists that data transfers in remote work create a high risk of data loss because employees are no longer working on a private network.
To address the situation, Tung suggests using a virtual private network (VPN) to ensure that all data sent from any device will be encrypted. Even if that data is lost, it won’t be readable.
Tung underscored the importance of setting specific rules on physical security, such as setting the time for locking one’s computer screen, or defining which materials can be taken off the premises or left on a table. Data breaches are caused not just by cyber attacks but also by the user’s own acts, said Tung.