Trend of Data Security
Data is one of the most important assets of a company. With the
advance of technology and changes in the working environment,
it is common for companies to make use of personalised data
transmission devices and technology for wireless local area
networking such as Wi-Fi to transmit, copy and handle a large
amount of data. More and more new network interface and
solutions are used in the data exchange and the monitoring of
the production workflow. One of the examples is the
cloud-based system. Although it seems that it is inevitable for the
industry to connect its production and service via the Internet,
people are often less aware of the importance of data security.
Data security has been facing a lot of challenges as more and
more companies choose to digitise all their data. New network
interfaces and flow of data over untrusted network create fresh
cyber threats. People often use personalised data transmission
devices to transmit and store company's data. One of the
potential risks of such behaviour is that these devices can be lost
easily and are often prone to the attack of malicious code and
virus. The flourishing of wireless local area networking, such as
Wi-Fi, to handle data also poses risks to data leakage if the
network is not appropriately encrypted.
Since the beginning of 2016, the issue of ransomware threats to
mobile devices has become a critical problem in data security.
Ransomware hits mobile devices and is on the rise. A coverage in
Oriental Daily reported that the number of this kind of
ransomware has been climbing to more than 20,000,000. A lot of
small/medium enterprise and non-governmental organisations
are attacked by ransomware. The Hong Kong Productivity
Council also said that there is a 476% surge in cases related to
ransomware. The Hong Kong Productivity urges the local
enterprises to be alert of ransomware attack and to strengthen
their websites and networked industrial systems amid the
prevalence of organised attacks.
With the prevalence of ransomware, data security has become a
very important issue for every enterprise. Ransomware is a
computer malware that is installed covertly on a victim's
computer. It will execute a cryptovirology attack that adversely
affects the files on the computer and demands a ransom
payment for decrypting them or preventing from publishing
them. Ransomware usually sneaks into the victim's system
through security loopholes in browsers and related applications.
Some of the examples are Adobe Flash and Reader. Ransomware
may lock the system and display a message requesting payment
to unlock it. More advanced malware encrypts the victim's files,
making them inaccessible, and demands a ransom payment to
decrypt them. Yet, in some situation, the victim's files could be
irretrievable. Enterprises can suffer from losses due to
interrupted operations, data loss, and other consequences. All
these threaten the enterprises' system. The insufficient
knowledge and sense of danger of the enterprise and staff make
it easy for the ransomware to attack the system. Thus,
enterprises have to strengthen their sensitivity and to undertake
specific actions so as to raise awareness towards data security.
Everyone in the enterprise shares the responsibility to prevent
attacks from ransomware and other data security issues.
Enterprise should regularly assess all the long-term and
short-term storage location of data. It is recommended to
implement security measure in accordance to the importance
and sensitivity of the data. Not all data are of the same level of
importance and sensitivity in relation to the enterprises'
benefits. Enterprise should classify the data in different security
level and carry out specific security measures for data in each
specific level. Most of the resources for data security should be
put into the most important and sensitive data in order to
prevent attacks from cyber criminals.
Enterprises should also seek help from different available security solutions. Most of the security solutions integrate aspects
including, anti-virus firewalls, email filters and identity
authentication. These security solutions can serve as the front-line
defense for the enterprises. Yet, it is also important to establish
security policy to facilitate the management of data. Important
measures include data access policy, software installation policy,
and secure communications policy. By implementing data access
regulations and secure communications policy, the enterprises can
reduce the number of sources when there are data leakage and
virus-related issues. Some of the more popular options for security
authentication are the use of password and token. On the other
hand, software installation policy can also control the source and
number of software installed on the enterprise's system. In some
circumstances, it is also recommended to prohibit the use of
private or individualised device in working area as a result of
security concerns.
Besides, the enterprise should also set up routines to regularly
assess their security performance, the implementation of security
policies and to back up data. It is important to regularly inspect the
system and to repair system's loopholes. It is also recommended to
keep the software and security solutions up-to-date. Also, the
enterprise should not underestimate the importance to back up
data. When an enterprise has regular backup practice, even if it
suffers from ransomware attack, the loss could be minimised. The
reason is that data could be retrieved easily from the backup files.
Ideally, the enterprise should also back up their data through
cloud-based technology and to save the backup as off-line files.
Staff are encouraged to work hand in hand with the enterprises.
Yet, the enterprises have the responsibility to educate their staff of
the importance of data security.
All in all, with the advance of technologies, enterprises should
often stay up-to-date and to be sensitive enough towards potential
security risks. Every member of the enterprises should also work
together to prevent the cyber criminal's wishes to prevail.
