2017 | ISSUE 1 English繁體简体
Integrated Solutions eNewsletter
THEME STORY: Hong Kong Re-industrialization. Opportunity?


HK I.T. needs to CATCH UP!

Trend of Data Security

Data is one of the most important assets of a company. With the advance of technology and changes in the working environment, it is common for companies to make use of personalised data transmission devices and technology for wireless local area networking such as Wi-Fi to transmit, copy and handle a large amount of data. More and more new network interface and solutions are used in the data exchange and the monitoring of the production workflow. One of the examples is the cloud-based system. Although it seems that it is inevitable for the industry to connect its production and service via the Internet, people are often less aware of the importance of data security.

Data security has been facing a lot of challenges as more and more companies choose to digitise all their data. New network interfaces and flow of data over untrusted network create fresh cyber threats. People often use personalised data transmission devices to transmit and store company's data. One of the potential risks of such behaviour is that these devices can be lost easily and are often prone to the attack of malicious code and virus. The flourishing of wireless local area networking, such as Wi-Fi, to handle data also poses risks to data leakage if the network is not appropriately encrypted.

Since the beginning of 2016, the issue of ransomware threats to mobile devices has become a critical problem in data security. Ransomware hits mobile devices and is on the rise. A coverage in Oriental Daily reported that the number of this kind of ransomware has been climbing to more than 20,000,000. A lot of small/medium enterprise and non-governmental organisations are attacked by ransomware. The Hong Kong Productivity Council also said that there is a 476% surge in cases related to ransomware. The Hong Kong Productivity urges the local enterprises to be alert of ransomware attack and to strengthen their websites and networked industrial systems amid the prevalence of organised attacks.

With the prevalence of ransomware, data security has become a very important issue for every enterprise. Ransomware is a computer malware that is installed covertly on a victim's computer. It will execute a cryptovirology attack that adversely affects the files on the computer and demands a ransom payment for decrypting them or preventing from publishing them. Ransomware usually sneaks into the victim's system through security loopholes in browsers and related applications. Some of the examples are Adobe Flash and Reader. Ransomware may lock the system and display a message requesting payment to unlock it. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. Yet, in some situation, the victim's files could be irretrievable. Enterprises can suffer from losses due to interrupted operations, data loss, and other consequences. All these threaten the enterprises' system. The insufficient knowledge and sense of danger of the enterprise and staff make it easy for the ransomware to attack the system. Thus, enterprises have to strengthen their sensitivity and to undertake specific actions so as to raise awareness towards data security.

Everyone in the enterprise shares the responsibility to prevent attacks from ransomware and other data security issues. Enterprise should regularly assess all the long-term and short-term storage location of data. It is recommended to implement security measure in accordance to the importance and sensitivity of the data. Not all data are of the same level of importance and sensitivity in relation to the enterprises' benefits. Enterprise should classify the data in different security level and carry out specific security measures for data in each specific level. Most of the resources for data security should be put into the most important and sensitive data in order to prevent attacks from cyber criminals.

Enterprises should also seek help from different available security solutions. Most of the security solutions integrate aspects including, anti-virus firewalls, email filters and identity authentication. These security solutions can serve as the front-line defense for the enterprises. Yet, it is also important to establish security policy to facilitate the management of data. Important measures include data access policy, software installation policy, and secure communications policy. By implementing data access regulations and secure communications policy, the enterprises can reduce the number of sources when there are data leakage and virus-related issues. Some of the more popular options for security authentication are the use of password and token. On the other hand, software installation policy can also control the source and number of software installed on the enterprise's system. In some circumstances, it is also recommended to prohibit the use of private or individualised device in working area as a result of security concerns.

Besides, the enterprise should also set up routines to regularly assess their security performance, the implementation of security policies and to back up data. It is important to regularly inspect the system and to repair system's loopholes. It is also recommended to keep the software and security solutions up-to-date. Also, the enterprise should not underestimate the importance to back up data. When an enterprise has regular backup practice, even if it suffers from ransomware attack, the loss could be minimised. The reason is that data could be retrieved easily from the backup files. Ideally, the enterprise should also back up their data through cloud-based technology and to save the backup as off-line files. Staff are encouraged to work hand in hand with the enterprises. Yet, the enterprises have the responsibility to educate their staff of the importance of data security.

All in all, with the advance of technologies, enterprises should often stay up-to-date and to be sensitive enough towards potential security risks. Every member of the enterprises should also work together to prevent the cyber criminal's wishes to prevail.