22 Jun Is your office safe from cyber-attacks?
By. Teguh Prasetya
President Director of PT Alita Praya Mitra
The era of digital transformation is not as sweet as imagined. The shadows of cyberattacks lurk, along with the gap in the company’s digital behavior. Employees’ digital activity is increasing rapidly, but the company’s understanding of data security is growing slowly or even stagnant.
Data from the National Cyber and Crypto Agency (BSSN) shows that cyber-attack attempts increased 4-fold in August 2020 compared to the same month last year. In that period, BSSN recorded 190 million cyber-attack shots in Indonesia, raising 151 million attack attempts in 1 year.
The increase in cyber attacks occurs because hackers see an increase in the digital activity of company employees. Since the COVID-19 pandemic, the frequency with which employees enter the office physically is five days a week, changing to two days a week, or not at all. All activities are carried out online with the concept of work from home or work from anywhere.
The company’s understanding of cybersecurity, data privacy, and data sovereignty is crucial, especially in corporate business. Data leaks are not only about the loss of customer data or company revenue but it is also about public trust in the company.
As a preventive step, a company must instill principles in its employees about the importance of maintaining company and customer data privacy and knowing about cybersecurity. Then, the company must also implement a security system that can protect company data. Finally, companies must also implement the right security technology, protecting company data and business in the digital era.
In addition, to keep data more secure in the digital era, companies need to have more than one data storage area, where one secret location to store important and encrypted data and another place to store data that is less important or used as a system—reserves to maintain the company’s operational reliability.
The company’s standard operating procedures must also run following cybersecurity standards, at least ISO 27001. After human resources got additional skills, data storage areas are broken down and tightened, and ISO-based operational deployment, companies must ensure that the devices used to operate have passed security audits. An understanding of data security is critical because currently, company data is stored in the office and on other companies’ servers that are at risk of being leaked.
Finally, there needs to be clear communication to employees related to cybersecurity, such as socializing not opening links in emails with dubious sources. They have the potential as phishing emails targeting employee personal data, spam, and even malware that can harm the company’s cybersecurity system.