With cyber incidents on the rise, as well as the increased visibility of Malware as a Service (MaaS) and now Ransomware as a Service (RaaS), having an effective cybersecurity policy is critical for any company that wants to control the damage that a cyber attack inflicts. The first step towards an effective defence is to change your mindset: there are only companies that HAVE been hacked and companies that WILL be hacked. How badly that hack hurts depends on your preparedness, just pretending that you’re not at risk only increases that risk.
The second step is to create a data and process map of your company so you can understand what goes where and how it gets there; without this there’s no way for you to effectively plan your defence. Data stored in China may be subject to attention that it wouldn’t get in the EU or the US, and with the Chinese Cyber Security Law in effect, you may have to build an infrastructure in China anyway. Thirdly, implement effective (and most importantly) consistent cybersecurity training so that your employees are kept up-to-date with the latest trends and information. Run tests and drills that come as close to the real thing as you can make it so that when a real attack does occur your company’s response is muscle memory. Cyber attacks are scary, and they can spell the death of a company that’s unprepared for them.
Source: 5 Components to a Proactive Security Strategy
Vietnam has released the draft version of its data privacy law, which should seem familiar for any company that’s dealt with GPDR. However, the Vietnamese Cyber Law (VCL) does have important differences such as the VCL requiring tech companies to monitor the content that is put on their services. Anything deemed anti-state, slandering, or fake will be required to be taken down by the content provider.
Policing the social media or internet traffic of a country is a lot to ask, and US tech companies are pushing back against the regulation; large companies such as Facebook and Google are rallying against the localization requirement that would force companies to set up offices in Vietnam if they process the data of someone in Vietnam. The draft regulation also requires that tech companies hold certain users data, where it can be inspected by the authorities, which includes credit card information and other sensitive personal data. US firms have voiced their disagreement with this as it would expose employees and citizens to the risk of being arrested if their data isn’t to the Vietnamese government’s liking.
Source: Vietnam releases cybersecurity draft decree