On average, there is a new cyberattack somewhere on the internet every 39 seconds. In March alone, hackers breached 20 million records. For startups in Southeast Asia, this makes for grim reading considering countries in the region are pushing for a digital transformation of their governments and societies.

This year, data breach costs rose to $4.24 million USD, up from $3.86 million USD, representing the highest average total cost in the last 17 years. The average cost went up by $1.07 million USD because of increased remote working in response to the COVID-19 pandemic. Working from home has many potential security issues, with employees accessing company networks remotely or using unsecured devices.

Moreover, there are more people online now across Southeast Asia, with the e-Conomy SEA 2020 report showing that 40 million residents became internet users for the first time. Thus, the rush to meet digital demands and innovate leaves loopholes for scammers to exploit unwitting victims.

An expert explains the role of graph data platform in preventing cyberattacks

The value of data itself ensures that companies will not stop using the internet any time soon. For instance, the total global value of digital advertising is now approximately $300 billion USD, and businesses continue to collect information to personalise their approach and attract new customers. Others analyse facts and figures to fix product or service issues, understand consumer behaviour and improve their offerings.

Unfortunately, it means that customer data is sometimes collected without their knowledge or consent. With data privacy becoming a vital concern, startups must find a different way to use and safeguard this information.

How can corporations maintain data privacy?

Poor data protection can cost a company its reputation, and the loyalty and trust customers have. There is an expectation for startups to keep personal information, such as credit card details, safe and to use the data only in appropriate and authorised ways. Here are a few steps that can ensure data security:

Ensure proper governance of personal data

Unlike the European Union’s General Data Protection Regulations (GDPR) that guide the whole region, each member of the Association of Southeast Asian Nations (ASEAN) has a law or policy related to the protection of personal information. As uneven as these rules may be in different countries, there is still an obligation to handle the data responsibly.

Startups should appoint a Data Protection Officer (DPO) to ensure compliance with information protection laws, conduct risk analysis to identify weaknesses in policies and set up security measures to guard records. Furthermore, the officer should guide employees on expected standards, respond to public data management questions, and create guidelines on using, sharing, and disposing of the gathered details.

The key is to be transparent and seek consent rather than using backdoor methods to obtain a customer’s private information.

Assess the risks involved

This year, there have been many cyber security attacks. There is a risk of identity theft, data losses and intercepted details on money transfers and cross-border interactions. Startups should be wary of third-party programs and technology, such as payment processing apps or subscription-based software.

In addition, the threat may not just be from hackers but also from corporate espionage and internal breaches, for example, through phishing emails, infected external hard drives and unauthorised disclosures of customer data. Thus, limit public revelations and deny access to employees who manage information unsatisfactorily.

Moreover, cloud-based technology, such as multi-cloud and hybrid cloud computing, might create data risks. As such, choose a vendor who offers secure servers, storage, reliable access and safe migration of company data.

Invest in data protection software and stay updated

It is expensive and complicated to win customers back after poor service, but it would be worse if the company lost its data. Business owners should ensure they have up-to-date antivirus software installed with internet security capabilities. Scan your servers to remove any dormant viruses and Trojans.

Decentralised solutions like blockchain may remove the threat of hackers invading a single server. It also limits access, masks personal information and encrypts data end-to-end. 

As startups in Southeast Asia tap into the digital opportunities in multiple sectors, data collection and analysis will continue to be necessary. Regardless, they must strike a balance between obtaining private information to improve services and keeping it safe.

Data privacy is a sensitive issue, and businesses should show consumers they are trustworthy by setting safeguards, investing in data protection technologies, ensuring compliance and encrypting personally identifiable information. If a startup does not have the tools to protect itself, the founders should consider hiring a private IT firm to care for the networks and servers.

Governments in the region should improve their data privacy laws to protect the citizens from feeling vulnerable when accessing the internet. Moreover, they should punish unauthorised access to information to keep companies responsible and accountable.