Illustration photo: VNA
Currently, many small and medium-sized enterprises still have the mentality that "only the big guys are targeted by hackers." However, the truth is completely opposite, small and medium-sized enterprises with limited security resources are the more vulnerable and easy prey.
According to Digital Transformation Expert Le Van Dung, General Director of AB Soft Technology Group Joint Stock Company, protecting digital assets requires a multi-layered defense strategy; in which each layer supports and strengthens the remaining layers. The first line of defense is people, also known as a strong human firewall. The foundation of any security system does not lie in expensive technology, but in the consciousness of people themselves.
According to cybersecurity experts, globally, more than 80% of cybersecurity incidents originate from human error. Human defense starts with basic actions, such as strong passwords by creating unguessable passwords and using multi-factor authentication; training employees to recognize phishing by training each employee to become a "sentinel" capable of recognizing increasingly sophisticated phishing emails. In addition, always remember the golden rule of installation: only install software from trusted, verified sources.
Mr. Ngo Viet Khoi, Information Security and Awareness Expert, former Country Director of Trend Micro Vietnam, said that businesses often spend billions on anti-virus software but forget to train employees. Hackers do not attack the system but attack the lack of knowledge of employees. Regular training on information security, considering it as part of corporate culture, is the cheapest and most effective way to defend.
A smart business doesn’t try to do everything itself. The second line of defense is to delegate some of the security work to the most highly skilled people. When using cloud services or reputable applications, businesses are not just renting software, but also a team of world- class security experts. So why not take advantage of the massive infrastructure, when large providers have invested millions, even billions of dollars in infrastructure, processes and people to do just one thing: help customers ensure security. In addition, operating servers and security yourself requires very deep expertise and is not a small cost, so for most small and medium-sized businesses, the safer and more practical option of renting services allows small and medium-sized businesses to focus resources on developing their core business.
The third line of defense is very important, which is data backup – a useful safety net. Even with the best defense systems, risks always exist. The third line of defense is the safety net that helps businesses get up and recover from any incident, especially ransomware attacks. By recognizing the risks and mastering the principles of proper backup, you will minimize the risk. Automation is an important feature for every business, especially manufacturing businesses. Never rely on human memory. Set up an automated backup process and don't forget to perform backups regularly, at least weekly or better yet, daily.
Finally, there is the line of defense of access restriction. This is a simple principle but its power is surprisingly great: Strictly control who is allowed to do what and see what in your system. The philosophy behind it is absolutely no granting of unnecessary rights. Each employee should only have a "key" enough to open the door of their work, no more, no less. By limiting access, the business minimizes damage if an account is accidentally taken over by a hacker from the outside. More importantly, this principle prevents risks from coming from within, whether accidental or intentional.
Faced with the above issues, Digital Transformation Expert Le Van Dung recommends that digital asset security is not only an internal business issue but has become a national security issue, requiring intervention and direction from the Government . Institutionalizing information security is truly a strategic step of the State; especially when including information security content in the Law. This helps raise awareness of compliance, forcing businesses to seriously invest in security and creating a solid legal corridor to handle violations.
"The legalization of information security is not to make things difficult for businesses, but to protect their assets and reputation. When digital asset security becomes a mandatory legal regulation, we will gradually eliminate loose 'loopholes' in the national economic system, create trust for foreign investors and promote healthier development of the digital economy," Mr. Le Van Dung emphasized.
For small and medium-sized enterprises, Information Security Expert Ngo Viet Khoi expressed his opinion that building a digital fortress must be practical, effective and suitable for specific resources such as prioritizing training with the least cost but bringing the highest efficiency. It does not require overly complex technology, but must strictly adhere to the separate backup rule. "Many small businesses think that security means buying expensive software. Wrong! Start by choosing a reputable cloud partner and performing off-site backups. Cloud providers have already taken care of infrastructure security, businesses only need to focus on data and human security. Consider information security as a service, not a self-built department."
Once you have mastered the four lines of defense, identifying the right places to prioritize action is the first and most important step to building a truly stronger digital fortress. Information security is not a destination, but a continuous journey that requires long-term commitment and investment.
Source: https://baotintuc.vn/khoa-hoc-cong-nghe/cong-uoc-ha-noi-phao-dai-so-cua-doanh-nghiep-viet-khong-chi-la-tuong-lua-ma-la-van-hoa-an-ninh-20251023075916611.htm
![[Photo] Prime Minister Pham Minh Chinh chairs meeting on railway projects](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/23/1761206277171_dsc-9703-jpg.webp)
Comment (0)