Hay Laline is the Electronic Security System (ESS) Division Manager at Global Security Solutions (GSS), a company specialising in providing the latest electronic security solutions and highly trained security officers. He discusses the security considerations that all SME owners in Cambodia should keep in mind and the cybersecurity standards prevalent in Cambodia’s banking sector.
B2B: What are the most common cybersecurity threats that companies are exposed to in Cambodia?
Laline: Technology is advancing very quickly, but so is cybercrime and the risks that we are exposed to. In Cambodia, the most common threat is phishing, which can lead to identity theft and provides criminals with a backdoor to the information of organisations. Skimming is also very big in the ATMs of the capital. You need to be particularly cautious in a handful of spots, like the Riverside or in shopping malls, which are hot target areas for skimming.
B2B: What can SME owners do to reduce risk?
Laline: First of all, we always advise companies to use licensed software. Besides this, companies need to develop a thorough and efficient plant to protect their data. These are a few examples: always keep your firewall on, set antivirus and anti-malware applications to automatically update, conduct regular scans to detect malware, and backup your data regularly. It is also very advisable to use complex passwords and change them often, as well as to make sure those passwords are secured. Many people just write them up in a piece of paper which is then left exposed. Don’t do this. We also tell companies to set up different accounts for each level of authorisation. For example, an ‘Admin’ user has unrestricted access to the data and the system’s configuration, while a standard user has limited access.
B2B: What would a complete and effective security solution for an SME located in Phnom Penh look like? Would would be the upfront investment involved?
Laline: This really depends on the business’s individual needs. But, generally speaking, companies operating in the capital should firstly consider hiring guards. Manpower is very important in a Cambodian context. When it comes to electronic systems, business owners would be wise to prioritise a CCTV system that can capture any delinquent activity happening in the premises of the company. An intrusion alarm system is also highly advisable. This will trigger an alarm is someone breaks into your building. An access control system should also be looked into to limit access to your premises. You asked me about the investment. It’s hard to give you a concrete figure as each program we designed is tailor-made taking each individual company’s needs into consideration.
B2B: Do you see banks in Cambodia having proper security controls to protect their customers against phishing, skimming, identity theft and the other cybercrimes?
Laline: I think it’s a work in progress. To be effective at preventing these crimes you need to have the right human resources, qualified staff, and a comprehensive personal security architecture under direct control. Some banks have very minimal security controls, particularly the smaller microfinance organisations. Obviously, if a bank’s security is not tight enough, it becomes vulnerable.
B2B: What can banks do to reduce the risk of cybercrime and help customers stay safe?
Laline: Banks need to put the emphasis on strengthening their IT security systems, making sure that their facilities and software are as up-to-date as possible. They need to work on developing stricter programs to protect their servers and data centers. It is imperative that a system is in place to alert customers in case any suspicious activity is detected, such as someone else trying to log into their account, or someone trying to log in from an unregistered device. There should also be a system in place inhibiting access to the account if the password is input incorrectly more than three times. Finally, they should be using VPN connections to hinder access to their network for hackers.
Q: Cambodia is known to have very high piracy rate. What are the risks of running your business on pirated software, instead of original?
Laline: First of all, when you use pirated software you make your company more vulnerable to the attacks of cybercriminals. Secondly, while installing counterfeit software, you run the risk of corrupting or severely damaging your data. You even run the risk of having your system become inoperable altogether.
This interview has been edited for length and clarity.