- 4 hours ago
As hybrid work becomes the new normal, businesses are facing growing challenges in managing and protecting their data beyond the office. In this session, Jason Sin from Synology discusses cyber resilience, remote work risks, business continuity, and what SMEs need to know to strengthen data protection in the working-anywhere era.
Category
đź—ž
NewsTranscript
00:00On separate news, as flexible work gains traction again in Malaysia,
00:04it's no longer just about working from home.
00:06It's changing how businesses access and manage data across locations, devices and networks.
00:12While this brings greater flexibility, it also raises a critical question.
00:16Are companies prepared to keep their data secure and recoverable
00:19when work is no longer confined to the office?
00:22The risks are real with the average data breach in Malaysia costing around RM3.2 million
00:27and some cases exceeding RM5 million in 2025.
00:32So today we look at how businesses, especially SMEs, can strengthen cyber resilience
00:35and ensure business continuity in this working anywhere era.
00:40So to discuss further, joining me in the studio right now is Jason Seen,
00:43the Country Manager for Malaysia Synology.
00:46Thank you so much, Jason, for coming all the way to our studio.
00:49Perhaps to start with the big picture, we see now, can you explain on how is hybrid
00:54and flexible working, actually reshaping the way businesses access,
00:59manage and also store their data today?
01:01And from a technology standpoint, when work moves beyond the office,
01:05what new demands does this place on companies in terms of visibility,
01:09control and also infrastructure as well at the same time, please?
01:12So actually, with a quick sharing about the how, sorry, thanks for having me here.
01:18No problem.
01:19So before that, I would like to have a quick sharing about actually how the company structure
01:23and before they go into the remote work.
01:25Yeah.
01:26So usually all the company data, right, if you want to access the data,
01:29you need to go to the company, connect to the network, you can only access.
01:33So because of the work from home, right, during the COVID period,
01:37so most of the people, they cannot go to the office, right,
01:40so they need to stay at home to work.
01:42Means that what they're going to do is company need to open their company data
01:46to the outside world so the user can only access the company data.
01:50So you can see when they open to the outside world,
01:53means that you also open the door for those hackers, right?
01:58Data breach.
01:58Data breach.
01:59So hackers can do anything to company data, which can cause your entire business to stop working.
02:06So this is opening data, become more accessible to the hackers, like you mentioned earlier.
02:16So what are the most critical data risk organizations face
02:19when employees are actually working across different locations and devices at the same time?
02:25And are businesses, are they estimating how exposed the data becomes once it moves outside the traditional office environment?
02:33Let's say if it opens the door, right, so actually I would say security is very important
02:38because quite some SMEs, I would say, because privacy is a closed environment, right,
02:44once they open, they have no idea how to protect their business data.
02:47So for example, like firewall, and before they had to go into environment, right,
02:52they don't have a system to protect all unauthorized access in their environments.
02:58Yeah, so...
02:59So like you mentioned, the access becomes more distributed,
03:03so risk comes naturally into play.
03:06And this brings us to shift our mindset.
03:09We often talk about cyber security,
03:11but increasingly the conversation is moving towards cyber resilience now.
03:16How do these two differ between cyber security and also cyber resilience?
03:22And in that context, how prepared are Malaysian businesses to not just prevent incidents,
03:27but respond to and recover from them?
03:30Okay, we talk about, just want to mention about cyber security and cyber resilience, right?
03:33Cyber security is more like, I would say, the prevention before things,
03:38how we prevent things happen.
03:41So like just to mention, right, usually, okay, before that,
03:44I would like to share, like, because a lot of users,
03:47they don't have the mindset of protecting the data.
03:50Okay.
03:51For example, okay, unauthorized access for their account.
03:55So once, okay, actually many users, they don't have the idea how to protect their,
04:01I mean, their credentialed data.
04:03For example, let's say you use a safe password plug-ins on the web browser.
04:07Sure.
04:08So actually, it's convenient for you.
04:10Actually, it's also convenient for the hacker.
04:12So the hacker can actually access your company environment through your computer device.
04:18Yeah.
04:18Same story, actually.
04:22Same story, right?
04:23They actually can access all your company data through the things.
04:27And also, like, let's say you are using the email, right?
04:30Sometimes there's a malware inside.
04:31Yeah.
04:31So once you open the file, actually, that's the, what we call it, is the key.
04:35The software is actually coming from the hacker.
04:38So the hacker can actually use that portal to access your company data.
04:42So once you already enter your company data, right, they'll encrypt all your company data,
04:46and then they'll ask you for money.
04:47And they'll even stop your entire company operations.
04:51So the next thing is, once you already got this happen, right, it's about cyber resilience.
04:55How are you going to recover your company operation as fast as possible?
05:00Because your company stopped operating for, for example, like one minute, right,
05:03it may cost you millions or billions of dollars of the monetary loss, actually.
05:08And it's pretty concerning because all this happens on Hazard without us realizing,
05:14and we just want to get things done.
05:16So let's narrow down further.
05:18Now, what are SMEs actually particularly vulnerable when it comes to data protection
05:22and also cyber risk?
05:23Is it simply a resource challenge or are there deeper gaps in awareness and also readiness?
05:29Understood.
05:30Okay, actually, for backups, right, we talk about our cyber resilience,
05:33we're going to talk about backup solutions.
05:36So actually, backup, for company perspective, to be honest, is just like an insurance.
05:42So without incident happen, you won't see the benefit for having the backups.
05:47So from the company perspective, it won't generate ROI for the company.
05:52So they will try to minimize the expenses for the backups.
05:57But for SMEs, they want to save the cost because they don't have so much IT funding
06:01to host the backup solution in their company.
06:04And then the second thing is because they never encountered the cyber attacks, right,
06:09so they don't feel that, eh, why should I, I mean, propose a backup solution,
06:14I mean, apply that backup solution in my company.
06:17Yeah.
06:18So usually they, when, even though we propose that, eh,
06:20your company should apply backup solution.
06:22Then they say, hmm, for so many years already, I've done any issue in my company.
06:26Why should I apply the backups?
06:28So usually backups is like an insurance, I mean, that only when things happen,
06:33you only feel the importance of the backups.
06:37Yeah.
06:38There's this saying that says it's better to prevent than cure, right?
06:41So this is where it becomes more than just a tech issue.
06:45Why should data protection to be seen as a business continuity priority
06:49rather than just an IT function?
06:52In other words, are the real business consequences when data is lost,
06:56compromised, and unavailable?
06:58So we talk about, okay, when your company's data is breached, right,
07:01usually it will affect your business operation because, for example,
07:04let's say you've got a project that you need to submit by next week.
07:08Suddenly, your environment being attacked, so all your data has been uncreated.
07:13You need to pay the money so you can get the password or you can get the data back.
07:16Okay.
07:17But next week is your deadline, so suddenly all your projects stop,
07:21so you cannot do the things.
07:22Okay.
07:22The second thing is your whole company environment is already affected.
07:26Even that your door access, everything cannot use.
07:29So you can see we can, I mean, the attack will affect your entire company operation stop.
07:36Yeah.
07:36So backup is really, really, very, very, very important.
07:40So other solutions that we see that many businesses now have turned to cloud solutions
07:45as part of this shift, but let's unpack that assumption.
07:49Does moving to the cloud automatically ensure data is secure or is there a false sense of safety?
07:55And what are some of the gaps businesses may not realise that they still need to address?
08:00Actually, moving all data into a cloud doesn't mean safe.
08:04Yeah.
08:05I always say that not really safe because usually when you go to the cloud, there's a remark under there.
08:10They say that you need to pay the responsibility for your own data.
08:14So you need to perform backups because anything happens, they cannot help you to recover the solutions.
08:20So the second thing is usually for backups, right?
08:24We not only need to protect the data from the attack.
08:27Sometimes we also need to protect like accidental human data deletions.
08:32Sometimes you actually click the save button.
08:34Yeah.
08:34Then all your data is already overracked.
08:36Or the second thing is many companies need to aware is something called internal sabotage.
08:41Okay.
08:42This one is very scary.
08:43I mean like especially SME usually happens in internal sabotage.
08:46Let me show you an example.
08:47Let's say an employee cannot lay off.
08:50So he's very mad to the company.
08:52So before he leave, he delete all the data.
08:55Oh no.
08:55Yeah.
08:55So it's very scary.
08:56I don't recommend people to do that.
08:58Yeah.
08:58But so this is why we need to do backup.
09:00And another thing is, okay, just going to talk about is the first layer, right?
09:04The second layer is the IT admin.
09:06Okay.
09:07Okay.
09:07So let's say the, I mean the high level people, the IT admin, they cannot lay off.
09:12So what they do is they can factory reset your whole environment.
09:15And this actually happened in real world?
09:17It's quite often to be honest.
09:19Yeah.
09:19So actually many, many business, right?
09:21They didn't aware of it.
09:22They just look at the front like, oh, how I protect my data from the ransomware.
09:25But they also forget to protect their data from that manager.
09:29The IT, I would say the internal, the high level manager because they can do a lot of things inside.
09:35So they can also become a potential cyber threat to the environment.
09:39Yeah.
09:40So actually when we choose the backup solution, right, it's very important.
09:44So you need to choose those right solutions.
09:47Not only can protect the data from the outside, the attack from the outside.
09:50We also need to choose the solution that protect from inside.
09:54So actually to actually mitigate the risk, what are the first practical steps businesses, especially SMEs, should actually take to
10:02strengthen their data production?
10:04And for companies that are just starting this journey, where should they prioritize to get the most immediate impact?
10:10Okay, we talk about the correct, I would say sharing and sharing.
10:14The best practice to do the backup, I mean the protection in your environment is, okay, we talk about user
10:20credential first.
10:21So I believe like usually nowadays you use like credit card and everything.
10:25There's something called OTP.
10:26Okay.
10:27The six pin, right?
10:27That one is very important because usually when the hacker attacks your system, first they got access for your user
10:33credential.
10:33So they can use your account, attack your environment, yeah.
10:38So to avoid the unauthorized access, you need to enable OTP for all your business environment, including the user.
10:44So if you're using OTP, right, actually the user don't need to key in the password.
10:49So you've got the apps, you've always got the OTP pin reset every 20 seconds.
10:54Okay.
10:54So we can ensure only the red person can access the account.
10:57Okay.
10:57The second thing is, I know certain companies, they don't want to use the OTP, they think it's not convenient.
11:02So I would recommend all the users, including, especially the ITM, please don't use any kind of like safe password
11:10plug-ins.
11:11Yeah, it's very convenient to be honest.
11:12It's also convenient for the hacker.
11:14So usually they can use your computer, use your plug-in to access your system.
11:19So try avoid using this kind of, all this kind of like safe password things.
11:24Yeah.
11:24So the second thing is, yeah, we also got a firewall.
11:27You must apply firewall in your business environment.
11:29So firewall is actually like the security guard.
11:31Who are you?
11:33Where do you want to come to my environment?
11:34What kind of service you are looking for?
11:36So if you are not an unauthorized user, they will block your access and also inform the ITM that there's
11:42an unauthorized access coming from certain IP, certain location.
11:46Yeah.
11:46So ITM can be aware of it.
11:48Yeah.
11:49All right.
11:49So based on our discussion earlier, we know that as businesses continue to embrace flexible work, one thing is clear,
11:55data is no longer confined to the office and neither are the risks.
11:58So building cyber resilience, strengthening data protection and ensuring business continuity are no longer optional.
12:04They are essential for survival in a digital first world.
12:06So I would like to say thank you so much to Jason Sin, the country manager for Malaysia Synology, for
12:11your insights and time.
12:12So next question.
Comments