Cyber Brew

Share this post

Cyber Brew
Cyber Brew
Will Small Businesses be Affected by Malaysia's New Cyber Security Act 2024?
Copy link
Facebook
Email
Notes
More

Will Small Businesses be Affected by Malaysia's New Cyber Security Act 2024?

Sivanathan
Jun 27, 2024
5

Share this post

Cyber Brew
Cyber Brew
Will Small Businesses be Affected by Malaysia's New Cyber Security Act 2024?
Copy link
Facebook
Email
Notes
More
Share

Hello Friends,

Recently, a few of my SME and small business owner contacts have asked me about the impact of the new Cyber Security Bill on their businesses. I decided to dive deep into this matter in this edition. The bill doesn’t explicitly target small businesses, but there are a few ways it could affect them, especially if they’re part of the national critical information infrastructure (NCII). Let’s break it down.

Potential Impacts on Small Businesses

There are several key clauses in the law that will potentially impact SMEs or small businesses:

  1. Designation as NCII Entities:

    • Clause 17 allows a sector lead to designate any entity, including small businesses, as an NCII entity if they own or operate NCII. This means small businesses could be required to meet the same stringent cyber security obligations as larger organizations.

  2. Compliance with Cyber Security Standards:

    • Clause 26 mandates NCII entities to implement specific measures, standards, and processes for cyber security. Small businesses designated as NCII entities will need to adhere to these requirements to ensure their infrastructure’s security.

  3. Reporting Cyber Security Incidents:

    • Clause 28 requires NCII entities to notify the chief executive of NACSA and sector lead of any cyber security incidents. Small businesses falling under this category will have to report incidents promptly.

  4. Licensing of Cyber Security Service Providers:

    • Part VI deals with licensing cyber security service providers. Small businesses providing such services might need to comply with new licensing requirements.

So What about Small Businesses that are Not Designated as NCII?

Even if not directly designated, small businesses could still feel the act’s effects through their connections with NCII entities. Here's how:

  • Compliance Requirements: NCII entities may pass down cyber security standards to their supply chain partners (such as SMEs and small businesses) to ensure overall security.

  • Contractual Obligations: Contracts with NCII entities might include specific cyber security requirements that SMEs and small businesses will need to meet.

  • Information Sharing and Incident Reporting: Supply chain partners (such as small businesses and SMEs) might be required to share cyber security incident information with NCII entities.

  • Cyber Security Assessments and Audits: NCII entities could conduct cyber security audits of their supply chain partners (such as SMEs and small businesses) to ensure compliance.

Thanks for reading Cyber Brew! Subscribe for free to receive new posts every Thursday.

Steps for Small Businesses to Align with the Law

If you are an SME or small business owner and you operate in an NCII ecosystem (be it designated or part of the broader supply chain), you should:

  1. Understand the Requirements:

    • Familiarize yourself with the cyber security standards and obligations in the bill and those imposed by NCII partners.

  2. Conduct a Cyber Security Risk Assessment:

    • Identify potential threats, evaluate their impact, and prioritize measures to mitigate risks.

  3. Develop a Cyber Security Policy:

    • Establish a policy covering access controls, data protection, incident response, and employee training.

  4. Implement Cyber Security Controls:

    • Use firewalls, anti-malware software, encryption, regular updates, and secure backup procedures. Enforce strong password policies and access controls.

  5. Train Employees:

    • Educate staff on recognizing phishing attempts, using strong passwords, avoiding suspicious websites, and reporting security incidents.

  6. Establish Incident Response Procedures:

    • Document procedures for detecting, containing, eradicating, and recovering from incidents.

  7. Regularly Update and Patch Systems:

    • Keep systems and applications up to date with the latest security patches.

  8. Engage with Cyber Security Professionals:

    • Seek advice from cyber security experts to assess security posture, identify gaps, and implement best practices.

That said, compliance aside, SMEs and small businesses will still greatly benefit from implementing these security measures since statistics show that the majority of cyber attacks target SMEs.

Until next week, folks!

Cheers,
Sivanathan

5

Share this post

Cyber Brew
Cyber Brew
Will Small Businesses be Affected by Malaysia's New Cyber Security Act 2024?
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2024 Sivanathan
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More