Plug data breaches before hackers strike

A law to require companies to report data breaches would be a step in the right direction ("Call to mandate reporting of data breaches"; Aug 26).

It would be too late to do anything after hackers strike and post personal data online.

For most people, data breaches are merely occasional inconveniences.

If a credit card number is stolen, a person can get a new card.

If a password is compromised, users can change it.

But every time data breaches are met with no more than a collective shrug, companies are vindicated in their decision not to devote more attention to data security.

This attitude is dangerous.

Imagine if what happened to the Ashley Madison website ("Hackers post data of Ashley Madison clients"; Aug 21) happened here.

It could destroy families and end careers.

It was a wake-up call for companies to start taking security more seriously and to report breaches immediately after they are discovered.

This is necessary to protect consumers and customer data, establish consistency in procedures, help companies guard against cyber attacks, and bring about more clarity on the amount of data lost.

This will enable businesses to improve efforts to prevent breaches and proactively prepare and ensure that they have sufficient security structures and controls.

People need to be more aware of cyber security.

Looking into how attacks happen is the only way to prevent them.

Francis Cheng

A version of this article appeared in the print edition of The Straits Times on September 15, 2015, with the headline 'Plug data breaches before hackers strike'. Print Edition | Subscribe