INCREASING RANSOMWARE & CYBER ATTACKS IN CHINA?

28 四月 2022

 

Legal & IT Solutions

 


Wang Jing & GH Law Firm & Exprivia China aim to provide consultation in IT security and legal assessments, cybersecurity assessments, IT risk assessments, or vulnerability risk assessments, which are critical for finding security vulnerabilities in your organization. Without a security risk assessment, security and recovery programs are incomplete and ineffective. Conducting regular vulnerability assessments from both legal and IT perspective can lower the risks of security disasters and potentially prevent your organization to face the legion of consequences accompanying a security breach.


(D) Are companies required emergency measures for security incidents?
(A) Organizations are required under various laws to take measures to monitor, detect, prevent, or mitigate cybersecurity incidents. The Cybersecurity Law (“CSL”), the Data Security Law (“DSL”), the Personal Information Protection Law (“PIPL”), the Regulations on the Security Protection of Computer Information System, and other relevant laws and regulations provide the legal measures that any person must consider when facing cybersecurity incidents. 


(D) What is the preventive maintenance to take place?
(E) Organizations are required under various laws to take measures to monitor, detect, prevent, or mitigate cybersecurity incidents. The Cybersecurity Law (“CSL”), the Data Security Law (“DSL”), the Personal Information Protection Law (“PIPL”), the Regulations on the Security Protection of Computer Information System, and other relevant laws and regulations provide the legal measures that any person must consider when facing cybersecurity incidents. 
These legal duties are extensive and consider different issues: security measures, such as the installation of anti-virus software, use of beacon and honeypot, and regular employee training; emergency measures, such as the implementation of an emergency plan to give a prompt response to any security risks. Other measures provide for an after-action review and cyber threats recordings, cybersecurity breaches report, and the notification of affected individuals. 


(D) What are the consequences of non-compliance?
(A) Violation of these laws can bring administrative fines, confiscation of illegal income, suspension of business, or revocation of business license.
Besides the above-mentioned laws and regulations, China also takes a sectoral approach to the protection of information security. For example, industries or sectors such as telecoms, credit reporting, banking and finance, automobile, and insurance are subject to some specific requirements concerning the protection of data, prevention of information leakage, and emergency response to cybersecurity incidents.

 

Actions

 

Centralized IT System

Implement one or a platform in which all business-related data could be stored and managed under the control of the company.

Data Localization analysis

In order to clearly map where the data are located and very useful if the company is using cloud/external services or software databases located in partners/suppliers' datacenters.

Data classification and grading

Clarifying how to classify information including general, sensitive, and private personal.

Protection mechanisms 

By using special software and tools is possible to guarantee a high standard to safeguard passwords, authentications, and authorizations.

Conduct a data risk assessment 

To check the level of security risks the company is facing with the help of dedicated software and cybersecurity experts.

Regular Training

Ensure that the employees have the right knowledge on data security handling and risk prevention.

Conducting security risk assessments can improve your organization’s security and maximize your business continuity, profitability, and growth. Contact us for a FREE consultation at: lucini@wjngh.cn (Wang Jing & GH Law Firm) and simone.ciampi@exprivia.cn or antonio.puca@exprivia.cn (Exprivia).

 

Copyright ©2016 by China-Italy Chamber of Commerce
Website Maintenance China | flow.asia
京ICP备06006969号-1

加入中国意大利商会

成为我们超过500个意大利及外国企业这个网络体系中的一员. 通过赞助商、合作以及在我们的官方网站上投放广告从而使您获得更高的知名度。

了解更多