Data Safety Still a Dream in Nepal?

Kathmandu – With the rapid advancement of the digital age, the use of information technology in Nepal is growing at an unprecedented pace. However, private and government organizations’ lack of necessary caution in personal data protection poses a significant risk. Recent studies and evaluations by cybersecurity experts indicate that many organizations in Nepal are weak in their data security practices.
The proposed Personal Data Protection Bill in Nepal is still in the implementation phase, but institutional preparation for it appears minimal. The increasing number of cyber attacks in Nepal in recent years has instilled fear among the general public and large companies alike.
Data Security Status of Nepali Organizations: 15 Major Weaknesses
Cybersecurity experts have identified the following 15 major weaknesses in Nepali organizations:
- Lack of Data Protection Officer (DPO): Most organizations have not designated a responsible person for data protection.
- Lack of Legal Knowledge: Organizations lack information about national and international data protection laws.
- No Data Classification: There is no practice of separating sensitive data.
- Weak Consent Management: Data is used without explicit consent from customers or users.
- Lack of Investment in Cybersecurity: The use of essential security tools like firewalls and antiviruses is very low.
- Absence of Regular Audits: There is no practice of regularly auditing data security.
- No Incident Management Plan: There is no plan on how to respond if a data breach occurs.
- Use of Insecure Communication Channels: Sensitive information is sent through personal messaging apps or emails.
- Lack of Employee Training: Employees are not trained on information security.
- No Risk Assessment for Cloud Services: Security terms are not reviewed when signing agreements with service providers.
- Weak Password Policy: Weak passwords and the use of the same password across all systems are common.
- No Data Deletion Policy: There is no policy on when to remove unnecessary data.
- No Use of Security Technologies: Technologies like DLP (Data Loss Prevention) and SIEM (Security Information and Event Management) are not used.
- Banks and Telecom Sector are Slightly More Aware: Due to regulatory bodies, they are comparatively ahead in security.
- Digital Transformation is Increasing Awareness: Post-COVID-19, some organizations have started focusing on data security.
Rising Risk of Cyber Attacks: Nepali Organizations in Crisis
Recent cyber attacks in Nepal have affected businesses across all sectors. From financial institutions to healthcare providers, all are becoming targets of attacks. Cyber attacks, which cause billions of dollars in damage globally, have now become a regular challenge in Nepal.
Top 5 Cyber Attack Methods:
- Web Software Vulnerabilities: Data theft through attacks like SQL Injection, Remote File Inclusion, XSS.
- Network Layer Weaknesses: Password theft via Wi-Fi or LAN (Man-in-the-Middle).
- System Software or OS Vulnerabilities:Ransomware attacks on old or un-updated systems.
- Hardware-Level Weaknesses: Potential data leakage due to device flaws.
- Social Engineering: Attempts to trick users into installing malware.
Whose Fault Are Cyber Attacks?
Partial blame can be attributed to software manufacturers, service providers, company employees, or network providers.
However, the most significant reasons are the lack of Regular Cybersecurity Assessment, Information Security Audit and Lack of Awareness & Education
Tips for Users to Avoid Cyber Attacks:
- Use Strong Passwords: Use passwords that include alphanumeric characters and special symbols.
- Use Two-Factor Authentication (2FA): Employ an additional layer of security beyond just a password.
- Avoid Open Wi-Fi: Do not perform sensitive activities on public Wi-Fi networks.
- Use Different Passwords: Do not use the same password for all accounts.
- Check for Password Compromise: Get information from https://haveibeenpwned.com.
- Use Firewall and Antivirus: Regularly update them for system security.
- Keep Software Updated: Regularly update your OS and all apps.
- Keep Passwords Confidential: Do not share your passwords with anyone.
Conclusion:
As Nepal enters the digital age, data security and cybersecurity have become extremely important issues. A secure digital future is not possible without building a legally robust system, making institutional improvements, and raising public awareness.

About Chiranjibi Adhikari
Mr. Chiranjibi Adhikari is a Cybersecurity Policy Expert & CEO of One Cover Private Limited, which is a Dedicated Cybersecurity Company in Nepal. He is also the Senior Vice President of the Federation of Computer Association Nepal (CAN Federation).