What Hong Kong SMBs need to know amidst BYOD and mobility

According to the 2nd annual "Report on Hong Kong SME Cloud Adoption, Security & Privacy Readiness Survey" compiled by the Internet Society Hong Kong and Cloud Security Alliance (HK & Macau Chapter), close to 83% of surveyed companies are utilising or planning to utilise Cloud services in the year ahead, a significant increase from the 55% reported in the previous year.

The two Cloud services mostly used among Hong Kong businesses are email and data storage with nearly all businesses using Cloud-based emails to run their day to day activities.

With the recent uptake of employee Bring Your Own Device (BYOD) programs in Hong Kong, it is important for businesses to recognise the risks that come with the adoption of Cloud services. Keeping business critical information secure from hackers while successfully maintaining a BYOD or work-from-home program remains a key challenge for many SMBs.

Ten years ago, Hong Kong became one of the first developed financial markets to establish Two-factor Authentication (2FA), enabling Internet banking to flourish in a safe and secure environment. Yet, it is only recently that multifactor authentication has become the norm (both Apple and Snapchat have recently added 2FA to their login process), and increasingly, the law.

Since August 1, the European Banking Association (EBA) now requires multifactor authentication customer authentication when collecting payments for online transactions. Other markets, such as Singapore, have or are likely to issue similar regulations in the coming years.

For businesses looking to implement multifactor authentication, here are the top five tips we've gathered:

1. Keep track of regional restrictions

Each country works differently and understanding local regulations is important in ensuring the smooth transmission of SMS messages. France, for example, requires alphabetic sender IDs, while Germany only allows individuals and businesses with a physical presence to qualify for a phone number with a local area code. Refer to knowledgebases to make sure you are taking regional restrictions into account.

2. Watch for non-mobile numbers

There are many scenarios where SMS messages simply will not work. The vision-impaired or people without access to cell phones are prime examples. To address this, introduce a text-to-speech option instead. Also, fraudsters have a inclination to use VoIP numbers, so be cautious with them.

3. Be culturally aware

Implementing multiple language support is easy but is an important detail that is often overlooked. Also know what you pay for – more likely than not, inexpensive translations are also poor translations that may lead to poor customer experiences. For example, in India response rates are highest when sending messages in English.

4. Timing is key

Make sure to include time algorithms like RFC6238 that will automatically void verification codes if they are not used within an adjustable time period. If you do not void your codes within a reasonable amount of time (5 minutes is generally advisable), you are allowing spammers to collect your codes and infiltrate your service.

5. Keep an eye on conversion rates

After you have had your multifactor solution up and running, look at your conversion record and adjust accordingly. Is your timing window too small? Are your pin codes too long? Security is critical but so is user experience.

SMBs are the driving force of Hong Kong's economy. According to the latest Hong Kong Government 2015-16 Budget, there are 320,000 SMBs in Hong Kong, accounting for 98% of total local enterprises and employing 50% of the private sector workforce.

As trends such as BYOD and mobility continue to become the norm, ensuring enterprise security is no longer the sole concern of multinationals or large organisations but also a top priority for Hong Kong SMBs. Only by running daily operations in a secure and authenticated environment will SMBs be able to reap the benefits of their broader business strategies and initiatives.