English 
正體中文 
In response to the information security challenges posed by the rapid advancement of digital transformation, cloud services, and artificial intelligence (AI), cybersecurity has become a critical factor in sustainable business operations. The “Talent Development Seminar,” organized by the Industry-Academia Collaboration Alliance for Business Management and Development at Yuan Ze University, was held on May 29 at Building III of the University.
Cybersecurity expert Chih-Wei Kuo was invited as the keynote speaker and delivered a talk titled “Small and Medium-Sized Enterprises Can Also Achieve Strong Cybersecurity!” The event attracted more than 20 participants, including corporate executives, alliance members, and faculty and students, who engaged in discussions on enterprise cybersecurity protection and digital resilience.
Chih-Wei Kuo pointed out that as hacking tools had become increasingly sophisticated and highly automated, small and medium-sized enterprises had already become major targets of cybercrime. In recent years, industries such as manufacturing, engineering consulting, electronics, and healthcare, both domestically and internationally, had experienced cyberattacks. Moreover, cybercrime had evolved from traditional ransomware to “double extortion,” in which hackers first stole confidential corporate data before demanding payment, exposing companies to greater operational and reputational risks.
Kuo emphasized that the core of enterprise cybersecurity management was not the pursuit of zero risk, but the establishment of rapid recovery and operational continuity. He analyzed that most cybersecurity incidents did not result from highly complex technical attacks, but rather from everyday management oversights, such as employees clicking on phishing emails, using weak passwords, failing to enable multi-factor authentication (MFA), and neglecting regular system and software updates. Cybersecurity isn't just IT's responsibility; it should be part of overall corporate governance, with institutional measures and broad participation to reduce operational risks.
Addressing the common challenge of limited budgets faced by small and medium-sized enterprises, Kuo recommended prioritizing three high-impact measures: fully implementing multi-factor authentication (MFA), regularly updating systems and software, and continuously promoting cybersecurity education and training for employees. Among these, multi-factor authentication was regarded as a cost-effective and highly efficient protective mechanism that significantly reduced the risk of account compromise.
In addition, he introduced the internationally recognized “3-2-1 backup rule,” encouraging enterprises to establish comprehensive data backup and disaster recovery mechanisms to ensure that operations could be quickly restored in the event of cyberattacks or system failures. In response to risks arising from the rapid development of AI technologies, such as deepfake fraud, he suggested that enterprises establish cross-channel verification procedures and regularly inventory information assets to strengthen overall cybersecurity protection and operational resilience.
During the discussion session, several corporate representatives shared practical experiences, including implementing access control management, regulating visitor devices, regularly replacing IT equipment, and reviewing password management policies. Kuo further noted that for small and medium-sized enterprises, establishing a complete backup system and disaster recovery capability was far more important than paying high costs after an incident. Regarding the increasingly common issue of network printer intrusions in recent years, he advised enterprises to shut down devices and disconnect them from external networks during non-operational hours to reduce potential risks.
Po-Chien Li, Executive Director of the Industry-Academia Collaboration Alliance for Business Management and Development at Yuan Ze University, stated that cybersecurity was comparable to corporate health management. It required not only clearly defined regulations and standard operating procedures, but also regular inspections, internal controls, and continuous education and training to gradually establish a robust protection system. He further noted that the alliance would continue to leverage industry-academia exchange platforms to introduce practical industry experience and the latest management knowledge, assisting enterprises in staying abreast of business trends, enhancing competitiveness, and strengthening their ability to respond to challenges in the digital era.
