Menu
Thu, July 31, 2025

Nepal’s Data Security Crisis: 15 Organisational Weaknesses and 10 Expert Solutions

B360
B360 July 30, 2025, 5:47 pm
A A- A+

The digital era has swept through Nepal at a remarkable pace, with both private and governmental organisations embracing information technology. Yet insufficient vigilance over personal data protection places these entities at considerable risk.

Recent assessments by Chiranjibi Adhikari, Cybersecurity Policy Expert and CEO of One Cover (Dedicated Cybersecurity Company in Nepal), and Senior Vice President of Federation of Computer Association Nepal (CAN Federation), highlight widespread weaknesses in the nation’s data security practices.

Chiranjibi-Adhikari, Cybersecurity-Policy-Expert-and CEO-of-One-Cover-1753876631.jpg
 


Data Security Status of Nepali Organisations: 15 Major Weaknesses

1.    No Data Protection Officer (DPO) appointed
2.    Insufficient understanding of national and international data protection laws
3.    Absence of formal data classification processes
4.    Poor consent management with customer data used without explicit permission
5.    Underinvestment in cybersecurity tools such as firewalls and antivirus software
6.    No routine data security audits
7.    Lack of an incident response plan for data breaches
8.    Reliance on unsecured channels, including personal messaging apps and unencrypted email
9.    Inadequate employee training on information security
10.    No risk assessment for cloud services or review of service-provider agreements
11.    Weak password policies and reuse of credentials across systems
12.    No policy governing data retention and deletion
13.    Failure to deploy advanced security technologies, such as DLP and SIEM
14.    Banks and telecom operators marginally more aware owing to regulatory oversight
15.    Growing digital transformation post-COVID-19 beginning to spur greater awareness

10-Point Recommendations for Improvement

1.    Appoint a qualified Data Protection Officer
2.    Establish and document a comprehensive data security policy
3.    Mandate regular cybersecurity training for all staff
4.    Classify sensitive data and apply strong encryption
5.    Enforce role-based access control and two-factor authentication
6.    Conduct periodic audits and continuous monitoring of data use
7.    Develop a clear, tested data breach response plan
8.    Utilise secure communication channels such as encrypted email and vetted cloud services
9.    Define and implement data retention and secure deletion schedules
10.    Adopt and align with international standards, including GDPR and ISO/IEC 27001, alongside forthcoming Nepalese legislation

Rising Risk of Cyber Attacks: Nepali Organisations in Crisis

Cyber incidents in Nepal have surged, impacting sectors from finance to healthcare. As global cyber-crime inflicts billions of dollars in losses annually, Nepali businesses now face a relentless threat. Without swift and robust action, these attacks will continue to undermine trust and financial stability across the economy.

Top Five Cyber Attack Methods

1.    Web-application vulnerabilities such as SQL injection, XSS and remote file inclusion
2.    Network-level exploits, including man-in-the-middle attacks over Wi-Fi or LAN
3.    System-software flaws targeting outdated operating systems with ransomware
4.    Hardware deficiencies leading to device-level data breaches
5.    Social engineering tactics designed to deceive users into installing malware

Attributing Fault for Cyber Attacks

While software vendors, service providers, employees and network operators each bear some responsibility, the crux of the issue lies in the absence of regular cybersecurity assessments, insufficient security audits and a pervasive gap in awareness and education. Organisations must take ownership of their security stance rather than deflect blame.

Tips for Users to Avoid Cyber Attacks

• Create strong, unique passwords combining letters, numbers and symbols
• Enable two-factor authentication wherever possible
• Avoid conducting sensitive tasks over public Wi-Fi networks
• Do not reuse passwords across multiple accounts
• Check for compromised credentials at haveibeenpwned.com
• Install and regularly update firewall and antivirus software
• Keep operating systems and applications fully patched
• Treat passwords as confidential and never share them

Conclusion

As Nepal advances into the digital age, safeguarding data has become imperative. A secure digital future demands not only a robust legal framework and institutional reforms but also public education at every level. Only then can Nepali organisations mitigate cyber risk and inspire confidence among stakeholders.

The Personal Data Protection Policy of Nepal: 

Published Date:
Post Comment
E-Magazine
June 2025

June 2025

Click Here To Read Full Issue