Education and awareness for cybersecurity are very crucial. As part of capacity-building, a separate department has to be made which can publish all the information, concerns and policies related to cybersecurity. We also need to focus on social engineering as it is the biggest factor with regards to privacy or security of the data.
The policies have to be implemented in actions and should not remain only on paper. The implementation will take time, but in case of breach blame game is not going to work. We can’t just blame others and give up our responsibilities. Security is a journey, not destination. It is a continuous process which we have to work through.