Earlier this year, Singapore experienced its worst data breach ever. National healthcare group SingHealth suffered a cyberattack that compromised the personal details of about 1.5 million patients.
Besides a damaged reputation, companies that fail to safeguard customer data can expect to pay a heavy price. In Singapore, this means fines of up to $1 million for failing to uphold the Personal Data Protection Act. Penalties can be even harsher in other regions.
The SingHealth case was hardly an isolated incident. Between 2016 and 2017, cybercrime cases grew from 15.6% to 16.6% in the island nation.
Part of the reason for this increase is accessibility. With digitalization, it's now easier than ever for cybercriminals to access important data. Cybercrime can affect any digital asset a company owns, whether it's stored on internal servers or cloud-based systems. This means keeping such digital assets safe is vital for any business.
What Are Digital Assets?
According to Daryl Pereira, partner and Head of Cybersecurity Consulting at KPMG Singapore, the term digital asset refers to anything stored digitally that’s of value to you or your customers. “This comprises both the data and underlying IT systems that are mission-critical to the ongoing operations of an organization,” he says.
Data: Files in various formats, such as Word, JPEG, PDF, MP3 and MP4
Systems: A business’s contact database management or CRM solution, apps owned by the company, etc.
As cyberattacks become increasingly common and sophisticated, make sure your business’s digital assets are protected.
Here are the steps to take.
Create an Environment Conducive to Security
Company-wide policies – Have policies in place governing how staff use technology in the workplace. This is especially important given how common it is to bring your own device (BYOD) to work today. BYOD employees must only download apps from manufacturer-approved stores, such as Google Play or App Store, and transfer important files using secure, company-approved cloud apps and solutions.
Troubleshooting resources – Create a document detailing the steps to take if employees are unclear about any potential security risks. In the document, list the tools and resources employees can use and where to find them. Also include the contact details of IT personnel – such as the helpdesk, a dedicated online forum or particular contact person – they can reach out to if they have further queries. Try to foster an environment where employees are comfortable asking even basic questions.
Be Proactive to Prevent Cyberattacks
Firewalls – Employees often access non-work-related websites on office computers and devices. Some companies enforce strict policies on such usage, which can create an atmosphere of distrust. An unsuspecting employee may click on a rogue website that runs malicious codes or auto-downloads spyware to their computer. This can then be used by hackers to gain access to that computer and any data stored on it or to the networks it's connected to. When a computer or device is compromised, the company’s assets are at risk. Implement a network security system, typically involving a firewall, which prevents employees from visiting sites that might compromise their computer.
Install antivirus software – While firewalls are a good starting point for security, Pereira says that attacks are becoming increasingly sophisticated. To stay one step ahead of cybercriminals, a multifaceted approach is needed. Companies need to protect their digital assets against threats like malware, phishing, and ransomware. Products from cyber security market leaders like McAfee or Norton are generally very effective as the first line of defense. Your company’s IT personnel should be able to provide recommendations that are more suited to your specific business needs. If not, consult a security expert.
Ensure Employee Awareness
Having all the right tools and resources is pointless if your employees don’t understand their importance. They will simply ignore them, which can be dangerous. “Cyber security is a business issue, not an IT issue. Its impact will be felt by the business leaders and teams who use any technology or data that is subjected to an attack,” Pereira says.
Explain the security policies around digital assets, and their significance, in your company’s onboarding documents for new employees. Also send regular emails sharing tips on how to check for obvious signs of cyberattack attempts.
“Always treat unusual, strange, or ‘too good to be true’ messages or emails with caution, even if they appear to come from someone you know,” advises Pereira.
Know Who Has Access to Your Data
Even if your organization’s digital security is airtight, if your vendors or partners haven’t taken the proper precautions, your company’s data could still be compromised. With the introduction of the General Data Protection Regulation (GDPR) and its Chinese equivalent, preventing such occurrences is even more important.This is especially true for companies involved in cross-border work. The GDPR, for instance, is a European legislation, but applies to any company that does business with European companies and handles the personal data of people within the GDPR’s area of coverage.
Check the vendor’s security policies and ensure they have the necessary tools and processes in place to keep data adequately protected. For example, contact management solution provider Sansan has pledged not to pass on any customer data to third parties. For a company to which customers entrust personal data, this is vital reassurance. Companies should follow this strict culture of data protection, both internally and in the public eye.
Reassure Customers That Cyber Security is a Priority
In an age where customers are already reluctant to share information, it’s important that they know what your company is doing to safeguard their data.
Advise customers to change their passwords, and explain how to spot fake emails. Tell them to look for things like spelling mistakes in email IDs, mouseover links to see if they actually lead to your domain, and check if the message is addressed to them personally or contains a vague greeting like “Dear valued customer”.
As a final measure, back up all your digital assets so you can recover them even if a breach occurs. This also prevents you from being blackmailed by ransomware attackers who hold data and systems hostage until a ransom is paid.
Store your digital assets on a separate drive or a secure cloud solution, and limit access to important data to only those staff members with the necessary clearance.
Also read: How Your Company Should Handle a Data Breach