Singapore’s Personal Data Protection Commission (PDPC) has handed out a number of fines to companies who suffered data breaches due to cyber-attacks.
One such company suffered a ransomware attack, another did not have adequate firewall protections and so leaked the personal details of its customers. As a result, the PDPC fined these firms for failing to safeguard customer data.
Over the past few months as the COVID-19 pandemic has taken over, many businesses have had to scale back operations as they work remotely and under lockdown conditions. Hackers, however, have been as busy as ever and according to the CrowdStrike Work Security Index, there has been a 100X increase in malicious cyberattacks during the COVID-19 pandemic.
As more employees work from home the vulnerabilities that companies are exposed to will increase. Many employees use old devices (phones or laptops) which means there are more loopholes for hackers to access their information. They will also be handling sensitive company data, and potentially customer data, on unsecured devices on their own network, not on the companies’.
Many employees will watch movies online for free which can involve downloading free software which can contain Trojans, Worms and Viruses. These can then spread to their employees through e-mail and other communications.
Added to this, there has been an increase in Internet of Things (IoT) with everything from fridges to air conditioning units connected to the internet. This creates yet another access point for hackers who are able to access the home network through connected devices.
Firms should take steps to ramp up their cybersecurity especially if they have employees working from home. Basic measures include multifactor authentication which involves One Time Passwords (OTP) being sent to a mobile phone when a user logs in to their e-mail account. Firewalls block users from downloading from suspicious websites and of course there are good anti-virus software available on the market.
Another vital step that organisations should take is basic cyber-security training. Every firm should ensure that their employees undergo awareness and basic cyber-hygiene training and have their knowledge tested and updated on a regular basis. This should go beyond just teaching good passwords and include lessons on what type of viruses are out there, how they can enter a network and practical steps they should take to reduce risks and prevent cyber-attacks.
We have already seen an increase in credential theft, phishing attacks and ransomware and unless firms take action now to invest in cybersecurity solutions and protections, they not only will have to deal with the cost of dealing with a cyber-attack, but a fine from the PDPC as well.
For more information on the Personal Data Protection Act and how it can affect your company, contact Alpadis Group