fbpx
LIVE Webinar | Understanding SME’s Obligation in Data Protection and Cybersecurity

LIVE Webinar | Understanding SME’s Obligation in Data Protection and Cybersecurity

LIVE Webinar | Understanding SME’s Obligation in Data Protection and Cybersecurity

Zooming into the responsibilities of Business, IT and Compliance during and post COVID-19

26 June 2020 | 2.30 PM to 4.00 PM

We know the importance of PDPA and we wanted to share that knowledge with our clients so take this opportunity to uncover what PDPA means for your company and department through this complimentary webinar with Straits Interactive, one of the experts in the field of data protection.

SMEs today operate in an increasingly connected and competitive digital economy where individuals’ online and real-world activities generate huge amounts of data, especially during circuit-breaker where everyone must work remotely from home. 

SMEs have had to scramble to arrange employees to connect back to the office.  Have you taken a look at the privacy and IT risks involved in using the free apps as well as the paid apps?  Do you know what you need to look out for?  No matter how good your multiple cybersecurity tools are, an attacker will eventually find a way into your network through vulnerabilities during a lapse. Join us for the 1-hour session with Straits Interactive to find out about the role and accountability of IT departments, and approach to mitigate the cyber threat and risk. 

Topics covered:

  • Latest PDPA updates
  • Digitalisation & WFH Risks 
  • Roadmap to PDPA Compliance
  • The common problems faced by businesses
  • eSentinel™ – 360° Defense in Depth
  • and many more!

The Presenters:

  1. Alvin Toh, Chief Marketing Officer, Straits Interactive Pte Ltd
  2. Kenneth Wee, Commercial Director, Netpluz Asia Pte Ltd

 

 

Webinar: eSentinel™ – 360° Managed Cybersecurity, Simplified

No matter how good your multiple cybersecurity tools are, an attacker will eventually find a way into your network through vulnerabilities. 

Once cybercriminals acquire unauthorised access, you can only depend on the speed and performance of your IT team, to identify the threats, to manage multiple platforms to mitigate the attack. However, the time to respond and mitigate could last for hours or even days. 

Join us for the 1-hour session to find out how you can now extend your cyber defense perimeter at the ISP level

We will be covering topics such as:

  • The Cybersecurity landscape
  • The common problems faced by businesses
  • What is eSentinel™?
  • 360° Defense in Depth
  • and many more!

 

 

With the current outbreak of Coronavirus (2019-nCoV), officially named “Novel Coronavirus Pneumonia” or NCP by Chinese Health Authorities in China, businesses in the region have started to relook at their Business Continuity Plan (BCP) on how to effectively maintain business operation where physical contact between employees or individuals is being restricted to a high degree. Enterprise Singapore, supported by Singapore Business Federation has published a comprehensive Guide on Business Continuity Planning for 2019 Novel Coronavirus. 

The gathering of a large group of employees in offices is now being avoided as much as possible, with companies instructing certain percentage of its employees to work away from the office or from home as much as possible to reduce the chance of infection risks in the office space.

In short, the standard business operations using the traditional mindset of mandating all staff to report to the office might now be a risky decision, in terms of risk of infection. However, this is highly dependent on the nature of business – such as operators for heavy machinery are still required to report to work, or telemarketers only requiring a laptop and internet to work. The reliance on digital communication channel is now critical as this is something that the current coronavirus cannot take advantage of. And NO, I’m talking about the actual infection and not cybercriminals taking this opportunity for email phishing or creating malware in the name this outbreak.

If you are one of many businesses that have not put in place a robust Business Continuity Plan (BCP) to mitigate current risks, now is the time to relook at your business operations, processes and infrastructure and do something about it. The authorities have mentioned that it could take months before this outbreak is over. They have also mentioned that the coronavirus is more infectious than Severe Acute Respiratory Syndrome (SARS) that was discovered and recognised in February 2003, however, Coronavirus fatality rate is lesser, according to the authorities. 

Businesses should put the focus on considerations on the short-term situation where employees may be restricted to work outside of the office as much as possible. Businesses will need to rely on the current digital infrastructure, or even look into new solutions to support the sudden surge of digital communication requirements.

For companies with robust BCP in place, working remotely from home may not be a problem. In Netpluz, we allow our employees to apply for telecommuting, or work from home in case a need arises. Netpluz utilises the Microsoft O365 platform where our employees are able to conduct their day to day operations, such as conferencing, file-sharing or even work together on a single document. The platform enables our employees to maintain constant contact with each other via this platform. CRM & ERP platforms are accessible through Virtual Private Network (VPN). Sensitive data are being encrypted before being transmitted between employees’ laptop remotely and servers in Netpluz private cloud.

Video conferencing between employees, particularly the usual weekly meetings on business operations updates, shown no issues as Netpluz infrastructure is robust and highly available. Kudos to the engineering team and their experiences.

For customer-facing staff, such as the sales team, the inability to meet will not be the main factor that affects operations. The sales team may consider inviting their customers/prospects to meet through video conferencing with Microsoft Teams on Microsoft O365 platform.

For companies who are not well-prepared, such as not utilizing Microsoft O365 or similar platform and only relying on the traditional communication channel such as Whatsapp and traditional telephone, the predictable outcome would be employees not being able to work productively.

The following are some recommendations for businesses wanting to ensure business continuity:

  1. Consider categorising your employees in at least 2 teams (Team A & Team B), and avoiding physical interactions between the 2 teams.

Recommendation: Have at least a team to work remotely from home. Ensure that either team will be able to take on the role of the other team, should the need arises.

  1. Enabling your IT department/staff to deal with the sudden surge of connectivity issue, as more and more employees may be required to work from home.

Recommendation: Understand your bandwidth usage/utilization and upgrade to a higher bandwidth if necessary.

  1. File servers are hosted on-premise in the office location.

Recommendation: With the mobile workforce, a simple Virtual Private Network (VPN) connectivity is the basic requirement to access the file servers in the private network. Do contact us if you need VPN setup or even consultancy on your current infrastructure to support this feature. 

  1. Ensure your employees are able to work from anywhere such as from home. Many SMEs, especially smaller companies have yet to collaborate digitally, as most may still prefer the in-person face to face meeting.

Recommendation: Consider working on Microsoft O365 and collaborate online with Microsoft Teams. Teams can be installed on multiple devices and employees can also work on their mobile phones on the go.

Netpluz is a Microsoft SPLA partner and Cloud Solution Provider. 

  1. Ensure that all employees who work remotely do have the communication channel such as mobile phone to be contacted or to contact their customers or suppliers.

Recommendation: Ensure that employees desk phones are properly set up to ensure call forwarding. A solution such as MobileRoam ensures that employees are able to communicate with parties more productively. This service is recommended for employees that might be facing limited mobile plan subscribed. Businesses may also consider Cloud PBX and IP-Phones should the nature of the business requires high volume call traffics. 

  1. Ensure that all employees’ endpoint such as laptops is installed with endpoint protection.

Recommendation: With employees working remotely and accessing the internet publicly, there will always be cyber risks of malware. To ensure that endpoints are properly secured with antivirus and anti-malware, Netpluz recommends Sophos Endpoint Protection such as Intercept X Advanced with EDR and MTR. 

  1. All endpoints should have a proper backup solution in place. 

Recommendation: As employees will move around to work remotely, there will always be a chance that the endpoint they work with will be stolen, lost or even data corruption. Having a proper endpoint backup solution such as Druva InSync ensures proper data protection and governance in this critical period. 

  1. Working from home is not an option due to the nature of business, e.g. Financial or Sensitive Data Handling.

Recommendation: In such a scenario, businesses may consider splitting their team B onto a secondary work area, similar to business Work Area Recovery (WAR), which is also covered under a comprehensive BCP plan. Such secondary workspace or Work Area Recovery solutions include complete office facilities and equipment such as PCs, telephone systems, facsimile, photocopier, manager rooms, meeting rooms and general office areas to which our customers can quickly relocate key personnel to the recovery site and resume business as soon as possible. Contact Netpluz today to find out more, from cost-effective solution to a full-fledged WAR room. 

  1. Businesses to relook at existing or even consider building a Business Continuity Plan (BCP).

Recommendation: As IT landscapes are getting more complex with the subscription of multiple SaaS solutions or even on-prem solutions, devising a comprehensive and robust business continuity plan may require the guidance or advisory from a managed communication service provider who has decades of experiences. Netpluz has been offering advisories in terms of BCP on IT infrastructure. 

The above recommendations are some simple guidelines to enable your employees to continue to work remotely if required while waiting for the coronavirus outbreak to subside.

Solutions such as collaboration platform Microsoft Teams on O365 creates the modern workspace, where employees can collaborate without the need to be physically in a specific office. Companies that have proper BCP in place would have a competitive advantage in this crisis period.

For businesses who finally understands the importance of digital communication platforms and in need of assistance, Netpluz can advise, propose, implement and manage an end-to-end robust solution. Please contact contact@netpluz.asia to set up an appointment to discuss how Netpluz can support you in communication services.

Author: Rueburn Liang 

 

PDPA Compliance – Is Your Corporation’s Data Free From Cyber Threats Such As Data Breaching?

Cyber activities are becoming more common than you think. According to a survey report released by the Cyber Security Agency of Singapore (CSA), there has been a huge increase in cyber threats such as data breach.

Businesses in Singapore suffered losses of around S$58 million in 2018, representing an increase of about 31 percent from 20171.

With the risk of high loss due to cyber threats, this blog article aims to share some simple and cost-effective ways to keep your business safe in the upcoming year.

To begin, let’s first have a basic understanding of the possible cybercrime and its impact. 

What is data breach?

In today’s internet world, data breaches are becoming more common for businesses, regardless of the organisation’s size and complexity. Data breach is a security vulnerability where confidential data or sensitive information is released to untrusted websites or misused by cybercriminals. This means that data is at risk of being stolen, transmitted or viewed by unauthorised people outside of your company, which can also be known as a data leak.

Data Breach data prevention

How does data breach occur?

Some business owners may think that having a single firewall is sufficient enough to deal with a cyberattack. This mindset increases the attractiveness of the cybercrime industry and provides more targets for attackers to make their profit.  A data breach can happen to an organisation in multiple ways such as 

Employee Focus attacks: Cybercriminals could send malicious emails that look valid and real to simply request the targeted employees to send in the required details. Employees who have been deceived will unknowingly leak important information that provides hackers with access to all your organisation’s data.

Alternatively, it could be due to sharing of private information to the wrong person. For instance, attaching an important document that contains customer details to someone outside of your organisation who does not have any permission or right to view, and the file can be read by them without any further authentication, like a password.

Malware attack: The data that your organisation owns is very attractive to cybercriminals. To obtain those valuable data, cybercriminals could use malware to hack into your system. One of those is known as Ransomware, which is a malicious program used to acquire a significant amount of data and likely to perform encryption in a single attack. With that, the cybercriminal is able to demand and threaten for payment from the victim in exchange for a decryption key.

Outcome Of Data Breach

Upon data breach, there are many lethal results that could lead to termination of business operation, temporarily or permanently. Data breaches can damage both business and consumers in terms of reputation, which is costly and timely to be repaired. Moreover, businesses may face additional damages in the form of fines or penalties. These consequences may vary due to the type of data breaches and violation of the Personal Data Protection Act.

What is the Personal Data Protection Act (PDPA)? 

PDPA is a law that aims to protect all relevant information of an individual such as NRIC, bank account details, among other information against any organisation that is likely to have revealed, collected and used it, despite the credibility of the information. With PDPA, this means that all corporations in Singapore will have to follow a set of baseline standards when managing possession of all individual’s data, even by the firm’s own employees.

How is the PDPA enforced?

The Personal Data Protection Commission (PDPC) has been established to manage and enforce PDPA. The PDPC will determine if a business is not in compliance with PDPA, and the particular company may receive instructions and consequences, such as terminating any collection, use, and disclosure of data in business operations. The company would also be expected to pay fines not exceeding S$1 million.

Protecting against data breach with cybersecurity

With the growth of the internet, there are different security needs such as the application, cloud, mobile, network and endpoint securities. Also, data loss prevention, identify and access management. Cybersecurity is the general IT term to cover different defence remedies and it will allow your corporate to secure the system against any cyberattacks that may lead to data breaches.

Cybersecurity Practices To Mitigate The Risk of Data Breach

These are some easy and effective cybersecurity methods that can ensure that all vulnerable devices, applications, networks, and data in your company’s holding are being protected against any threats.

Secure All Network and Device

This can be done by first installing security software that includes anti-virus and anti-spam filters, which can help your business reduce the possibility of falling for phishing emails and mitigate malware infection.

Also, a firewall could be applied together to track the in and out traffic between all your company computers and the internet. With a firewall in place, the business internal network can be further secured.   

Secure With Encryption

Always make sure that your data in files are encrypted in secret code or password when sharing on to the internet. This helps to reduce the risk of data being stolen or destructed online.

Enforce Cybersecurity Policies

By stating out the relevant rules and regulations, your employees can be educated on security issues and things to take note of when they are visiting internet sites or emails.

Conclusion

The right cybersecurity is needed in order to mitigate your corporate’s sensitive data such as financial information, trade secrets or intellectual property of the customers or users. With cyber attackers and hackers becoming more prominent and creative it is difficult to acquire an effective solution. Not to worry! At Netpluz, we have partnered with leading cybersecurity vendors such as Nexusguard, Sophos, Druva and many more that can provide a variety of cybersecurity solutions that can help your company reduce the negative impacts of data breaching and at the same time save cost.

Click here to find out more about ways to defend your data, or email us to arrange for an appointment with our experienced manager, and we will provide ways for you to become more secure. 

Author: Ada Foo Jiaxin

References

1 CISOMAG. “Around 6,200 Cyber-Attacks Reported in Singapore Last Year: CSA.” CISO MAG | Cyber Security Magazine, 20 June 2019, www.cisomag.com/around-6200-cyber-attacks-reported-in-singapore-last-year-csa/

Irwin, Luke. “The 6 Most Common Ways Data Breaches Occur – IT Governance Blog.” IT Governance Blog, 11 Mar. 2019, www.itgovernance.eu/blog/en/the-6-most-common-ways-data-breaches-occur.

“What Is Cyber Security Threat Mitigation? Webopedia Definition.” Webopedia.Com, 2019, www.webopedia.com/TERM/C/cyber-security-threat-mitigation.html#:~:targetText=Cyber%20security%20threat%20mitigation%20refers,when%20security%20attacks%20do%20happen.

What is Cybersecurity (Cyber Security)? Everything You Need to Know. “What Is Cybersecurity (Cyber Security)? Everything You Need to Know.” SearchSecurity, 2019, 

“How to Protect Your Business from Cyber Threats | Business.Gov.Au.” Business.Gov.Au, 15 Oct. 2019, www.business.gov.au/Risk-management/Cyber-security/How-to-protect-your-business-from-cyber-threats.

Tier-based cloud security standard.

 

The Multi-Tier Cloud Security (MTCS) Singapore Standard (SS)584 is a cloud security certification managed by the Singapore Info-comm Media Development Authority (IMDA).

The MTCS SS is the world’s first cloud security standard that covers multiple tiers. With the new standard, certified CSPs will be able to spell out the levels of security that they can offer to their users.

MTCS SS has a self-disclosure requirement for CSPs covering service-oriented information that is normally included in Service Level Agreements. This covers areas such as data retention, data sovereignty, data portability, liability, availability, business continuity, disaster recovery, as well as incident and problem management.

Businesses that rely on cloud computing services will also be able to use the MTCS SS to better understand and assess the cloud security they require.

The scope of services included in the certification highlights Netpluz‘s ongoing and continuous commitment to ensuring sound operational and security controls across all Cloud Computing services, such as:

  • Private Cloud
  • Infrastructure as a Service (IaaS)
  • Disaster Recovery as a Service (DRaaS)
  • Backup as a Service (BaaS)

Netpluz Cloud Platform is certified as MTCS compliant.

For more information, please contact us directly at contact@netpluz.asia or click here. 

What happened recently with so much Data Breaches news coverage?

One of the key challenges for organisations today is how to safeguard their information systems and digital infrastructure from attacks by malicious hackers and cybercriminals. Current concerns for most companies are often related to data breaches, with so much media coverage focusing on recent cases. 

In light of recent data breaches discovered on Singtel and Ninja Van, Personal Data Protection Commission (PDPC) mentioned:

“Despite having received professional advice to take precautions against such vulnerabilities, the organisation omitted to conduct a full code review…and hence failed to discover (the vulnerability) that was exploited in this case.”

No matter how certain organisations are about their defences, there are always risks to their security because of frequent changes and updates made to their digital infrastructure.

Due to these issues, vulnerability assessment and penetration testing (VAPT) come in place as a solution to identify the unknown vulnerabilities and set immediate remediation to mitigate cybersecurity risk for the company.

According to PDPC, eight organisations were found to be in breach of the Personal Data Protection Act (PDPA). 

  • Ninja Logistics for failing to put in place reasonable security arrangements to protect customers’ data in relation to a tracking function on the company’s website, allowing the data to be accessed publicly.
  • EU Holidays, penalty of $15,000, for not protecting customers’ personal data and not having written policies and practices to comply with the PDPA. 
  • Marshall Cavendish ($40,000), Singtel ($25,000) and SearchAsia Consulting ($7,000); and a warning issued to another two – Tan Tock Seng Hospital and CampVision.
  • Directions were also imposed on iClick Media for breaching the Accountability Obligation.

Is Your company ready for Vulnerability Assessment & Penetration Testing (VAPT)?

Vulnerability Assessment & Penetration Testing (VAPT) is necessary to spot your vulnerability. VAPT result shall deliver quality assessment through the eyes of both a hacker and an experienced and certified security expert to discover where you can improve your security posture.

The findings (vulnerabilities) would be delivered as reports that shall be used to effectively remediate any of the vulnerabilities and answer these following questions:

  • How vulnerable are you from the internet or intranet?
  • What are the exploitable vulnerabilities?
  • Are the operating system patches current?
  • Do you have unnecessary service running?

“Knowing your vulnerability and the way in which the attackers could exploit them are one of the greatest insights you can get in improving your security program.”

Want to know how we can help you discover vulnerabilities through VAPT?

 

 

 

 

 

VAPT

Reference

Singtel fined $25,000 and Ninja Van $90,000 for data breaches, The Strait Times, Nov 5, 2019. – https://www.straitstimes.com/business/companies-markets/singtel-fined-25000-and-ninja-van-90000-for-data-breaches

New Commission’s Decisions on 4 November 2019, PDPC, Nov 4, 2019https://www.pdpc.gov.sg/pdpc/news/latest-updates/2019/11/new-commissions-decisions-on-4-november-2019

 

Quality Communication Services with Cyber Protection

Netpluz Top 10 Managed Security Service Providers APAC 2019 awardThe internet revolution has radically altered the way business is conducted. The size and location of business are becoming increasingly unimportant, in today’s internet-connected global playing field. Furthermore, with new entrants of SaaS solutions and multiple branches distributed globally, optimized connectivity from a single management point of view is critical to ensure that all branches of a business can communicate effectively. However, with companies using connectivity systems from multiple vendors, this is not an easy task to achieve because IT professionals are usually directed around different vendors, and no clear causes are identified when an issue arises. In today’s always-connected era, response time to resolve is crucial to ensure secure businesses’ reputation and operations. Having one managed service provider to overlook the entire network is necessary to ensure faster response time and resolution. Understanding these requirements, Netpluz delivers quality communication services with cyber protection to clients. With the company’s offering, clients get the agility they require without the huge capital expenditure and hassle of managing multiple vendors. Leveraging its decades of experience and expertise in secure communications, Netpluz enables quick identification and fast response to resolve issues while guaranteeing 99.99 percent uptime. “As a B2B company, our focus is to simplify the communications needs of businesses with solutions that fit both company resources and requirements,” says Lau Leng Fong, CEO of the company.Lau Leng Fong Netpluz CEO

Netpluz helps organizations with their secure internet networking needs by first understanding their unique challenges. By providing carrier-agnostic and secure network connectivity services, Netpluz builds customized solutions for every client. “Netpluz understands that every business is unique, and there is no one solution to fit all. Our approach is to first understand the requirement and challenge, growth plan for scalability before we propose a holistic solution,” says Leng Fong. With secure internet connectivity managed by Netpluz’s team of 24/7 technical helpdesk and proactive network monitoring, businesses can be rest assured that their network is being monitored and responded to whenever a need arises. “There were cases of internal network being compromised, devices being used for crypto-jacking, and cases of downtime due to target of DDoS attack. One of the value-added features that come with Netpluz Managed Service is network monitoring on bandwidth utilization,” mentions Leng Fong. An alert will be triggered upon a set threshold, and a dedicated account manager will contact the business representative to check if there is any abnormal network activity. A surge in network bandwidth utilization could spell malicious activity, and Netpluz can be engaged to mitigate the risks.

Companies subscribed to Netpluz DDoS Mitigation service enjoy auto mitigation of DDoS attacks, ensuring high availability of their network connection. In Q2 of 2019, Netpluz successfully mitigated a total of 1.8 Gbps DDoS attack over 2 hours, with the single largest DDoS attack of 506 Mbps mitigated. They commissioned local Scrubbing Centre, leveraging on machine learning technology and multi-layered mitigation to provide intelligence-based detection to automate threat detection. This approach enables an adaptive security architecture, simultaneously addressing detection, prediction, prevention, and response.

In fact, the company will soon launch a Datacenter-grade cloud-based managed security service (MSS) platform, eSentinel especially for SMEs as they do not have the resources to implement a dual firewall implementation, or even DDoS mitigation and secure network monitoring system.  Conceptually, eSentinel is built with state-of-the-art cyber technologies, offering the various protection features such as intelligent next-gen firewall (iNGFW), DDoS mitigation, SIEM, 24×7 monitoring and detection, and response should the on-premise firewall is managed by Netpluz. Netpluz also leverages SD-WAN technology, powered by VeloCloud, now part of VMware, to offer secure, high performance and reliable cross border business connectivity operations ensuring optimal performance even for demanding applications, such as voice and video. “eSentinel is our answer for Secure Internet Connectivity and SD-WAN, for Secure WAN Connectivity,” adds Leng Fong.

Businesses can view Netpluz as an extension of their IT department to manage the entire network and system infrastructure. The company’s team is trained, and industry certified to bring the highest value to clients. “Having a managed communication service provider is, therefore, preferable in terms of skillset and cost saving, as compared to hiring a team of specialized IT professionals. We take your IT operations to the next level, and you can focus your time and resources to take your company to new heights,” says Leng Fong.

As a B2B company, our focus is to simplify the communications needs of businesses with solutions that fit both company resources and requirements.

Among the numerous success stories of Netpluz is that of Paradise Group, a diners’ paradise for Oriental cuisine. With the need to have agility on global connectivity across 110 branches in 9 countries, Paradise Group embraced cloud computing to digitally transform their global communications. As the business grows, the need to be cyber resilient is imminent. As cyber-attacks are evolving to be more complex and harder to detect, Netpluz managed to implement a deep learning solution that leverage on neural networks to detect malicious activities, securing critical data with proper disaster recovery in place. “We are proud to serve Paradise Group with a fast detection and response team to ensure that they can achieve a robust networking and secure framework, with significant cost savings in place,” states Leng Fong. Netpluz successfully implemented and managed a robust networking and communication framework for Paradise Group and helped them achieve a whopping 20 percent cost-savings on secure networking across their headquarters and outlets in Singapore. Additionally, Netpluz has implemented an intelligent queue management solution for the client that is forecasted to achieve at least 40 percent cost-saving on voice services. Keith Kee, IT Manager of Paradise Group, mentions, “No other service providers were able to take a step back to understand my challenges, and Netpluz offered to go the extra mile. We are proud to have Netpluz Asia as our IT solutions provider.”

With such stellar success stories, Netpluz is set on a regional expansion throughout the Asia Pacific, to be the leading Managed Communications Service Provider in the region. Headquartered in Singapore and with business operations in Malaysia, Netpluz is set to expand their support coverage to Indonesia in the very near future, in line with the vision to be the top regional Managed Service Provider (MSP) with cyber security as their key focus. With humble beginnings in 2015 serving business internet connectivity followed by the acquisition of Mediaring and merger of Y5Zone Singapore in 2016, Netpluz has evolved from an internet service provider to a leader in managed data, voice, video, mobility, analytics and cybersecurity services. Today, the company offers its services to over 2000 clients over a single, converged network with uncompromising availability, scalability, and service standards. “Leveraging on our expertise and decades of experience, Netpluz is strategically poised to be the one-stop-shop managed communications service provider to support the growth of performing businesses looking to build optimized, secure and diverse connectivity throughout the region,” remarks Leng Fong.

To view the PDF version of the article: https://www.netpluz.asia/Marketing/enterprisesecurityaward2019.pdf

To view the full digital magazine and awards, please click the image below:

Enterprise Security Netpluz TOP 10 Managed Security Service APAC

We live in an interconnected society whereby information and data is readily available at the tip of our fingertips, literally.

You’ve most likely been reading about various cyber-attacks in the news, and have heard about the increasing need for cyber security. But what is cyber security? It is the practice of protecting systems, networks and programs from digital attacks. (Cisco, 2019)

Quite a number companies that Netpluz has contacted have expressed that cyber security is not their greatest concern.  Common reasons given are either because they are small companies, and/or don’t keep any data in the cloud. Another reason given is that some companies claim to have very small budgets for IT spending.

But ignorance of the current situation that’s happening is dangerous. And in this article we will provide you with some insights as to why cybersecurity is essential for businesses.

In Singapore, cyber attacks happens more frequently than you think with majority of the attacks aimed towards businesses, online security software vendor Norton has reported that there were 5,430 cybercrime cases in 2017 while the Cyber Security Agency (CSA) detected 23,420 phishing web addresses with a Singapore link.

According to a study by consumer information provider Comparitech, Singapore is ranked 10th best in global cybersecurity. However, despite this, attacks still happen, such as when Singapore experienced its worst cyber attack in June 2018 that resulted in the country’s largest data breach in history. That was when hackers managed to obtain personal particulars of 1.5 million patients.  The hackers essentially infiltrated the computers of SingHealth, Singapore’s largest group of healthcare institutions. (Loh, Victor. “The Big Read: As more cyberattacks loom, Singapore has a weak first line of defence.” CNA, 26 February 2019.

With that being said, one should never be complacent despite how safe and secure we may be and never underestimate the importance of cybersecurity in ensuring that your business data is protected.

Here are reasons why your business needs Cybersecurity;

Financial and reputational impact on business

Cyber attacks can have serious implications on your business’ financial situation.

Based on a study done by Ponemon Institute, the average cost of a data breach per compromised record was $148 and it took businesses at least 196 days to detect a breach. This means you’re likely having to bear a heavy price. (Ponemon, Larry. “Ponemon Institute Cost of a Data Breach Study 2018.” SecurityIntelligence, 11 July 2018.

However, it is not just about the financial loss suffered by your business or the cost of recovery; a data breach can also impose reputational damages.

When your business suffers from a cyberattack, your customers will start to lose trust in your business and will start to spend their money elsewhere. This would obviously make it harder for your business to retain existing customers let alone obtaining new ones.

Hence, there’s no need for your business to  run on the risk of awaiting for the imminent cyber attack to happen. Instead, take action today to protect your business from cyber attacks and potentially from being wiped out from existence through implementing cyber security measures.

Increasing trend in number of cyber attacks

Criminals can find all sort of methods and entry points into your internal networks through your business’ exposed systems or maybe even your website.

According to the Cyber Security Agency of Singapore (CSA), which is responsible for Singapore’s cybersecurity efforts, the number of cyber attacks, especially ransomware, have increased over the previous years. (Loh, Sherwin. “Singapore sees spike in number of cyberattack-for-ransom cases.” TheBusinessTimes, 10 October 2016. Symantec, an American company that provides cybersecurity software and servcies, also mentioned that financial sector which comprises of financial, insurance and real estates, accounts for 47% of ransomware attacks in Singapore, making it the most vulnerable industry.

This is because ransomware is usually easier to target through a common service, all industries and companies no matter the size, as well as individuals, are targeted.

If you or your business ever encounter a ransomware attack, do not give in to the demands of the cybercriminals because of course, you can’t trust them. Furthermore, paying the ransom doesn’t guarantee that you get back your stolen data or files. It is just a short-term solution but often ends up fuelling these criminal’s confidence in carrying out more attacks at other organisations.

“What makes a good target is outdated security or a poor security posture, resulting in that company or industry being a good target.”

Thus, if you plan to deal with these sort of attacks only after you detected it, you are too late. With highly sophisticated attacks getting common, you need to know that a data breach is bound to happen, especially for small businesses.

Rapid increase in the use of IoT devices

The world we live in today relies heavily on the usage of mobile apps, web apps, and big data. It should come to no surprise that more smart devices nowadays are connected to the internet. These are known as Internet of Things, or IOT for short, devices that are common in homes and offices. Consultancy UK, 2018. 

It may seem as though being able to utilise these devices enable many new startups and small businesses to simplify and make tasks more efficient, as well as provides greater control and accessibility.

In reality, that’s not the case.

You see, if the IoT device is not managed properly, it gives cyber criminals a chance to take advantage of it by exploiting the security weaknesses.

For example, people tend to configure their business emails on their personal email, supposedly providing convenience. However, once you step outside the safe zone of your company’s network, you are vulnerable to hackers.

By 2021, it is estimated that there will be 27.1 billion connected devices according to IT services giant Cisco. This means that the problem will only get worse in the long run.
Information, data, and many more can be easily transferred into the wrong hands.

Thus, do not get distracted by the rapid transformation in technology until you forget that protection on these devices should be the priority. Instead, you should conduct regular vulnerability assessments to identify and eliminate the risks.

Increase Productivity

Aside from protecting your business, a well-implemented cyber security measure can maximise your business’ potential output.

According to Computer Economics, it is reported by McAfee that there are over 60,000 known computer viruses currently.This not only means it slows down your computers, but it also forces you to wait to clean the viruses before you can continue working again. Thus, your business is vulnerable to all sorts of viruses and if no action is taken, it can slow down your productivity in work.

Hence, by implementing such effective measures, it will give you the confidence that every aspect of your business is well prepared against potential attacks, contributing to your success. Furtheremore, such confidence gives you the peace of mind, time and resources to focus on other aspects of your business’ growth too.

Save cost

It does not hurt to invest in cybersecurity because in actual fact, it is much more cost-effective as compared to when you suffer a major cyber-attack.

As mentioned, such cyber attacks can cause businesses to lose billions of dollars in terms of reputation loss, loss of sensitive company data, and the consequent cost of compensating the people affected. According to a report by Radware, the average estimated cost of a cyberattack on an enterprise was $1.1 million in 2018, an increase of 52% from the previous year.

However, imagine if your business had just invested a small amount into implementing cyber security measures. The benefits far outweighs the disadvantages.

Thus, implementing these small and cost-effective cyber security measures provides your business a safeguard against these uncertainties.

In conclusion, don’t wait till it’s too late. As mentioned, we should never be too complacent just because we think it won’t happen to us. Your business is at risk financially and reputationally, with the increasing trend in cyber attacks and usage of IoT devices, without cyber security, it can impact your business’ flow. In addition, cyber security also allows for more productivity and cost-effectiveness.

Here at Netpluz Asia, we provide various solutions that can cater to your needs on how you can managed your cyber security.  Just watch the video below to find out more!

Author: Amir Matin Bin Abdul Rashid

Reference:

https://www.channelnewsasia.com/news/singapore/cybersecurity-attacks-hacks-singapore-vulnerable-weak-first-line-11286586

https://www.consultancy.uk/news/18435/five-reasons-cyber-security-is-more-important-than-ever

https://securityintelligence.com/ponemon-cost-of-a-data-breach-2018/

https://www.businesstimes.com.sg/technology/singapore-sees-spike-in-number-of-cyberattack-for-ransom-cases

 

What is Cyber Security?
The name cyber security as straightforward as it sounds is far more important than people usually think. Here are some of the misconceptions that even you may have:

  • Only big and important companies or people will fall victim
  • Anti-virus and firewall is enough
  • Danger can only come from external sources
  • Passwords are difficult to crack
  • Once a device is infected, users will know immediately

What is cybersecurity and how to prevent cyber-attacks? Cybersecurity is the act of protecting yourself from cyber-attacks online. For cybersecurity to be successful, it has to cover multiple layers of protection spread across networks, programs, computers or data that should be kept safely. How do you make this work in your organisation?

  • People – the staff has to be knowledgeable on basic security principles
  • Processes – Have a good framework so that the organisation will know what to do In times of cyber attacks
  • Technology – New and advancing technologies are used to protect devices

So why implement Cyber Security in your company? I will be listing the top 5 reasons why you should do it for the safety of your company.

 

Preventing Damage To Company

There are cyber attackers out there who are skilled enough to hack big companies who are already well invested into cybersecurity. Facebook is an example the huge social media company had more than 540,000,000 user records exposed on Amazon’s cloud computing service. Since Facebook has already invested so much in cybersecurity but still gets attacked, it must be pointless for a small company to have cyber security right?

Wrong, not all news are published but there have been cases of companies of all sizes that has been destroyed due to cyber-attacks and it is all because they do not treat cybersecurity with importance. The less invested you are into cyber security means you are prone to more attacks and it could leave much more damage as compared to other companies are more invested. Every day there are more than 4000 hacks made by ransomware alone, this should scare people or companies who think that they are safe from cyber-attacks. With 54% of the firm’s network or data being breached in 2018 it could be your turn any time and the average cost of recovering from a cyber-attack is $5,000,000, will you risk it?

Safekeep Personal Details

In most companies, the database consists of personal details of every staff working for the company. When company data is breached, the hacker has access not only to data relevant to business but the data of the people working for the company. Such data consists of bank accounts, family details, address, etc.
These data can be used as blackmail against the victim and the victim may have to pay a sum of money just to have the data back but it is never guaranteed that the attacker might not have it anymore even after receiving the payment.

Without a cyber-security, the employees, as well as the employer, are in jeopardy of getting their personal information leaked. Hence, for the safety of everyone in a company, cybersecurity should be implemented.

Stay safe from progressing hackers

As technology improves, so does the skills of hackers from all around the world. When big companies such as Facebook, Sony, and Adobe are victims of cyber-attack it shows how smart the hackers can be to get through companies with good encryption. In 2014, South Korea had also been hacked by an employee of Korea Credit Bureau who took credit card details and sold them to credit traders and telemarketing companies. (“TOP 10 of the world’s largest cyberattacks | Outpost 24 blog”, 2019)

With the progress of both Cybersecurity and the skills of hackers, it is important to have an updated and maintained cybersecurity system to reduce the chances of being attacked. With a cybersecurity system that is constantly updated, it decreases the chance of attack as the hackers will have to find a new way to attack the victim due to the updated system blocking them out and being ahead of their capabilities.

Know the different threats

There are many ways for cyber-attacks to happen, the ones that people are more aware of are phishing emails, password hacks etc. however most don’t know about ransomware. What it does is it encrypts business information and can only be unlocked after a large fee is paid. How cybersecurity helps is that a business is able to store their data in multiple places so that they are able back up the data whenever they need to.

Malicious software is constantly improving and so are software security, this is why it is important for a company to maintain their cyber security to prevent such attacks. Having the data kept safe from all the malicious software will ensure that the company does not suffer unnecessary loss of having to recover the data.

It does not require a lot of work

Employing cybersecurity is quite simple, you are able to find some companies who would do the job for you if you employ their cyber security network. They are able to check for viruses, quarantine the virus and also keep you updated on what is happening such as how many attacks, what kind of files are quarantined etc.
As long as you pay the subscription all of these will be done for you and the cost of having cybersecurity will be a lot lesser than when cyber-attacks actually happen to you.

It is evident that cybersecurity is crucial for business to operate smoothly and to reduce cost. It doesn’t take a lot for you to protect yourself from great danger, it is better to be safe than to be sorry so make the right decision or bear with the consequences.

Author: Tan Ming Rui, Aloysius

References:
Why is Cyber Security Important in 2019? – SecurityFirstCorp.com. (2019). Retrieved from https://securityfirstcorp.com/why-is-cyber-security-important/

Services, P. (2019). What Is Cybersecurity?. Retrieved from https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html

Bordoni, S. (2019). The importance of maintaining cyber security in your business. Retrieved from https://www.itproportal.com/features/the-importance-of-maintaining-cyber-security-in-your-business/

(2019). Retrieved from
https://www.quora.com/What-is-cyber-security-Why-is-it-important

Five reasons cyber security is more important than ever. (2019). Retrieved from https://www.consultancy.uk/news/18435/five-reasons-cyber-security-is-more-important-than-ever

https://www.pexels.com/search/cyber%20security/

TOP 10 of the world’s largest cyberattacks | Outpost 24 blog. (2019). Retrieved from https://outpost24.com/blog/top-10-of-the-world-biggest-cyberattacks

 

Take the SOC Tour and see more how we work for you

Today’s rapidly evolving threat landscape demands ever smarter and ever more responsive managed security services. 

Sign up for an opportunity to our upcoming Security Operations Center (SOC) Tour and meet our experts to discuss how we can help you detect and respond to cyber threats at an early stage and improve your IT security posture.

Netpluz Managed Security Operations Center (SOC) offers the industry-leading tools, technology and expertise required to secure your information assets 24 x 7, often at a fraction of the cost of in-house security resources

Event is over. Please contact us at contact@netpluz.asia to register SOC Tour interest. 

 

Prevention is Always Better than Cure

Understanding why being proactive is always the best solution to fight an attack.

The cost of protection is rather small compared to the cost of regret when the company’s reputation jeopardized after DDoS Attack. Companies that are targeted by Distributed Denial of Service (DDoS) attacks are not only financially disadvantaged, but their image becomes polluted as well.

Moving in line with our national plan to become a leading digital economy requires us to digitize and have a strong online presence. Having a good online presence is essential for the long-term growth of any business and it’s also the good way to find potential customers and gain the trust of existing ones.

But as we go more digital than ever, cyber threats and attacks are almost inevitable. Cyber Security Agency of Singapore (CSA) reported that there are 5430 cybercrime cases back in 2017. From previous year, the cybersecurity cases growing from 15.6 percent to 16.6 percent.

Distributed Denial-of-Service (DDoS) attack is the malicious attempt to disrupt normal traffic by sending floods of internet traffic to targeted server, service or network. This attempt can slow down your server and could take your whole online services down. The reason of the attack is varied, could be business’ competition, revenge or part of hacktivism.

Having managed DDoS Protection towards the attacks will be the best proactive solution that any business should do. This proactive solution might help your company to mitigate the good and bad traffic that enter your company website, applications, and network infrastructures from DDoS attacks and hacking.

While the number of attacks increase in time, many of business still haven’t really understand to react well to the phenomenon. Study conducted by reputable cyber security company found out that at least 34% business still don’t use any protection toward DDoS and only rely on their ISP to shield them from attacks. The study also found out that 30% of the businesses that actively use DDoS protection only use it because they were a victim of DDoS in the past while the rest 35% use DDoS protection because they are required to do so for regulatory purposes.

The best solutions to deal with DDoS are knowing the risk of DDoS and to have the better understanding of the attacks, having the prevention and response plan to it. Thus, it’s always suggested by all IT experts that the best defense that business owner can do is to have themselves protected since the beginning, rather than must deal with bad publicity after becoming another victim of the cyber-attacks.

 

Source :
https://www.kaspersky.com/about/press-releases/2018_ineffective-ddos-strategies

https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecyberlandscape2017.pdf

https://www.imda.gov.sg/sgdigital/digital-economy-framework-for-action

360° Cyber Security Protection for Business

 

With a few strokes of a keyboard, rogue individuals or hackers can launch a cyber-attack such as Distributed Denial-of-Service (DDoS) from anywhere, at any time, disrupting and damaging your online assets, business operation and reputation.

Come 31 May 2019, Netpluz 360 Cyber Security Protection for Business event will take place at Suntec Convention Centre. Addressing cyber security issues related to SMEs, the event will gather senior management and Security Professionals to raise awareness, share ideas and solutions to tackle critical operational issues facing the sector.

Event session will distil key elements of cyber security into non-technical bite-sized bits for you while there will be some overview of the latest defences and threats into the Information Cyber Security (ICS) environment. Arm yourself with practical tips and proven technology for good cyber hygiene. The event looks to address key issues ensuring business have the tools and knowledge to keep their data and network secure. Find out what works best for you!

Key learning of attending Netpluz Cyber Security Event for SMEs:
  • Understand what makes you a target of cyber security attacks.
  • Learn Cyber Security measures through an early incident alert and response system by monitoring, profiling and management of cyber security threats.
  • Validation of your security safeguard effectiveness through Penetration Testing.
  • Recommendation on how to mitigate cyber security vulnerabilities to protect complex Web Applications, Networks and DNS servers.
  • Endpoint protection against malware and infections.
  • Increased resiliency of your data protection with data backup and recovery services.
  • Mitigate Cyber Risks with Cyber Insurance Protection.

Event is over. Please contact us at contact@netpluz.asia for the next event. 

FORTIFY YOUR NETWORK

As highly-connected country, Singapore’s cyber landscape resemble the world trends. And with the technology at the fingertips of billions, there are more and more attacks now than ever before.

Come 23 November 2018, Breakfast and Learn – Fortify Your Network event will take place at Oakwood Premier UOE. Addressing the threat landscape of cyber security. The event will gather senior management and Security professionals to raises awareness, share ideas and solutions to cyber security issue.

RSVP now and stand a chance to win lucky draw for  one night weekend stay with buffet breakfast for two in The Fullerton Hotel Singapore and 2 vouchers for 3 Course Set Dinner for 2 persons at Se7enth Restaurant!

Event is over. Please contact us at contact@netpluz.asia for the next event. 

BTT Fortify your network

THANK YOU FOR VISITING NETPLUZ BOOTH ON CLOUD EXPO ASIA 2018

We would like to thank you for taking your time to visit our booth during Cloud Expo Asia 2018 at Marina Bay Sands Expo and Convention Centre last week on 10-11 October 2018.

We were very excited about the large turnout at our booth. It was our pleasure meeting everyone, and definitely a good opportunity to present our value-added Managed Services, specifically on Cyber Security and True Diverse Network, powered by Nexusguard and SP Telecom, respectively. We thank you for your interest in our services and look forward to serving you in the near future.

In the meantime, please feel free to contact us at contact@netpluz.asia, with any questions or further information.

How To Be Cyber-Prepared After SingHealth Recent Database Attack

Health Minister Gan Kim Yong and Minister for Communications and Information S. Iswaran both described recent SingHealth’s attack was the most serious personal data breach in Singapore’s history (Tham, 2018).

Reported by Channel News Asia, it is known that personal data of 1.5 million patients who visited SingHealth’s clinics or polyclinics between May 1, 2015 to July 4, 2018 were copied and 160,000 of their medical records accessed before the database admin detected the unusual activity (Kwang, 2018).

On July 10, Integrated Health Information System (IHiS) confirmed that data had been stolen between June 27 to July 4, 2018. Cyber Security Agency of Singapore (CSA) established the fact that the attackers first gained access through a breach on a particular front-end workstation and from there, they managed to get credentials to access the database. This accident shows us that no one can really escape the threat of cyberattack.  We all have the same potential to become victims of cyberattack as the IT landscape is always evolving and what organizations should do today is to be more proactive in building up their own network and cybersecurity resilience.

Minister for Communications and Information, S. Iswaran on SingHealth cyberattack said that we cannot allow and must not allow this incident or any others like it to derail our plans for a Smart Nation (Yong & Tham, 2018).

“We must adapt ourselves to operate effectively, and securely in the digital age. So that we can deliver better public services, enhance the economic competitiveness and create jobs and opportunities for Singaporeans,” added S. Iswaran on the news conference.

A data breach is a serious issue everywhere.  This accident could be a nightmare in daylight for a business owner. Because when your security is compromised, this could cripple your business, costing you thousands or millions of dollars and having bad exposure to your brand image and reputation.

The next question is that what we should do to prevent this thing from happening again?

The key to deal with cyberattacks is not the chance or warranty that they won’t attack you in the first place and try to get into your system. The key is to be prepared when they do try to attack you. When you build up your network and cybersecurity resilience through the adoption of cybersecurity tools or services to mitigate such threats, on different levels, for example, ISP level, Network / Server and End Points, you can respond quickly and effectively when the attacker is trying to attack your system.

What are the best solution that our Cyber Security experts here at Netpluz can offer you to be cyber-ready after learning from the recent SingHealth’s database server attack?

The 4 Levels of End-to-end Cyber Security Protection by Netpluz

ISP Level Network Defense

  • DDoS Mitigation and Web Application Firewall (WAF)
  • DDoS Mitigation (Internet Clean Pipe)  – A total solution to protect your company’s infrastructure from malicious traffic and DDoS attacks. More specifically, Netpluz Internet Clean Pipe, powered by Nexusguard, prevents flooding or volumetric attacks that abuse the weaknesses in various communications protocols, including TCP, UDP, ICMP, FTP, and SIP.
  • Web Application Firewall (WAF) – this can protect a server from cross-site scripting, SQL injection attacks. By preventing the injection of SQL queries, the WAF can help keep sensitive information stored on the database away from snooping eyes.

On Premise Network Perimeter Defense

  • Firewall –  All the advanced networking, protection, user, and app controls you need to stay secure and compliant.

On Premise Server Perimeter Defense

  • Server Protection Software installed on the server – to help prevent an attacker from taking advantage of the common hacking techniques and persistent hacking attempts. Netpluz recommends SOPHOS Server Advanced Protect.

End-point Protection

  • Endpoint protection – For those who have access to the database server- end-user machines. This is to help detection of malware be installed on the machines that can potentially gather information on what users are accessing (ie. Database server). Also, to prevent ransomware to spread across the network. Netpluz recommends SOPHOS Advanced Protection + Intercept X.

Some Useful Tips & Tools :

  • Email Phishing Simulation Tool– To educate and create security awareness to the largest attack surface – the end-users, on what a phishing email looks like and be trained to spot a legit email and URL links. People are the #1 weakness, from a security perspective, in any organisation.
  • Keep Patches updated– make sure all software’s are up-to-date and security patches too, this is to fix those known vulnerabilities that can be exploited by attackers.
  • Do not use shared server – if your database store sensitive data, you should have your own dedicated server instead of getting a hosting provider to host your data. You can opt to do it but make sure you review with the hosting provider their security policies and what will be their responsibilities in the event that your data been compromised.

 

Source :

 

Cyber Security Essentials for SMEs – Protecting your business as the threat of attack increases

Urban Mangrove | Friday, 3 November 2017 | 2:00 PM to 6:00 PM

With a few strokes of a keyboard, rogue individuals or hackers can launch a cyber-attack such as Distributed Denial-of-Service (DDoS) from anywhere, at any time, disrupting and damaging your online assets, business operation and reputation.

Come 3 November 2017, Netpluz Cyber Security & Data Protection for SMEs event will take place at Urban Mangrove. Addressing cyber security issues related to SMEs, the event will gather senior management and Security Professionals to raise awareness, share ideas and solutions to tackle critical operational issues facing the sector.

Gartner revealed that 75% of attacks target the web application layer. As businesses embrace new technologies and digital connectivity becomes more entrenched in operations, your web assets are often exposed to numerous cyber threats and attacks that are growing in frequency and sophistication.

Event session will distil key elements of cyber security into non-technical bite-sized bits for you while there will be some overview of the latest defenses and threats into the Information Cyber Security (ICS) environment. Arm yourself with practical tips and proven technology for good cyber hygiene. The event looks to address key issues ensuring business have the tools and knowledge to keep their data and network secure. Find out what works best for you!

Learn more about Netpluz simple & effective solutions for DDoS mitigation for increased resilience.

Key learning of attending Netpluz Cyber Security Event for SMEs:

Event details

Limited seats available*. Register now to avoid disappointment!

Date: 3 Nov 2017, Friday
Time: 2:30pm to 6:00pm
Venue: Urban Mangrove, Block D, 231 Mountbatten Road, Singapore 397999

*Seats are limited. Netpluz and its partner reserve the final rights to turn away participants deem unsuitable for this seminar.

Event Partners

Contact person:

Rueburn Liang
Marketing Manager
DID: +65 6805 8917
Email: rueburn.liang@netpluz.asia