Protect Your Business With Enhanced best Cybersecurity Practices

Protect Your Business with the Best Cybersecurity Practices

Posted on 30 September 2021 in Business | Anna Beatrice


The new normal setting caused by the pandemic has sparked continuous cases of cyber attacks. With the rise of work-from-home setups, cybercriminals take advantage of this situation and they’re trying to gain corporate access to steal large amounts of money or post threats of leaking confidential data in exchange for ransom.

These cyber threats present a significant reason to further implement the best cybersecurity practices within the company.

Cybercrime Cases in Singapore

According to The Straits Times, a ransom attack has affected the personal data and clinical information of nearly 75,00 patients of a private eye clinic in Singapore. This has been the third reported incident in the whole month of August. [1]

In another news reported by The Register, a Singaporean telco, StarHub, has become a victim of a cyberattack that leaked national identity card numbers, mobile numbers, and email addresses of the customers. [2]

Singapore's Personal Data Protection Act 2012 (PDPA) [3] institutes guidelines on how companies should secure and store data as well as requirements for notifying victims of a data breach under their watch.

Based on the statement of a Singapore-based media lawyer that the news publication spoke to, the PDPA is said to be a serious regulation but is considered less strict than Europe's GDPR [4] .

Importance of Cybersecurity Awareness

The number of cyberattack cases is expected to go up, setting a significant reason to raise awareness and establish practices to prevent such incidents.

Most importantly, for small and medium enterprises [5] (SMEs) that are simply interested in the benefits of automated processes but NOT entirely familiar with the requirements and infrastructure that come with it.

For instance, many aren't aware of the value of external certifications like ISO and MTCS, which are the fundamentals of any digitised system.

Meanwhile, larger corporations may have procedures in place but these measures don't guarantee compliance. Most assume that installing antivirus software is enough to block cyberattacks.

Businesses of all types, sizes and in all locations must know that despite having the highest certification for multi-tier cloud security standards, Singapore is not immune to security issues. Every organisation must also acknowledge the fact that Cloud is global, therefore, there'll always be a potential risk.

For these reasons, companies need to take immediate action to ensure that all systems and workspaces have multiple layers of security.

Best Cybersecurity Tips and Practices For Businesses

Individuals and organisations can take simple steps to prevent cyber-attacks and secure all confidential information.

1. Keep Software and Devices Up-To-Date

Cyber attacks are often caused by the failure to keep all systems or software up-to-date. This allows the cybercriminals to use this weakness and gain access to the company's network.

Once they get in, it might be too late to prevent cyber attacks. To make sure that everything is upgraded and updated, it's wise to install a patch management system that'll manage all system and software updates.

2. Use Strong Cybersecurity Software

Protect the confidential data of the company and its employees by installing robust anti-malware and antivirus software for your network. This will help to better track and eliminate data breaches at the corporate level.

Don't forget to always check if the cybersecurity software system is kept up-to-date and in line with company regulations as well.

3. Secure Mobile Devices

The use of smartphones, tablets, laptops and other devices have become a necessity for work, especially with the new normal setting. This means that these devices are often taken off-site, that's why it's important to ensure that they're fully secure with Endpoint Protection software.

This will help secure corporate networks that are remotely connected to the devices. Make sure to also install "Find My Device" software on all devices to determine the location of the stolen property.

4. Backup All Business Data

Sometimes, despite taking preventative actions against security threats, data breaches may still happen. As a result, you may encounter deleted or corrupted data due to cyber attacks.

To avoid possible business damages such as loss of data, serious downtime, and financial loss, be sure to back up all employee and client information and other business data.

5. Conduct Cybersecurity Training for Employees

Are you aware that almost all data breaches are caused by simply a human error? Cybercriminals can gain access by sending fraudulent emails, impersonating someone in the organisation, and asking for credentials.

To prevent such incidents, every employee must be regularly trained about cyber security protocols, especially the newly hired ones. Training sessions must include identifying email security threats and reporting data breaches or any suspected incidents/activity patterns

Most importantly, make sure that all employees follow the company's IT security policies and procedures.

6. Invest in Cybersecurity Insurance

Despite the rising cases of data breaches, only a few businesses have cyber insurance due to the extensive cost. However, many aren't aware that a cyber insurance policy helps cover the financial losses caused by a cyber attack.

The coverage also includes claims made by employees or clients that may have been harmed because of the company's action or inaction. That's why it's important to consider the advantages of having a cyber insurance policy.

7. Install a Firewall

Data breaches are constantly evolving where new ones continue to appear and some even reoccur. Securing the company's network behind a firewall is a well-proven and effective way to protect all business data from any cyber threats.

A firewall system will block any cyber-attacks that are made on the network/system before it carries out severe damages.

8. Implement Role-Based Access Control

By implementing role-based access control, employees only have access to data and tasks deemed necessary by their job function and role. This will reduce the risks of social engineering attacks as fewer people will have the authorization to access sensitive and confidential data.

9. Use Multi-factor Authentication

Multi-factor Authentication (MFA) is also one of the best cybersecurity practices for businesses of all types and sizes. It’s an authentication method that requires the user to provide two or more verification factors to gain access to an application, online account, or a VPN.

Rather than just asking for a username and password, MFA requires one or more additional verification factors, such as a One Time Pin (OTP) which decreases the likelihood of a successful cyber attack. This way, it'll be much more difficult for cybercriminals to gain access.

10. Manage Third-Party Security

If there are any clients or third parties who need access to the system, it's important to be aware of the responsibilities and risks that come with it. Be sure to imply strict security controls, identify possible cyber threats, and monitor the network.

11. Prohibit the Sharing of Login Credentials

In a company, password sharing can make it easier for multiple users to access a team account. Leaving a password on a sticky note allows a co-worker to log in to a business account in an emergency.

Some managers share passwords so they can delegate tasks. However, sharing of login credentials is a serious risk and should be strictly disallowed. 90% of today’s enterprise login traffic comes from attackers automatically trying passwords stolen from one site in login screens at other sites to take over accounts.

With the employees having their own login credentials for every system, they'll only need to log in once each day. This strategy will help reduce the risk of cyber threats, making it one of the best cybersecurity practices for employees.

12. Activate Network and Data Encryption

With network and data encryption, all data will be converted into a secret code before it's sent over the network. To keep confidential information from being exposed to cybercriminals, it's vital for every organization to turn on network and data encryption when sharing and storing data.

This can be activated through the router settings or installing a VPN (Virtual Private Network) software on computers and other devices.

13. Monitor Cyber Security Protocols

Be aware that cybersecurity risks also emerge and evolve throughout the years. To protect core infrastructure and systems, work with Cyber Security Agency (CSA) to review existing security protocols and ensure that all policies and procedures are up-to-date.

14. Build Physical Security

While focusing on cyberattacks prevention, we tend to forget the essence of physical security. Without any physical security, somebody can easily walk into the office and access the files into one of the computers.

Security devices such as CCTV and door entry code access plays a vital role in preventing cybersecurity threats. This will help identify the unauthorized person who gained access to business premises and committed cyber threats.

15. Employ a “White Hat” hacker

Not all hackers are bad, “White Hat” hackers expose security risks for the sake of helping others to improve their cybersecurity by keeping them aware of security flaws and patching them. It might benefit you to hire one to help you find risks you never knew you had.

16. Emphasise the Importance of Cybersecurity to Employees

Outside of the IT and HR departments, it can be easy for employees to underestimate the importance of cybersecurity. In addition to regular training, maintain an active, ongoing internal forum to help employees understand what trends are happening in the marketplace based on industry news and analyst reports.

17. Use HTTPS on your website

Having an SSL certificate installed and HTTPS enabled on the website helps secure confidential information by encrypting all data that travels between a visitor’s browser and the webserver.

Especially for eCommerce businesses, it’s important to secure log-in credentials, credit card details, and payment transactions to assure website visitors they are protected against identity theft, financial frauds, and other cybercrimes.

18. Secure Data Disposal During Handover Process

To secure data disposal, every organisation must implement the right policies that reflect the business requirements. When discarding old data of former employees, one must consider the detail and length of the employee handover process.

HR professionals must work with the team manager to have a guide on what data should be covered during the process. This includes conducting an exit interview to ensure all critical information will not be lost.

With the ever-growing cyber threats to businesses, prevention is the key to reduce the risk of a data breach.

Fortunately, QuickHR offers improved data security and labour law compliance in all of its integrated features. With our full-spectrum software, companies will be able to perform confidential operations in a secure system equipped with SSL and multi-level encryption technology that’s accessible only to authorised personnel. Your company will be able to experience simplified HR processes in a fully safe and secure platform!

Once again, we hope that you’ve enjoyed a good read. And remember, Think Now, Think Far, Think QuickHR.

* Get in touch with us at https://www.quickhr.co/ to find out more about our state-of-the-art HRMS solution!

Sources

  • [1] ]https://www.straitstimes.com/tech/tech-news/nearly-73500-patients-data-affected-in-ransomware-attack-on-eye-clinic-in-spore
  • [2] https://www.theregister.com/2021/08/12/singapore_telecom_breach_leaked_personal/
  • [3] https://www.pdpc.gov.sg/Overview-of-PDPA/The-Legislation/Personal-Data-Protection-Act#:~:text=The%20Personal%20Data%20Protection%20Act,for%20personal%20data%20in%20Singapore.&text=It%20comprises%20various%20requirements%20governing,Not%20Call%20(DNC)%20Registry.
  • [4] https://gdpr.eu/what-is-gdpr/
  • [5] https://sdh.edu.sg/wp-content/uploads/2016/11/Embracing-Structured-Internship-1.pdf

OTHER ARTICLES