June 28, 2016

Internet Access Singapore: Is No Access the Best Protection?

No access to the Internet in the workplace has got to be a security officer’s dream. Staff would not be able to accidentally download malware from dodgy websites, or share sensitive documents online.

This kind of thinking has lead officials in Singapore to decide to block the country’s public servants from accessing the Internet on work computers. It’s a ballsy move but one that the Intercomm Development Authority (IDA) in Singapore says will create a more secure working environment.

The Internet privacy Singapore policy will “plug potential leaks from work emails and shared documents amid heightened security threats,” according to newspaper reports.

Internet access Singapore changes are scheduled to begin in May 2017 and eventually apply to all of the about 100,000 public service computers. Employees will still have email, and they will also be able to access the web on their own personal devices as well as dedicated internet terminals.

Internet access is a key point of entry for cyber criminals. Hackers attempt to ‘exfiltrate’ or manipulate data where it is stored, processed or in transmission. Ransomware (attacks are forecast to spike this year) prevents access to data – unless a ransom is paid.

The ICIT (Institute for Critical Infrastructure Technology) Ransomware Report warns that as new technology becomes available, more and more people and businesses will be connected to the Internet in a variety of ways, making them prime candidates for a cyber attack.

But it really takes just one negligent employee to open a malicious attachment or link – and mistakenly compromise an entire system.

While experts continue to weigh in on the Internet security Singapore decision, one message is clear: workplaces should not rely on technology alone as defence against cyber attacks.

Organizations must acknowledge that whenever they’re connected to the Internet, they’re at risk, said the ICIT Ransomware Report. While de-linking from the Internet will help to eliminate risks, here are cyber security best practices that will go a long way in protecting confidential information too:

Company Culture

Employee Training

  • Provide on-going security training and awareness so employees recognize and report threats.
  • Teach secure work habits (for example, don’t click on links in emails; bookmark trusted websites – and access these websites via bookmarks; download email attachments only from trusted sources).

Technology

  • Back up data regularly.
  • Update software with patches as soon as they become available.
  • Utilize layered defenses including firewalls, intrusion detection and prevention systems, anti-virus, anti-malware, anti-ransomware, and endpoint solutions.
  • Encrypt data at rest and in transit.

Policy and Procedures

  • Create a cyber security policy.
  • Have an incident response plan for business continuity, data restoration, and disaster recovery. 
  • Don’t save critical data on a laptop or desktop if possible.
  • Do not use public WiFi when confidential data is being shared
  • Schedule regular risk assessments to identify and address vulnerabilities.
  • Protect all devices that store confidential information.
  • Do not stockpile hard drives. Partner with a document destruction leader that provides secure hard drive destruction and other safeguarding services.

A Clean Desk Policy protects confidential paper and digital information in the workplace too.