Home Blog Page 124

Government agencies have fixed 80% of high-risk data security issues found in review: SNDGG

0

SINGAPORE: Government agencies have rectified about 80 per cent of “high-risk” data security issues that were found in a recent review, and work is under way to introduce new systems to improve user access security, the Smart Nation and Digital Government Group (SNDGG) told CNA.

Findings of the review were released last November, after a Public Sector Data Review Committee inspected 336 systems across 94 public sector agencies. It was part of a major review to better protect the public’s personal data.

In its report, the committee said that about three-quarters of agencies had at least one finding of non-compliance with a government manual on data policies and standards.

Sixty-four per cent of agencies were rated “low-risk”, 23 per cent were rated “medium-risk” and the remaining 13 per cent were rated “high-risk”.

The most common shortcomings found were in the management and monitoring of privileged user accounts, user access reviews, as well as the encryption of emails with highly sensitive data.

The committee’s report did not state which agencies fell under these categories.

READ: Government accepts 5 measures to improve data security, to set up single contact for public to report breaches

The Prime Minister’s Office had announced in March last year that it was forming the committee following several public data breaches.

In July 2018, 1.5 million SingHealth patients’ records – including that of Prime Minister Lee Hsien Loong – were accessed and copied, in what was the most serious breach of personal data in Singapore’s history.

Public Sector Data Security Review Committee members

The Public Sector Data Security Review Committee includes Senior Minister Teo Chee Hean (fourth from right) and four other ministers. (Photo: Ministry of Communications and Information)

EMAIL ENCRYPTION A TOP PRIORITY

A representative from cybersecurity firm Kaspersky told CNA that the encryption of emails with highly sensitive data should take “top priority”, given that emails are agencies’ preferred mode of communication in today’s digital age.

“Encryption is the basic building block of data security and it is the simplest and most important to ensure that sensitive data does not get stolen and read by someone who may use it for illegal purposes,” said Mr Yeo Siang Tiong, Southeast Asia general manager at Kaspersky.

Safeguarding email communications is also “paramount” to mitigating the risk of data breaches, Mr Yeo added, citing a Deloitte report that said 91 per cent of all cyberattacks begin with a phishing email.

A user infected with malware can allow attackers to intercept and read emails en route from sender to recipient, before extracting any sensitive content, a report by Scarfone Cybersecurity explained.

READ: Confirmation prompts for emails among 13 data security measures to be rolled out across public sector

Following the committee’s findings, the Government has implemented various measures like the use of tools that require public officers to acknowledge and confirm the sending of emails containing sensitive data, said an SNDGG spokesperson.

They are also required to digitally sign and password protect sensitive documents to ensure data in transit are not maliciously modified.

In addition, officers must securely distribute passwords through a separate channel, and use data-sharing platforms like the Singapore Government Document Collaboration to securely send and access sensitive data documents.

READ: Budget 2020: S$1b to be spent on enhancing Government’s cyber, data security capabilities

Since the committee’s report was released, more than 65 per cent of agencies with at least one finding of non-compliance have rectified them, said the spokesperson.

The fixes are validated by the Government Technology Agency, which together with the Smart Nation Digital Government Office make up SNDGG.

Most instances or non-compliance are expected to be rectified by the end of 2021, said SNDGG, except for those related to the updating of user access rights, which includes removing access rights of inactive users.

This will take until end-2023 or end-2024 to implement, as new central systems are needed to automate the checking of user access rights, the spokesperson added.

“Meanwhile, agencies have put in place other mitigating controls, such as 2-factor authentication (2FA), encryption of sensitive data and monitoring of data access logs, to manage the attendant data security risks to ensure that data is secure,” the spokesperson stated.

Kaspersky’s Mr Yeo said the measures “can be quite effective” as a system of information security checks and balances, and are in line with industry best practices.

However, the use of SMS-based 2FA can sometimes be unreliable, he warned, as text messages can be intercepted by a Trojan virus inside the smartphone, or through a basic flaw in the protocol used to transmit the messages.

“In such cases, it would be advisable to use authenticator apps which are entirely self-contained, with the SMS option used only as a last resort to minimise an organisation’s exposure to data breaches,” he added. 

NON-PRODUCTION ENVIRONMENTS COULD BE VULNERABLE

Mr Yeo said the management of extraction of production data to non-production environments is “another key item of non-compliance to pay attention to”.

Production data refer to actual data stored in a system, like personal details. Non-production environments refer to offline systems used during testing and development to prevent interruption to users.

READ: More than a quarter of Singapore residents suffered at least 1 cybersecurity lapse in past year: CSA survey

A report by cybersecurity consultancy UpGuard gave an example of how these two could meet – occasionally, production data are loaded in a non-production environment to help debug a complex issue.

A hacker could exploit this by gaining access to the non-production environment and stealing the production data, the report said.

“Today, a lot of the proprietary data generated and accumulated by organisations are often shared with non-production environments for data analytics, development and other purposes,” Mr Yeo added. 

“While most production environments have established security protocols, the same kind of protocols might not be applicable in a different environment and this creates a vulnerability that could be exploited by cybercriminals.”

CYBERSECURITY EDUCATION KEY TO RESPONSIBLE USER ACCESS

As for user access reviews and the management of privileged user accounts, Mr Yeo said users should be educated on cybersecurity best practices, pointing out that human error appears to be “greatest cause” of cybersecurity breaches.

Users should know not to click on email attachments from unknown senders, avoid the use of unsecure Wi-Fi networks on organisation devices, as well as adhere to an IT code of conduct, he noted.

In its review, the Public Sector Data Review Committee had recommended that officers attend improved data security training every year.

File photo of illuminated keyboard cybersecurity

More should be done train public officers on cybersecurity best practices, an expert said. (Photo: AFP/Fred TANNEAU)

Mr Yeo cautioned that training could become a “rather mundane and ‘tick the box’ activity for organisations”, adding that it should consider how people naturally think and be tailored to different roles.

“Given that employees in the civil service have differing levels of data access and work in different roles, it is important to consider implementing a holistic adaptive framework to cybersecurity education,” he added.

“All three attributes of people, process and technology play a key role in minimising any data breaches arising from user access and the misuse of user privileges.”

INACTIVE USERS HAVING ACCESS A CONCERN

This is also why the updating of user access rights is an area of concern, Mr Yeo said. Under this category of findings, the committee found delays in the removal of access rights of inactive users.

A Kaspersky report released last year showed that one-third of employees continue to have access to files and documents from their previous employers.

FILE PHOTO: Woman using a mobile phone while looking at a computer screen

FILE PHOTO: A woman using a phone and looking at a computer. (Photo: Marcus Mark Ramos)

“When applied to the context of civil service in Singapore where employees often take up roles in different departments, the updating of user access rights is rightfully a key area of concern where there is a greater need to safeguard sensitive and confidential data that might carry implications for national security,” Mr Yeo said.

“Some potential risks to data security include former employees using the data for their own purposes, sell to interested individuals who are keen to harm the national interest, as well as the fairly innocuous act of corrupting or deleting files by accident on the network.”

TECHNICAL CHALLENGES

Fixing these issues effectively would require a “re-architecture” of existing systems, the SNDGG spokesperson said.

He added that a central identity and access management system will be completed by end-2023 for priority systems, with the remaining systems scheduled for completion by end-2024.

“Some possible challenges in this pertain to the systems’ ability to simplify communication processes across a complex and interconnected system that is expected to monitor and update user access rights on an ongoing basis,” Mr Yeo explained. 

“Generally, this would involve multiple testing phases to ensure that the system is able to deal with the heavy flow of information and compliant with data security measures before it can be officially utilised.”

READ: Committee tasked with reviewing data security practices in public sector holds first meeting

Nevertheless, the agencies have made “quite encouraging” progress on fixing the instances of non-compliance, Mr Yeo said, although he added that both users and processes need to keep up with the technical improvements.

“While it is easier for an organisation to implement the latest cybersecurity technologies, how quick these non-compliances are patched up will also depend on how fast people and processes adapt as well,” he said.

Source link

Joo Chiat hawker sells Hokkien mee stall and recipes for $20,000: 2 other hawkers who sold their recipes

0

[ad_1]

Would you pay $20,000 to take over a hawker stall that has a steady stream of regular customers and its recipes?

Well, someone did even during these tough Covid-19 times. 8 Days reported that the owners of Joo Chiat Hokkien mee hawker stall Yong Huat have sold their store and recipes for fried mee sua, char kway teow and of course, Hokkien mee.

Hence Yong Huat’s stall at Alibabar The Hawker Bar will continue to operate, with the new owner slated to take over operations of the 50-year-old stall from August 31. 

The current husband and wife team, Pang Weng Hong and Chia Siew Heok, have been training the new owner for the last two weeks.

[ad_2]

Source link

Decathlon, Rilakkuma cafe: New store and F&B openings in Singapore this year despite Covid-19

0

[ad_1]

While several businesses have already shut their doors no thanks to Covid-19, there are others that have managed to pull through this pandemic.

It’s definitely some good news amid all the bad that we are seeing various businesses opening new stores and outlets in Singapore this year.

Here are some that have recently been announced:

[ad_2]

Source link

Cat-saving cop who made women swoon now impresses men for doing 105 push-ups in a minute for IPPT

0

[ad_1]

It’s been a hot minute since Staff Sergeant (SSG) Benjamin Cheah popped up in headlines, so here’s a refresher: he got the ladies online thirsting over him back in 2015 after he and a fellow police officer rescued a cat that was stuck on a six-storey-tall pine tree. 

When a photo of the cat and its rescuers was posted on the Singapore Police Force Facebook page, the comments section erupted with hundreds of comments about the dashing looks of the police officers. Last we checked, that post holds over 10,000 likes on Facebook. 

This time around though, it was not the female population that went into a frenzy over a Facebook post featuring SSG Cheah. Quite the opposite actually — it was the men that felt weak in their arms and knees after finding out that the police officer is fit as heck. 

[ad_2]

Source link

Singapore residents to receive SingPass notifications on matters regarding identity card, passport

0

SINGAPORE: Singapore residents with registered SingPass accounts will start receiving digital push notifications on identity card (IC) and passport-related matters from next month, the Immigration and Checkpoints Authority (ICA) said on Friday (Aug 28).

Currently, Singapore citizens and permanent residents receive hardcopy letters or email notifications for such matters.

From Sep 1, these notifications will be sent either to their SingPass mobile application or as an SMS to the mobile number registered to their SingPass account.

These notifications will include a link that directs the user to the ICA website to begin their transactions or check on the outcome of their applications.

ICA said its digital push notification service will cover a variety of matters regarding ICs and passports.

This includes notification for passport renewal, approval of passport or IC application, notification on the recovery of lost ICs as well as eAppointment confirmations and reminders.

This new digital service, launched in partnership with GovTech, enables Singapore residents to receive these notifications in a more direct and timely manner, said ICA.

More digital push notification services for ICA’s other products and services will be progressively rolled out.

Sample of mobile phone screenshots with the push notifications

Sample of mobile phone screenshots with the push notifications. (Images: Immigration and Checkpoints Authority)

Under the existing notification process, Singaporeans receive a hardcopy letter nine months before their passport’s expiry. The letter also provides information on how to apply for a new passport.

Similarly, letters are also sent to let successful Singapore passport applicants know that their passport is ready for collection. The same applies to Singapore residents two weeks before their 30th or 55th birthday, who are reminded via hardcopy hardcopy notification cards to re-register their IC.

ICA said Singapore residents should ensure that their SingPass contact details are updated to ensure that they will be able to receive the new digital push notifications.

They should also activate the push notifications function in their SingPass mobile app. 

Those who do not have a SingPass account will continue to receive hardcopy letters or emails if they have registered an email address with ICA.

Singapore residents can also log into MyICA to access IC and passport notifications and check on the status of related transactions.

Source link

NTU student caught trying to film hall mate showering

0

[ad_1]

As he headed to the showers, one of his residential hall neighbours in Nanyang Technological University (NTU) held the toilet door open for him.

Later, while he was showering, he noticed the top of a mobile phone peeking above the cubicle door.

When the third-year mathematics student, 23, opened the door, the alleged Peeping Tom was already running away. But he recognised the man from his clothes – he was the one who held the door open for him.

The police confirmed yesterday that they were alerted to a case of voyeurism at NTU at 4pm on Wednesday. They said a 20-year-old man is assisting them in the investigations.

The New Paper understands the suspect is a second-year student from China.

An NTU spokesman said in a statement that campus security was alerted at around 3.45pm, and the university is providing all necessary pastoral care and assistance to the students concerned.

NTU is also assisting the police in their investigations.

The new academic year had started recently, on Aug 11.

[ad_2]

Source link

Suntec Singapore retrenches nearly half its employees

0

[ad_1]

SINGAPORE – Nearly half of the employees of Suntec Singapore Convention and Exhibition Centre (Suntec Singapore) have been retrenched amid the ongoing decimation of the meetings, incentives, conventions and exhibitions (MICE) industry.

The venue said on Thursday (Aug 27) the 85 workers, consisting of 60 Singaporeans and permanent residents and 25 foreign staff members, were employed in food production, sales and events, human resources, and finance.

With the retrenchment exercise, Suntec Singapore will have a remaining workforce of 89 local staff and four foreign staff.

“Due care has also been taken to ensure an ageless workforce, maintaining staff across the various age groups,” said Suntec Singapore in a joint statement with the Building Construction and Timber Industries Employees’ Union (Batu).

Suntec Singapore said the MICE industry has been severely impacted by the ongoing Covid-19 pandemic and events have been suspended since April.

[ad_2]

Source link

No obligation under Ceca for authorities to grant Indian nationals Singapore PR status or citizenship: MTI

0

[ad_1]

SINGAPORE – There is no provision under the Singapore-India Comprehensive Economic Cooperation Agreement (Ceca) for Indian nationals to become Singapore permanent residents and citizens, said the Ministry of Trade and Industry (MTI).

And it is not true that Ceca requires Singapore authorities to automatically grant employment passes to professionals, managers and executives (PMEs) from India who want to work here, it added.

The ministry, in a statement on Thursday (Aug 27), was responding to media queries after the merits of the pact, which was signed in 2005, have again come under scrutiny in recent weeks.

[ad_2]

Source link

Commentary: Maybe bosses shouldn’t try to be funny and make jokes at the office

0

SINGAPORE: How many of us have had bosses with no sense of humour? Working under them can leave us feeling bored and unmotivated. 

On the other hand, if they joke too much, it can be hard to take them (or the job) seriously. 

COVID-19 has changed the face of our work life as we know it. We’re telecommuting, safe distancing, and trying to connect in our virtual teams – yet not enjoying ourselves very much.

According to a COVID-19 mental health survey run by the National University Health System’s Mind Science Centre published on Thursday (Aug 19), 61 per cent of respondents who work from home reported feeling stressed. 

It’s sensible that bosses therefore try harder to lighten the mood and make their teams laugh.

READ: Commentary: Hello COVID-19 remote working, goodbye cult of presenteeism

READ: Commentary: Burned out while working from home? You should check your work-life boundaries

We already know humour in the workplace can be a powerful force. Laughter is associated with higher productivity, better morale and greater rapport at work and has numerous proven health benefits, including alleviating stress, studies have shown. 

You might think these findings do not apply to Singaporeans who seem like serious people who want to get down to business. 

Yet Singaporeans ranked both “happiness” and “humour/fun” in their top 10 personal values as words that best described themselves and their notion of the ideal Singapore society, according to the 2018 National Values Assessment survey.

But here’s the thing about humour: “It’s hard to do well and easy to do badly,” astutely noted by time management guru and author of What The Most Successful People Do At Work, Laura Vanderkam.

We all remember the painful, conspicuous silence of a joke falling flat on its face. Or the obligation to laugh at a bad joke. In other instances, some jokes are just downright inappropriate. 

So how do leaders strike that balance and know when to quit joking around?

WE WANT TO CONNECT WITH COLLEAGUES MORE

Telecommuting is forcing us to take a good hard look at our existing relationships with our coworkers. 

work from home photo: Mimi Thian Unsplash

(Photo: Mimi Thian/ Unsplash) 

We are devoid of physical connection, feeling the loss of opportunities to connect socially, whether over coffee or a chance meeting at the pantry, and eager to find some level of camaraderie.

We would argue humour isn’t the only way to foster a positive team culture that can withstand COVID-19.

After all, a Work Happy 2019 study by recruitment agency Michael Page showed 97 per cent of Singaporeans feel being on good terms with colleagues and bosses can improve productivity at work. 

This suggests that the answer lies less in humour, but in the intentional strengthening of existing workplace relationships, through having genuine conversations or through team-building exercises.

Rather than crack jokes – which can be tricky because different employees might have different sensibilities and sensitivities regarding humour – we would counsel managers and workers instead to focus on finding ”moments of levity” to bring the team together.

LISTEN: The conversation on race and multiculturalism younger Singaporeans want

READ: Commentary: Who do employers choose to hire if every applicant seems qualified for the job?

Efforts could be at the organisational level – in celebrating a birthday or playing games – or taking personal moments – for instance, being able to laugh at yourself when you make mistakes – which all contribute towards creating a relaxed environment where people feel safe, supported and heard. 

Even when running our Zoom workshops with clients, we encourage check-ins and check-outs to encourage listening and team-bonding separate from work-related matters. 

BUILD A STRONGER CONTAINER

We often advise executives we coach to visualise the goal at the end of the day as one that “builds a strong container” for the team.

Coined by the founder of consulting firm Dialogos and author of The Power of Collective Thinking, William Isaacs, a container is “the sum of the assumptions, shared intentions, and beliefs of a group … (which) creates a collective atmosphere or climate”.

slack phone laptop

(Photo: Unsplash/Austin Diestel)

Strong containers can withstand the winds of change in the workplace, while weak containers break when external pressures are exerted on the team.

A strong container can be built through talking and thinking through projects, challenges and issues together as a team, which establishes understanding even if workers have diverse perspectives, priorities or roles. 

Doing this requires leaders to suspend judgment and listen to concerns and ideas, which can be challenging when managers are used to a directive leadership style and often lead from the front. 

Those who are competitive and set high standards can be intimidating to staff, but in our experience, this is when such moments of team discussions where managers demonstrate they care about their teams and see their team-mates as more than number-crunching digits are most appreciated.

READ: Commentary: COVID-19 could make remote working a permanent feature. That has several implications for firms

LISTEN: Disruption 101: How COVID-19 is revolutionising work

WHEN TO LAY LOW ON THE HUMOUR

At the end of the day, humour can be a valuable asset if channelled constructively to ease tensions at critical, peak periods, set the tone for the organisation and make leaders more human and relatable.

When considering humour through the lens of strengthening the container, it helps to be mindful of three key guidelines: Personalities, authenticity, and no-go zones.

First, be mindful that workers have different personalities in the office. Not all employees enjoy laughing and joking with their bosses. 

Some may prefer to maintain a strictly professional relationship with their leaders. This boundary should be respected.

Second, don’t use humour if it feels contrived or even forced. When many people are looking to you for direction, it’s better to remain authentic to ourselves and develop a healthy sense of self at work. 

A leader with a healthy sense of self might say, “I know I don’t naturally crack jokes, but I know other ways to foster engagement with the team.”

Finally, keep in mind the no-go zones and red lines in the sand that should never be crossed. Remember that racist, sexist, immoral, and dirty humour have no place in the office or any other spaces. 

2020 has been a whirlwind of a year. Now, more than ever, we need strong business communities anchored by solid ties and good communication. 

Bosses don’t need to joke to create strong interpersonal relationships in the workplace. They just need to find fresh ways to bring teams together in a world of remote working.

Dr Lily Cheng and Dr Peter Cheng are the co-founders of PACE OD Consulting, an organisational development consulting firm. They have coached leaders and guided teams throughout Asia, Europe and the United States.

Source link

MOH ‘facilitating’ tests for visitors to camera store where COVID-19 case may have been in contact with infected employee

0

SINGAPORE: The Ministry of Health (MOH) will be “facilitating” testing for visitors to a camera shop in Excelsior Shopping Centre after a COVID-19 case may have had contact with an infected store employee.

The 31-year-old Singaporean woman was among the two community cases reported on Thursday (Aug 27) by MOH, and was detected after being diagnosed with acute respiratory infection.

Epidemiological investigations found that the woman had visited SLR Revolution camera shop at Excelsior Shopping Centre on Aug 17, when she “may have had contact” with a previous case, who had gone to work at the shop during his infectious period.

“The risk of infection for visitors is assessed to be low,” MOH said. “However as a precautionary measure, MOH will be contacting all individuals who had visited the shop between Aug 15 and Aug 18, and facilitating COVID-19 testing for them.”

Those who are unwell when contacted will be taken to the hospital for further medical assessment.

MOH advised all visitors to the shop during the affected dates to monitor their health and seek medical attention promptly should they develop acute respiratory infection symptoms.

STORE TO REOPEN ON FRIDAY

In a Facebook post on Aug 20, SLR Revolution said that its Excelsior Shopping Centre branch would close temporarily after its employee there was confirmed to have COVID-19. 

It added that staff members who work in that branch would be quarantined for 14 days and its premises there would be disinfected.

On Aug 25, it wrote that all its employees from its Excelsior branch have tested negative for COVID-19 but they would not return to work until Sep 1. 

The company said its team from its Jurong Point branch, which has not interacted with the Excelsior team, will be taking over operations at the Excelsior Shopping Centre branch when it resumes operations on Friday.

NEW LOCATIONS VISITED BY COVID-19 CASES

Our Tampines Hub and two stores in Elias Mall were added to the list of public places visited by COVID-19 cases in the community during their infectious period.

Our Tampines Hub was visited between 3pm and 3.45pm on Aug 22. The 623 F&B outlet and Sheng Siong supermarket were visited between 7.45am and 9.05am on Aug 19.

MOH locations visited by COVID-19 cases in the community

(Table: MOH)

 

MAP: All the places that COVID-19 community cases visited while they were infectious

MOH said that people who were identified as close contacts of confirmed cases would have been notified by the ministry. 

As a precautionary measure, people who were at those locations during the specified timings should monitor their health closely for 14 days from their date of visit, MOH added.

“They should see a doctor promptly if they develop symptoms of acute respiratory infection (such as cough, sore throat and runny nose), as well as fever and loss of taste or smell, and inform the doctor of their exposure history.”

The ministry said there is no need for people to avoid places where COVID-19 cases have been, and that the National Environment Agency will engage the management of the affected premises to provide guidance on cleaning and disinfection.

BOOKMARK THIS: Our comprehensive coverage of the coronavirus outbreak and its developments

Download our app or subscribe to our Telegram channel for the latest updates on the coronavirus outbreak: https://cna.asia/telegram

Source link