After experiencing two high profile data breaches last year, the Singaporean government is looking to overhaul their data protection practices. Just to recap, last summer SingHealth lost 1.5 million personal health records in a breach that included the data of their prime minister. This was the biggest breach of personal information in Singapore’s history. On top of that, around 150,000 people on the country’s HIV registry had their information leaked online in January. These two breaches have pushed Singapore to take action and so they created a committee to re-examine their data handling practices. Their decision was to include 13 additional measures to ensure the safety of their data. These new best practices are to be reviewed by the PM Lee Hsien Loong later this year, with 3 of the practices implemented immediately.
The three measures that will be started right away include: file integrity checks, strengthened password and encryption requirements, and adding a prompt before sensitive data is sent out through email. File integrity checks will ensure that no party is tampering with the sensitive data at hand. This is important so that it will be harder to execute man in the middle attacks. These rely on intercepting, changing, and then sending the data back to where it was supposed to go, with the recipient being none the wiser. File integrity checks will alert both parties when the file is changed inappropriately, and ensure that the right information is sent and received. Singapore is also looking to increase the strength of their password and encryption requirements. This will serve as a preventative measure for hacks with direct targets. Stronger passwords are imperative in today’s environment, but hopefully they will include some second form of authentication for users. This will ensure that the right users are accessing the right data. Having stronger encryption for more files is also a good idea and will create a more secure environment. Encryption is one of the easiest things that an organization can do to ensure that even if they are breached, the data is unusable. Additionally, prompting users to confirm that they want to send out sensitive files is a good idea in any environment. This creates an opt-out workflow and ensures that users will not accidentally send files to the wrong people.
Singapore is proactively trying to prevent data breaches for their government and ensure the safety of their citizen’s data. Many of their initiatives are very good ideas, and they actually can all be accomplished with one piece of software: SecureCircle. We created our service in order to make the data protection process easy. We provide encryption, logging, and overall security for any organization. Instead of purchasing/ implementing separate solutions for all of these things why not get one product to solve them all? When you use SecureCircle, all your sensitive data will be protected by default. Only devices with our client installed on them will be able to read the files. Every time a file is touched, that will be logged and sent to the SIEM of your choice. The future of data security is now. Opt-out methodology is the best way to ensure that your employees are responsible with your data. Keep your organization safe by learning more about our software today.