CYBER-READINESS AND DATA PRIVACY
With cyber-attacks becoming more prevalent, targeted and complex, we are adopting industry best practices and moving beyond technology defence towards a more holistic and risk-based cybersecurity framework. The objective is to establish a robust foundation to identify and protect our critical assets and more importantly, be able to detect and respond to threats.
Using proven security solutions, we ensure sensitive data is encrypted to safeguard critical information. Data recovery strategy and measures, such as backup, are in place to minimise downtime and ensure critical information can be made quickly available for business continuity.
CDL has developed a Cybersecurity Framework to detect, protect against and respond to cyber-attacks and crimes, and the CDL Computer Security Policies and Standards was updated on cybersecurity compliance. Besides embracing the Next Generation Anti-Virus software, Advanced Email Security Protection solution, Enterprise Class Firewalls and Intrusion Protection System to protect our information assets, our Information Technology (IT) department has also deployed the User Behaviour Analytical solution to enable the identification of abnormal user computing behaviours or activities. In addition, IT puts in place a series of online cybersecurity training and conducts periodic phishing attacks to increase our employees’ vigilance.
Employee Training and Communication
Annually, 100% of our full- and part-time employees are required to complete a compulsory online declaration to acknowledge that they are aware of, have read, and are compliant with CDL’s corporate policies and guidelines. Available anytime, awareness bulletins are published on CDL’s intranet for a quick refresher on key elements of CDL’s stance against corruption. In 2019, CDL’s zero tolerance on corrupt business practices and extortion was communicated to 100% of employees. Fraud risk awareness training and assessments covering topics such as bribery and conflicts of interest were also conducted for selected front-line business units.
New hires, as part of their orientation programme, are required to learn about CDL’s Code of Business Conduct and Ethics, as well as other related corporate policies including Anti-Corruption, Fraud, Competition, and Whistle-Blowing. They are also required to complete a self-paced, interactive e-learning module (accessible to all employees as well) that provides information and guidance to recognise, address, resolve, avoid, and prevent instances of corruption. In 2019, 100% new hires were educated with anti-corruption knowledge.
CDL’s Social Media Guidelines advocate employees’ responsibility on the use of social media, including taking precautions for the protection of information privacy.
In 2019, there were no substantiated complaints concerning breaches of customer privacy, theft, leak and loss of customer data or critical information.