CYBER-READINESS AND DATA PRIVACY
With cyber-attacks becoming more prevalent, targeted and complex, we are adopting industry best practices and moving beyond technology defence towards a more holistic and risk-based cybersecurity framework. The objective is to establish a robust foundation to identify and protect our critical assets and more importantly, be able to detect and respond to threats.
Using proven security solutions, we ensure sensitive data is encrypted to safeguard critical information. Data recovery strategies and measures, such as data backup, are in place to minimise downtime and ensure critical information can be made available quickly for business continuity.
CDL has established a Cybersecurity Framework to detect, protect against and respond to cyber-attacks and crimes, and the CDL Computer Security Policies and Standards were updated on cybersecurity compliance. Besides embracing the Next Generation Anti-Virus software, Advanced Email Security Protection solution, Enterprise-Class Firewalls and Intrusion Protection System to protect our information assets, our Information Technology (IT) department has also deployed the User Behavior Analytical solution to enable the identification of abnormal user computing behaviours or activities. At the same time, we have rolled out an Endpoint Detection and Response solution to enable the detection and containment of advanced persistence cybersecurity attack threats.
On top of the above, CDL has also engaged a reputable Managed Security Operation Center (mSOC) service provider to provide 24/7 security monitoring and incident response services. To increase our employees’ IT security awareness and vigilance, a series of online cybersecurity trainings and periodic phishing attack simulations were conducted to increase our employees’ IT security awareness and vigilance.
Employee Training and Communication
Annually, 100% of our full- and part-time employees are required to complete a compulsory online declaration to acknowledge that they are aware of, have read, and are compliant with CDL’s corporate policies and guidelines. Awareness bulletins are published on CDL’s intranet for a quick refresher anytime on key elements of CDL’s stance against corruption. Fraud risk awareness training and assessments covering topics such as bribery and conflicts of interest were also conducted for selected front-line business units.
As part of the orientation programme, new hires are required to learn about CDL’s Code of Business Conduct and Ethics, as well as other related corporate policies including Anti-Corruption, Fraud, Competition, and Whistleblowing. They are also required to complete a self-paced, interactive e-learning module (accessible to all employees as well) that provides information and guidance to recognise, address, resolve, avoid, and prevent instances of corruption. In 2020, 100% of new hires were educated with anti-corruption knowledge.
To increase employees’ vigilance against cybercrime, which is exacerbated by the adoption of online working environments and operations, several data protection and cybersecurity awareness training sessions were conducted in 2020.
CDL’s Social Media Guidelines advocate employees’ responsibility on the use of social media, including taking precautions for the protection of information privacy. In 2020, there was zero substantiated complaint concerning breaches of customer privacy, theft, leak and loss of customer data or critical information.