CYBER-READINESS AND DATA PRIVACY

With cyber-attacks becoming more prevalent, targeted, and complex, we are adopting industry best practices and moving beyond technology defense towards a more holistic and risk-based cybersecurity framework. The objective is to establish a robust foundation to identify and protect our critical assets and more importantly, be able to detect and respond to threats.

Using proven security solutions, we ensure sensitive data is encrypted to safeguard critical information. Data recovery strategies and measures, such as data backup, are in place to minimise downtime and ensure critical information can be made available quickly for business continuity.

CDL established a Cybersecurity Framework in 2020 to detect, protect against and respond to cyber-attacks and crimes, and the CDL Computer Security Policies and Standards were updated in 2021 on cybersecurity compliance. Besides embracing the Next Generation Anti-Virus software, Advanced Email Security Protection solution, Enterprise-Class Firewalls and Intrusion Protection System to protect our information assets, our Information Technology (IT) department has also deployed the User Behavior Analytical solution to enable the identification of abnormal user computing behaviours or activities. At the same time, we have also rolled out an EndPoint and Network Detection and Response solution to enable the detection and containment of advanced persistence cybersecurity attack threats. CDL also recently migrated our backup system to a ransomware immutable backup platform to guard against the heightened global ransomware attacks.

CDL has also engaged a reputable Managed Security Operation Center (mSOC) service provider to provide 24/7 security monitoring and incident response services. To increase our employees’ IT security awareness and vigilance, a series of online cybersecurity trainings and periodic phishing attack simulations were conducted to increase our employees’ IT security awareness and vigilance.

Employee Training and Communication

Annually, all our full- and part-time employees are required to complete a compulsory online declaration to acknowledge that they are aware of, have read, and are in compliance with CDL’s corporate policies and guidelines before the start of the calendar year. Awareness bulletins are published on CDL’s intranet for a quick refresher anytime on key elements of CDL’s stance against corruption. Fraud risk awareness training and assessments covering topics such as bribery and conflicts of interest were also conducted for selected front-line business units.

New hires, as part of their orientation programme, are required to learn about CDL’s Code of Business Conduct and Ethics, as well as other related corporate policies including Anti-Corruption, Fraud, Competition, and Whistleblowing. They are also required to complete a self-paced, interactive e-learning module (accessible for all employees as well) that provides information and guidance to recognise, address, resolve, avoid, and prevent instances of corruption. In 2021, 100% of our new hires were educated with anti-corruption knowledge.

To increase employees’ vigilance against cybercrime, which is exacerbated by the adoption of online working environments and operations, data protection and cybersecurity awareness training sessions were conducted in 2021.

DATA PRIVACY

Information security materials are made available to better educate stakeholders on prevailing risks, especially in the handling of sensitive corporate data. Since 2014, we have implemented a Data Privacy Policy which informs stakeholders on how CDL manages personal data in compliance with the Singapore Personal Data Protection Act (No. 26 of 2012). Customers and business partners can get in touch with our Data Protection Officer by mail, email and phone on matters concerning their personal data with CDL. The Data Privacy Policy is available to the public on our corporate website.

CDL’s Social Media Guidelines advocate employees’ responsibility on the use of social media, including taking precautions for the protection of information privacy. In 2021, there were no substantiated complaints concerning breaches of customer privacy, theft, leak and loss of customer data or critical information.