(Image credit- Tech Times)
Data breaches at the Law Society of Singapore and FortyTwo, an online furniture company, highlight the importance for businesses to protect the security of their sensitive data.
As data breaches become more frequent, Singapore’s personal data protection environment is becoming more crucial. The Personal Data Protection Commission (PDPC) has issued an order that emphasizes the urgent need to make sure the strictest security measures are in place to secure people’s personal data.
The case against Singapore’s Law Society, a grouping of legal experts, serves as a harsh warning of the threat presented by cyberattacks. A ransomware attack on the organization compromised the personal information of 16,009 members, including their residential addresses and NRIC numbers.
The reports claim that PDPC investigations found a number of security failings by the organization, including employing an easily crackable password for its IT administrator account and neglecting to examine its security measures three years before to the attack.
The PDPC ordered the Law Society to hire qualified security providers to undertake an in-depth security audit and close any gaps found in order to resolve the security flaws found. This shows that businesses and organizations—regardless of size—need to take a proactive approach to cybersecurity.
Organizations can protect their personal data and adhere to data protection rules by regularly monitoring and adopting the newest security patching, updating, and upgrading. A manual for managing and reporting data breaches under the PDPA was published by the PDPC.
Notably, the PDPC also fined online furniture retailer FortyTwo SGD 8,000 for failing to patch and maintain its website, which led to the leakage of 6,339 customers’ personal information.
Credit card information for 97 customers was compromised, along with additional data. Organizations should adopt a thorough cyber-security policy that complies with the most recent security standards and guidelines in order to prevent situations like these in the future.
Additionally, the commission has mandated that all software and firmware supporting the recruitment business RSGMS’s website and applications, which allow for the access of personal data, be routinely patched, updated, and upgraded.
The PDPC’s directives to repair security holes highlight the necessity for businesses operating in Singapore to take proactive measures to secure customer data or risk severe repercussions.
By conducting routine reviews and making sure that all systems are consistently patched and updated, they should take note of the recent enforcement actions and work to strengthen their security procedures.
Also read: Elon Musk charges Twitter with security breaches in court filing
This will reassure customers that their data is secure in addition to guaranteeing compliance with data protection rules. The Law Society of Singapore’s directions were recently posted on the PDPC website.
Companies that have not taken these steps must do so immediately or risk repercussions, including enforcement direction and penalties, for failing to comply with privacy legislation.