Cyber Security and Initiatives

Cyber Security and Initiatives

Our Cybersecurity Risk Profile

We don’t have Consumer Facing Mission Critical System that requires high availability

We don’t collect large scale Consumer/ Personal data through our Apps

We have Distributed Infrastructure for Mission Critical Systems to avoid company wide impact

Our Mission Critical Systems are in Closed environment with no public access

We are not Innovators with major IP or trade secrets where a breach could hamper our businesss

Regardless of low risk, we employ Multi-Layed IT Security measures and Internal Controls

Multi-Layered Cybersecurity Measures

Completed

  • Complex Pwd & 90 Days Pwd reset
  • Multi-Factor Authentication
  • Spam Filters
  • CyberSecurity Awareness training
  • Internal Controls for payments

Planned

  • Phishing Simulation Testing

Completed

  • Trend Micro End Point Protection
  • One Drive (30 Days data recovery – Protects against ransomware)

Planned

  • Enforce One Drive Adoption Globally
  • Encryption for Sensitive Personal Data

Completed

  • Next Gen Firewall with
    • IPS (Intrusion Prevention System)
    • Web Filtering
    • Site to Site VPN
  • Distributed Network

Completed

  • Trend Micro Deep Security for all servers on premises
  • Secured Remote Access
  • Disaster Recovery
  • Multi Layered Backup Systems

Planned

  • Enhanced DR & Backup System

Completed

  • MDM For Company provided Mobile Devices
  • Separate Network Segmentation for BYOD

Completed

  • Trend Micro Deep Security for all servers on cloud
  • HTTPS & SSL Certificates for all Web Applications and Websites
  • VA & PT for Consolidation App (Emerge)

Completed

  • VPN for all users connection Remotely

Planned

  • Multi-Factor Authentication for VPN

Security measures specific to Ransomware Protection

Email Security

  • Complex Pwd & 90 Days Pwd reset
  • Multi-Factor Authentication
  • Spam Filters
  • CyberSecurity Awareness training
  • Internal Controls for payments
  • Phishing Simulation Testing

Computer Security

  • Trend Micro End Point Protection
  • One Drive (30 Days data recovery – Protects against ransomware)
  • Enforce One Drive Adoption Globally
  • Encryption for Sensitive Personal Data

Network Security

  • Next Gen Firewall with
    • IPS (Intrusion Prevention System)
    • Web Filtering
    • Site to Site VPN
  • Distributed Network

Server Security

  • Trend Micro Deep Security for all servers on premises
  • Secured Remote Access
  • Disaster Recovery
  • Multi Layered Backup Systems
  • Enhanced DR & Backup System

Mobile Device Security

  • MDM For Company provided Mobile Devices
  • Separate Network Segmentation for BYOD

Cloud Security

  • Trend Micro Deep Security for all servers on cloud
  • HTTPS & SSL Certificates for all Web Applications and Websites
  • VA & PT for Consolidation App (Emerge)

Remote Work Security

  • VPN for all users connection Remotely
  • Multi-Factor Authentication for VPN

PDPA

(Personal Data Protection Act)

Even though we do not have critical consumer facing Applications today, we expect this to happen in near future as part of Health@Home initiative to drive consumer engagement

In anticipation of this, we are actively working to prepare ourselves for PDPA (Personal Data Protection Act) which will be implemented effective 1st June 2022 and Mega will be ready in advance

We have engaged Hunton as our advisor and consultant for this initiative

Optimal Security is Our Goal

we aim to maintain security at a medium level that befits our current low risk profile. We shall continuously monitor and upgrade as and when our risk profile shifts in future.