The Law Society of Singapore and online furniture retailer, FortyTwo, have experienced data breaches, demonstrating the need for organizations to ensure the security of their sensitive data.

Consequences of the Law Society Case: A Reminder to Adopt Stronger Data Security Measures 

Singapore's personal data protection landscape is becoming increasingly important as the frequency of data breaches continues to rise. A recent order issued by the Personal Data Protection Commission (PDPC) highlights this critical need to ensure the toughest security measures are in place to protect individuals' personal data. 

The case against the Law Society, an umbrella organization of legal professionals in Singapore, is a stark reminder of the challenge posed by cyber threats. The society was hit by a ransomware attack, compromising the personal data of 16,009 members, including their NRIC numbers and residential addresses. 

According to the story by The Straits Times, PDPC investigations uncovered several security lapses by the organization, including using an easily guessable password for its IT administrator account and failing to review its security arrangements within three years before the attack. 

The Need for Companies and Organizations to Adopt a Proactive Approach to Cybersecurity 

To address the security gaps identified, the PDPC ordered the Law Society to engage qualified security providers to conduct a thorough security audit and rectify any gaps identified. This points to the need for companies and organizations, no matter their size, to adopt a proactive approach to cybersecurity. 

Regularly monitoring and implementing the latest security patching, updating, and upgrading can help organizations protect their personal data and comply with data protection laws. The PDPC released a guide to managing and notifying data breaches under the PDPA.

Notably, the PDPC also fined online furniture store FortyTwo SGD 8,000 for not having its website patched and updated, resulting in the personal particulars of 6,339 customers being leaked. 

Ensuring Regular Patching, Updating, and Upgrading to Bolster Cybersecurity 

This breach involved 97 customers' credit card details and other information. To avoid similar incidents in the future, organizations should implement a comprehensive cyber-security strategy that adheres to the latest security standards and protocols. 

The commission has also ordered recruitment firm RSGMS to ensure regular patching, updating, and upgrading for all software and firmware supporting its website and applications through which personal data can be accessed. 

The PDPC's orders to plug security gaps emphasize the need for organizations operating in Singapore to take proactive steps to protect personal data or face serious consequences. 

Read Also: FBI Raises Alarm on Rising Elder Fraud Rates, Reports 84% Surge in Losses

Enforcement Actions and Sanctions for Non-Compliance with Privacy Regulations 

They should learn from the recent enforcement actions and strive to ramp up their security measures by conducting periodic reviews and ensuring that all systems are regularly patched and updated. 

Apart from ensuring compliance with data protection laws, this will also reassure customers that their data is safe and secure. The PDPC also recently released a post regarding directions to The Law Society of Singapore.

Companies that have failed to adopt such measures must take corrective action and be prepared to face sanctions for non-compliance with privacy regulations, including enforcement direction and punishments. 

Related Article: New AI Voice Scam Analysis Claims 77% of Victims Lose Money! How Can You Be Safe?

Tech Times

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion