Last year, Singapore’s worst data breach happened.
The data of 1.5 million SingHealth patients, including Prime Minister Lee Hsien Loong’s, were compromised.
Recently, Sephora also reported a data breach, and customers who have used their online services may have been affected.
Early this year, American bank Capital One was hit with a massive data breach, where data of about 100 million people were “illegally accessed”.
In light of these events, the Monetary Authority of Singapore (MAS) has introduced today (6 August) the new cyber hygiene rules.
All financial institutions and e-payment firms in Singapore must comply, or risk facing sanctions.
The announcement of the rules, which will kick in exactly a year from now, comes after MAS consulted the industry over two years, according to The Straits Times (ST).
Speaking to ST, Vincent Loy, MAS’ Assistant Managing Director of Technology, said they found that 90% of data breach incidents that happen locally and globally “are a result of basic cyber hygiene not followed”.
MAS is the first financial authority in the world to make cyber hygiene mandatory, ST wrote.
The cyber hygiene rules require firms to implement strong passwords, multi-factor authentication, and firewalls to restrict unauthorised network traffic.
The new rules apply to all banks, credit card or charge card issuers, any finance company, insurance companies, brokers, and exchanges, among others.
Firms that provide financial technology services, such as Grab’s GrabPay and Singtel’s Dash, and cryptocurrency exchanges like Binance and Luno, are also included.
According to ST, there are over 160 firms licensed by MAS.
Singtel and Grab said they would follow the new rules, when contacted by ST.
For more information, you may refer to the FAQs here.
Featured Image Credit: Free Malaysia Today