Cyber Hygiene Assessment

In response to a spate of data breaches globally, the Monetary Authority of Singapore (MAS) has stepped up efforts to strengthen the sector's defence against rising threats, announcing that all financial services and e-payment firms in Singapore must comply with a new set cyber hygiene rules.

The Notice on Cyber Hygiene makes key elements in the MAS Technology Risk Management (TRM) Guidelines compulsory, and firms have until 6 August 2020 to implement them. It prescribes six cyber hygiene practices:

1. Administrative Accounts
   A relevant entity must ensure that every administrative account is secured to prevent any unauthorized access or usage.
2. Security Patches
   A relevant entity must ensure that security patches are applied within a defined timeframe and mitigating controls are in place for systems that cannot be patched.
3. Security Standards
   A relevant entity must ensure that there is a written set of security standards for systems and that systems are tested to ensure compliance to the security standards.
4. Network Perimeter Defence
   A relevant entity must ensure the implementation of controls at the network perimeter to restrict all unauthorized network traffic.
5. Malware Protection
   A relevant entity must ensure that one or more malware protection measures are implemented on every system, to mitigate the risk of malware infection, where applicable.
6. Multi-factor Authentication
   A relevant entity must ensure that multifactor authentication is implemented for all administrative accounts and all accounts on any system used to access critical information from the internet.

Deloitte offers cyber hygiene services to help financial institutions navigate the increasingly challenging cyber threat landscape. Read our report and contact us for more information.