34 Additional Information We Are Kenanga Leadership Message Our Sustainability Approach How We Are Governed Financial Statements Shareholders’ Information BOOSTING CYBER SECURITY [GRI 418] Key Policy and Framework • Cyber Security Policy has been developed based on industry best standards such as the US National Institute of Standards and Technology cyber security framework • The Group Confidential Information Policy has been established and incorporated various privacy legislation that includes Financial Service Act 2013, Securities Industry (Central Depositories) Act 1991, BNM’s Management of Customer Information and Permitted Disclosure and Personal Data Protection Act (“PDPA”) 2010 OUR APPROACH TO CYBER SECURITY At Kenanga, our suite of IT policies forms a fundamental aspect of IT governance which guides our management approach towards cyber risks and our responses to security incidents. Our Cyber Risk and Governance Accelerating Data Security Measures In 2022, we enhanced our security posture by subscribing to a suite of top-tier security solutions and deployed security measures to include Identity Access Management, Application Programming Interface Security and ransomware protection. Additionally, we also enhanced the cyber resilience of our operations through the following measures: Protecting Customers’ Data Rolled out Data Loss Prevention (“DLP”) solutions and Database Activity Monitoring to defend data leaks from internal and unauthorised sources as well as virtual patch solution to shield servers from risks before applying physical security patches Managing Employees Confidential Data Enhanced the usage of the mobile management tool to effectively monitor privacy access on our employees’ mobile phones as well as our security posture by enabling and enforcing multi-factor authentication for Office 365 Instil Cyber Awareness amongst Employees Delivered mandatory monthly cyber security awareness training to all employees and rolled out regular email phishing simulations to educate employees to swiftly identify and respond to potential phishing threats Future Outlook As we transition towards a future defined by digital innovation, cyber security has become even more crucial as reflected in our recent materiality assessment. In line with our IT Strategy 2023-2027 and DLP Framework, we aim to continue taking proactive and progressive actions such as upgrading our systems as well as increasing our employees’ and clients’ awareness in taking precautionary steps to reduce cybersecurity risks. Our end goal is to ensure that our clients can confidently pursue their financial goals in the digital age while knowing that their personal and financial data is secure. For more information on our cyber security initiatives, please refer to page 55 of our Sustainability Report 2022. OUR SUSTAINABILITY STATEMENT
RkJQdWJsaXNoZXIy NDgzMzc=