It is also critical to protect the system environment and information assets from security threats to maintain a competitive advantage in the marketplace. Moreover, information security ensures profitability and helps maintain member and partner trust and confidence.

Security Organisation

1. 1. Sending Information to Third Parties – sending any document to any third-party may only be allowed after securing the approval from Team Leader, Manager or immediate supervisor and Information Security Office.
   2. Identification of Risks from Third Party Access – IT access is required before navigating third-party websites.

Asset Classification and Control

All personal and confidential information related to clients who disengages the services of the Company is coordinated with the Manager and Information Security Officer for deletion.

1. 1. Handling and Protection Rules – all internal information is assumed to be confidential and is protected from disclosure to unauthorised third parties.

Personnel Security

1. 1. Confidentiality Agreements – information concerning the Company’s business is not to be discussed (in all forms of communication) with competitors, outsiders, or the media.
   2. Terms and Conditions of Employment – any incident when confidential information has been lost, disclosed to unauthorised parties, or is suspected of being lost or disclosed to unauthorised parties is immediately reported to the Information Security Officer.

Communications and Operations Management

1. 1. Other Forms of Information Exchange – any confidential communication heard through telephone conversation (landline or mobile) or overheard within the vicinity of the Company is kept confidential.

Access Control

1. 1. Access Controls and Need to Know – business-related topics are only discussed with Company employees and/or individuals authorised to receive such information.
   2. User Password Management – all staff are required to secure the storage of their passwords.
   3. User Password Rules – all passwords are confidential Company information and is not shared with anyone, including the admin staff.
   4. Unattended User Equipment – unattended PCs are protected using a password-protected screen saver.
   5. E-Mail, Voice-Mail and Internet Access Monitoring – logging in to any undesirable sites is restricted while using the Company’s Internet.
   6. Connecting to the Internal DBA Network from Public Places – an approved personal firewall and a current and active anti-virus software is used before connecting to the Company networks outside of the premises.
   7. Security and Proprietary Information – any suspicious email is only opened upon the approval of the Information Security Officer.

Compliance

1. 1. Copyrighted Material and Peer-To-Peer File Sharing – downloading, uploading and transmitting copyrighted material using the Company’s computer systems is prohibited.

At DBA, we have invested in the best software and applications available to ensure the safety and security of our clients’ data and information. In addition, with the right tools in place, we can strengthen our commitment to fostering a resilient security culture.

Security and Compliance

1. 1. Data Loss Prevention Policy – identify, monitor, and automatically protect sensitive items across Microsoft 365 services, Office applications and Windows 10 endpoints.
   2. Insider Risk Management – monitor files and documents movement to identify, investigate, and address internal risks.
   3. Cloud App Security – provide rich visibility, control over data travel and sophisticated analytics to identify and combat cyber threats across all cloud services.
   4. Enterprise App – password management tool, Privileged Access Service, and Single Sign-On
   5. Compliance Manager – measure progress to help reduce risks around data protection and regulatory standards.

Microsoft Azure

Azure Hybrid Infrastructure – sync Group Policy to all workstations and Azure Policies locally

Microsoft Defender for Endpoint:

• • • Protect and Secure devices
    • Endpoint Detection and Response
    • Incident and Alert Monitoring
    • Vulnerability Management

Encryption – in one of three states: At Rest, In Use, and In-Transit, as best practices.

Multi-Factor Authentication

Conditional Access & Named Location

• • • Trusted IPs or Geo IPs whitelisting, compliant devices, named location
    • All data, communication and collaboration application are only accessible to an issued Company workstation

Identity Protection – identify and address risks, e.g., risky users, risky sign-ins, risk detections.

Azure Sentinel – real-time analysis of security alerts generated by applications and networks, e.g., security information management and security event management.

(by Client and Team Leader Request)

• • • UTM Firewall (Sophos XGS)
    • Web Policies and Application Control to filter websites and allow access to work-related sites
    • Restriction of personal email use.
    • Endpoint protection for each workstation
    • Microsoft Defender Endpoints, Bitdefender and additional Malware protection.
    • VPN Connectivity via IPSEC, IKEv2 (Site to Site), and IPSEC & SSL VPN (Remote Access)

• • • CCTV and Door Access Systems
    • Security Personnel

• • • Staff orientation for Data Privacy and Security (Onboarding).
    • Simulated phishing attacks to test staff response regularly.
    • Increasing security awareness using explainer videos and Infographics.

We also implemented various security measures to maintain data security and protection across all our work computers and devices. Thus, enabling us to continue fostering a resilient security culture even for staff working remotely.

Basic Security Knowledge

Our employees have been provided basic security advice before deployment:

• • • Phishing and how to recognise phishing emails or attacks
    • Scams targeting work from home staff
    • Refraining from using public Wi-Fi
    • Sufficient security of Wi-Fi routers
    • Verification security of work-related devices
    • Keeping work data on work computers
    • Use of home networks for work tasks
    • Accessing only work-related websites on work computers

Microsoft 365 Tools

DBA is a Microsoft Gold Certified Partner. Hence, we have always been using Microsoft 365 Cloud services for file transfers and document sharing. Through this cloud-based solution, our staff can easily collaborate with each other, and use all our business applications.

In addition, we enjoy Microsoft Office 365’s built-in security features:

• • • Message Encryption
    • Advanced Threat Analytics (ATA)
    • Mobile Device Management
    • Data Loss Prevention

Virtual Private Network or VPN

To ensure the security of data transfers between core systems for our work from home staff.

Security and protection of Work Computers

The computer units provided by DBA were configured for security of client data and information before deployment:

• • • Installation of endpoint protection or antivirus
    • Caching Local Active Directory Group Policy – Microsoft Active Directory
    • Activating automatic update of software and programs on all devicesDigital Security and Compliance

Additional security measures in place:

• • • Password Management and Single Sign-on
    • Enabled Multifactor Authentication or 2-factor Authentication for cloud services
    • Use of complex password
    • Conditional access – Trusted IPs or GEO IP Whitelisting
    • Alerts and Monitoring
    • Password Audit