Kenanga-Sustainability-Report-2022

56 57 Environmental Stewardship About This Report Who We Are Progressing Towards A Sustainable Future Managing Our Sustainability Risks Good Governance Sustainable Economic Growth KENANGA INVESTMENT BANK BERHAD Sustainability Report 2022 Awards and Recognitions Empowering People and Communities GRI Content Index ESG Performance Data Our DLP Framework has been structured to outline data protection measures for sensitive data across different mediums to address cyber threats. Supporting our DLP framework is Kenanga’s Cyber Security Policy as outlined by Bursa Malaysia, Bank Negara Malaysia and the Securities Commission Malaysia Guidelines on IT and Cyber Security. Kenanga’s DLP project was launched in 2019 to provide us with greater visibility over data processes within Kenanga. Through this project, we can monitor the location of confidential data, determine how it is being used and undertake measures to present data loss. The framework also outlines data protection measures for sensitive data across all endpoint devices and data egress channels, aligned with our DLP Framework & Group Confidential Information Policy. DATA LOSS PREVENTION FRAMEWORK Since 2022, all activities have been monitored and triggers will be prompted when the DLP system detects customer data or confidential information is being shared to external parties or copied to external mediums. In order to proceed with the activity, the users will need to provide reasons and justification and these will be recorded in priority report which will be monitored by the Data Officers, Responsible Persons and the Data Governance team. Guided by our Group’s PDPA Data Access and Retention Procedures, we have engaged a licensed local agency to dispose of our paper and e-wastes which contain confidential information ethically and obtained a Certificate of Destruction. To enhance transparency and improve customer awareness, we also published a Privacy Notice on our corporate website which specifies the scopes in which we utilised customer data. Accelerating Data Security Measures In 2022, we enhanced our security posture by subscribing to a suite of top-tier security solutions and deployed security measures to include Identity Access Management, Application Programming Interface Security and ransomware protection. Additionally, we also enhanced the cyber resilience of our operations through the following measures: FUTURE OUTLOOK As we transition towards a future defined by digital innovation, cyber security has become even more crucial as reflected in our recent materiality assessment. In line with our IT Strategy 2023-2027 and DLP Framework, we aim to continue taking proactive and progressive actions such as upgrading our systems as well as to increasing our employees’ and clients’ awareness in taking precautionary steps to reduce cyber security risks. Our end goal is to ensure that our clients can confidently pursue their financial goals in a digital age while knowing that their personal and financial data is secure. Protecting Customers’ Data • Rolled out DLP solutions to defend data leaks from internal sources • Rolled out Database Activity Monitoring to protect data leaks from unauthorised sources • Rolled out virtual patch solution to shield servers from risks before applying physical security patches Managing Employees Confidential Data • Enhanced the usage of the mobile management tool to effectively monitor privacy access on our employees’ mobile phones • Enhanced our security posture by enabling and enforcing multi-factor authentication for Office 365 Instil Cyber Awareness Amongst Employees • Engaged with a team of experienced cyber security experts to equip our Group Digital, Technology and Transformation Division on valuable cyber knowledge • Delivered mandatory monthly cyber security awareness training to all employees virtually through our collaboration with Sophos and also via our in-house Kenanga LMS platform • Rolled out regular email phishing simulations educate employees to swiftly identify and respond to potential phishing threats • Conducted online quiz and training • Launched our explainer video with e-Quiz on data loss prevention • Launched ‘Exposure Towards Cyber Security and Ethics’ module as part of our New Hire Orientation Course hours logged for mandatory in-house cyber security training 3,815 mock-phishing exercises were conducted throughout the year 4 success rate achieved in identifying phishing emails via our employee phishing simulator 92% Zero cyber security incidents were recorded in FY2022, including customer data breach. SUSTAINABLE ECONOMIC GROWTH SUSTAINABLE ECONOMIC GROWTH

RkJQdWJsaXNoZXIy MTc1ODMy