80 MY E.G. SERVICES BERHAD Registration No. 200001003034 (505639-K) MATERIALITY MATTERS (cont’d) Data transmitted through our networks is encrypted using the latest encryption technologies to ensure confidentiality. Adherence to Payment Card Industry Data Security Standard in the handling of credit card information for our e-services transactions. Regular audit and penetration test to ensure the robustness of the entire IT infrastructure. Websites and social media portals with high risks in cyber security are restricted to prevent malicious attacks via the exploitation of vulnerabilities. Constant training is provided to employees to ensure that employees are aware of the security standards that we need to adhere to. The use of external hardware appliances such as thumb drives and other media are also restricted within MYEG premises. Regulations, standard operating procedures and enforceable regulations for use of corporate systems, confidential data, email, mobile devices and passwords. Compliance with PDPA in dealing with personal information collected in the course of commercial transactions. Deployment of firewalls, antivirus and antimalware systems, access management systems and vulnerability systems throughout the entire IT infrastructure. MYEG has continuously sought ways to improve security by updating the Group’s IT policy and procedures when needed to follow best practices set by ISO / IEC 27001 Information Security Management System and NIST Cybersecurity Framework. The Group is also in full compliance with the Personal Data Protection Act (“PDPA”) and Payment Card Industry Data Security Stanards (“PCI DSS”). MYEG is currently not a member of the Global Network Initiative. In addition to this, MYEG is currently enhancing the security of critical information such as financial data (e.g. payment and prepaid systems information) by leveraging on the Zetrix blockchain technology. Blockchain’s resistance to tampering and its decentralised nature mitigates risks of fraud, data breaches and single points of failure, bolstering trust, auditability, and data integrity. Having these IT safeguards in place reduces MYEG’s chances of being exposed to a future cyberattack whilst also preparing the Group in case one does occur through a united front. There were zero substantiated complaints concerning breaches of customer privacy and losses of customer data. No data breaches or framework non-compliances occurred during the year under review.
RkJQdWJsaXNoZXIy NDgzMzc=