MATERIALITY MATTERS (cont’d) SUSTAINABILITY STATEMENT Data transmitted through our networks is encrypted using the latest encryption technologies to ensure confidentiality. Adherence to Payment Card Industry Data Security Standard in the handling of credit card information for our e-services transactions. Regular audit and penetration test to ensure the robustness of the entire IT infrastructure. The use of external hardware appliances such as thumb drives and other media are also restricted within MYEG premises. Websites and social media portals with high risks in cyber security are restricted to prevent malicious attacks via the exploitation of vulnerabilities. Constant training is provided to employees to ensure that employees are aware of the security standards that we need to adhere to. Regulations, standard operating procedures and enforceable regulations for use of corporate systems, confidential data, email, mobile devices and passwords. Deployment of firewalls, antivirus and antimalware systems, access management systems and vulnerability systems throughout the entire IT infrastructure. Compliance with PDPA in dealing with personal information collected in the course of commercial transactions. MYEG has continuously sought ways to improve security by updating our IT policy and procedures when needed to be in strict compliance with the ISO / IEC 27001 Information Security Management System and NIST Cybersecurity Framework. The Group is also in full compliance with the Personal Data Protection Act (“PDPA 2010”). MYEG is currently not a member of the Global Network Initiative. With respect to the adoption of blockchain technology, MYEG is launching a Self Sovereign Identity (SSI) service, which utilises blockchain technology to provide a secure and user-centric approach to digital identity. Under SSI, users can adopt a digital identity model where they have full control and ownership over their digital details. They can store their personal details in decentralised wallets under their control and selectively share them with third parties, rather than revealing their entire identity. This enhances security by eliminating a central point of failure or vulnerability, and preventing personal data from being stored in a single location that can be hacked or compromised. Having these IT safeguards in place reduces MYEG’s chances of being exposed to a future cyberattack whilst also preparing us in case one does occur through a united front. There were zero substantiated complaints concerning breaches of customer privacy and losses of customer data. No data breaches or framework non-compliances occurred during the year under review. 79
RkJQdWJsaXNoZXIy NDgzMzc=