The Cyber Security Agency of Singapore (CSA) has announced it is launching the Internet Hygiene Portal (IHP), an initiative under the Singapore’s Safer Cyberspace Masterplan 2020.
The IHP serves as a one-stop platform for enterprises, providing them with easy access to resources and self-assessment tools, so that they can adopt internet security best practices in their digitalisation journey.
The IHP also provides visibility on the cyber hygiene of digital platforms, by publishing an Internet Hygiene Rating table with a simplified view of each digital platform’s internet hygiene.
This is aimed at helping consumers make informed choices to better safeguard their digital transactions from cyber threats.
As Singapore builds up its digital economy and more businesses go online, cyber threats such as ransomware and phishing will remain major concerns.
Many enterprises, particularly SMEs, lack awareness and/or have low adoption of internet security best practices to safeguard their domains, websites, and email servers. This puts customers of these companies at risk because their data and details of their transactions with the company may not be properly secured.
The IHP is one of the cybersecurity toolkits that CSA has rolled out under the SG Cyber Safe Programme.
It supports enterprises via a three “A”s approach: enhance Awareness by providing guides on internet hygiene standards and best practices, facilitate Assessment via the self-initiated ‘health check’ tools for email, website, and internet connectivity; and lastly, promote the Adoption of internet security best practices.
CSA will be publishing the Internet Hygiene Rating table on a regular basis. For a start, CSA is featuring the top 10 enterprises in the e-commerce sector. The internet hygiene rating is based on the average adoption of internet security best practices, which were curated by CSA and are common globally recognised baseline internet standards and security controls.
These include important internet security protocols such as: HTTPS to secure website communications between parties, DNSSEC to prevent DNS spoofing, hijacking, and cache poisoning, and DMARC which enhances email security by preventing email spoofing.