'Not uncommon' to limit Internet access, say experts

Defence, finance and healthcare firms cut some employees' Net access, citing security

Pulling the plug on Internet access on work computers is not uncommon in the private sector here, say experts.
Pulling the plug on Internet access on work computers is not uncommon in the private sector here, say experts. PHOTO: BLOOMBERG

Pulling the plug on Internet access on work computers is not uncommon in the private sector, say cyber-security experts and industry players, particularly in areas that deal with extra-sensitive information.

These include the defence, financial and healthcare industries, but to varying degrees depending on the nature of the work employees do.

The Straits Times reported on Wednesday that next May, 100,000 computers used by the public service will no longer have direct access to the Internet in order to keep government e-mail systems and shared documents safe.

Civil servants will have to log on to the Web on a separate terminal or through their personal devices such as mobile phones or tablets. They can forward non-sensitive e-mail to personal accounts.

Mr Bill Taylor-Mountford, vice-president for the Asia Pacific and Japan region at security intelligence firm LogRhythm, said Internet access is a key point of entry for attackers, and that cutting it essentially blocks a major path of attack.

"If you are dealing with very sensitive information such as healthcare, financial or defence, then you need to ensure that you limit the ways of attacks as much as you can," said Mr Taylor-Mountford.

"These measures can include limiting Internet access, registering mobile devices used to access the network and blocking apps that are deemed vulnerable to attacks."

Banks The Straits Times spoke to declined to go into the specifics of their cyber-security practices.

The Straits Times understands that while it is rare for banks to cut off all their computers from the Web, some restrict Internet access to only certain employees, such as analysts, sales staff and corporate communications staff.

When contacted, a DBS spokesman said: "We have policies and monitoring in place to ensure safe and responsible use of the Internet. We also conduct regular information security training sessions for our staff to ensure they demonstrate the correct behaviours when accessing the Internet, and to always be on their guard against online threats."

Employee awareness and education are critical in ensuring the safety of a company's network.

A UOB spokesman said: "Relying on technology alone as a line of defence against cyber-attacks is insufficient."

Healthcare firms contacted by the Straits Times, such as the Singapore Medical Group, did not elaborate on their cyber-security practices, citing security reasons.

The Singapore Infocomm Technology Federation's chairman for the security and governance chapter Tammie Tham said it will take some time for those in the public service to adjust to the inconvenience.

But she added: "Almost every company has some sort of control where certain sites such as Web-based e-mail, social media and file sharing are blocked."

• Additional reporting by Tiffany Fumiko Tay

A version of this article appeared in the print edition of The Straits Times on June 11, 2016, with the headline ''Not uncommon' to limit Internet access'. Print Edition | Subscribe