Allkin Singapore, a social service agency supporting more than 24,000 individuals and families, was gravely concerned about the growing incidences and risks of phishing and social engineering attacks targeting non-profit organisations (NPOs) and the social services sector.
In their day-to-day tasks, the agency’s staff had to handle sensitive data, including case records, health information, and family court referrals. Together with volunteers, they were accessing systems from multiple locations and devices. This expanded the overall attack surface significantly, increasing the complexity of safeguarding sensitive data.
With the expanded surfaces and data moving between the field, branch sites, and the cloud, a robust digital defence became essential, shared Evelyn Leong, Senior Director, Shared Services Division, Corporate Services, Allkin Singapore.
In this age of AI-driven threats where users’ everyday digital interactions expose their organisations to ever increasing risks, IT and security teams need to move away from traditional reactive approaches to cyber protection. Technology plays an important role in this transition.
- Evelyn Leong, Senior Director, Shared Services Division, Corporate Services, Allkin Singapore
Why non-profit organisations are attractive targets
Leong said non-profit organisations (NPOs) and the social services sector are often seen as attractive targets by threat actors as the agency handles a lot of sensitive personal data, confidential case files, donations and collaborate closely with multiple stakeholders and partner agencies. “These attacks often exploit trust and urgency, and can lead to credential compromise or financial fraud if not promptly detected,” she said.
Leong added that potential risks can also extend beyond data breaches to include reputational damage, regulatory consequences, and financial losses.
To address the challenges, Allkin Singapore strengthened its data protection and digital resilience by deploying a suite of Sophos Managed Detection and Response (MDR), Endpoint Protection and Firewall solutions which enabled continuous, real-time threat monitoring and 24/7 oversight and integrated across its hybrid environment, comprising servers, endpoints, and cloud systems, and centrally managed via Sophos’ Central unified monitoring system.
The deployment, done in partnership with RSM Stone Forest IT (RSM) as a technology advisor and managed service provider, enabled Allkin to proactively safeguard sensitive information across more than 30 of its service centres in the country.
The implementation also allowed the agency to shift to a more proactive cyber security model, further enhancing visibility, compliance, and operational resilience.
A more resilient cyber defence and security framework
Leong said Allkin’s IT team can now focus on productivity and innovation, rather than reactive incident management.
“(Any) suspicious activity is flagged early and stopped before it escalates. That kind of proactive protection means my team doesn’t have to constantly monitor for threats, and we can focus on delivering services, knowing our systems are secure. On top of that, our overall security posture improves.”
To minimise human risk errors and social engineering risks, she said Allkin works closely with RSM to deliver IT policies and security awareness training including phishing simulations, helping staff and volunteers reduce human error and strengthen cybersecurity. “This has resulted in fewer security incidents and faster threat detection.”
Describing the enhanced security framework, she said Allkin sees data protection as not just about complying with Singapore’s Personal Data Protection Act (PDPA) or sector requirements. “It’s a reflection of our agency’s commitment to integrity, accountability and care, ensuring that the families and individuals who turn to us for support can do so with confidence. Safeguarding information is both an operational priority and moral responsibility.”
“We are able to set clear policies, map data flows, and prepare for potential breaches, fostering accountability and trust across the organisation,” said Leong.
