Cyberthreats are constantly evolving in order to take advantage of online behaviour and trends. The COVID-19 outbreak is no exception. Cybercriminals are attacking the computer networks and systems of individuals, businesses, and even global organisations at a time when cyber-defences might be lowered due to the shift of focus to the health crisis. – Interpol Cybercrime prevention requires businesses to follow proper, strict data protection procedures by ensuring details, specifically banking, addresses and contact information are protected to prevent fraud. Even a small breach in your business data protection can be costly.
The importance of data security for a business today
In today’s technological age, data is a critical part of people’s lives. As we progress into the “new digital world” it is becoming even more important to protect individuals’ data and implement more onerous security measures around that data. “The security and protection of data are important not only for the well-being of a business and its reputation but also for the livelihood of those clients who put their trust in your business,” says Jason van der Watt, InsideData, Deputy Group Digital Officer. There is no controlling how data can be used once it has been stolen, so the answer lies in preventing the theft in the first place. Cash might be king, but data is the key!
Laws to protect consumer data
The enactment of certain sections of the Protection of Personal Information (POPI) Act* was recently (June 2020) announced by the South African Presidency. Enforcement of the Act from 1 July 2020 includes essential conditions that must be met for the lawful processing of information. “Since the Act in its totality is not yet officially enforced, but only certain parts, InsideData chooses to use the POPI act only as a high-level compliance guideline. We prefer to use established regulations like the European Union General Data Protection Regulation (EU GDPR)* for more specific guidance until the complete POPI act is enforced. We research the best practice as applied by big corporates and choose to adhere to more complex and stringent data protection methodologies,” comments van der Watt. *Footnote: The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the European Union General Data Protection Regulation (EU GDPR). It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons).
The importance of data security and the company’s responsibilities
Companies need to continually evaluate and update privacy policies and strategies. “The use of data and control of access to data are continuously evolving and so do the means for access to data. With the continuous improvement of data-related technology, more and more individuals’ personal lives become accessible. Data security, as well as data privacy, need to evolve along with data technology. An individual or client not only wants to know that their data is secure but also wants peace of mind that their data and lives remain private, constantly seeking reduced risk of exposure,” says van der Watt. A study conducted by PWC USA in 2017 reveals that consumers trust businesses less today than previously in protecting their data. Based on the study, 85% of consumers will not do business with a company if they have concerns about its security practices. According to van der Watt, trust takes time to build and it needs to be nurtured to be retained. One mistake is all it takes to undo many years of work. A company needs to protect its clients’ data as it would protect its own, applying, and enforcing the best practices for data security with the stance of continuous improvement. “Openly sharing your company’s strategies with your clients and being transparent will entrench the clients’ trust that protecting their data is your company’s top priority,” says van der Watt.
Data security strategies required by companies to protect clients’ data
Data security ensures business continuity, avoids data breaches and prevents unauthorised access. Aside from the eight conditions for lawful processing provided by the POPI Act, primary data security strategies should focus on accuracy, access, transparency and actual security. Information accuracy and information processing must be clearly defined to avoid irrelevant or unnecessary data processing. van der Watt says: “At InsideData we are determined to protect our client’s data from unauthorised access. We prioritise our clients’ data security, ensuring that all client data is stored in a secure, firewall-protected vault at two separate datacentres. Every client has three segregated environments: Development, Quality Assurance and Production. Each of these segregated environments has an authorised account with two-factor authentication.
Transformation due to the COVID-19 pandemic
2020 saw an unprecedented acceleration in digital transformation due to the COVID-19 pandemic. Many companies fast-tracked their digital strategies to shift from face-to-face customer engagements to the implementation of innovative new online engagement practices, platforms and tools. Several key cybersecurity weaknesses were identified during the actual engagements. Cybersecurity is therefore crucial for the protection of a business’s reputation and clients need to know that their data is protected. The acceleration of digitalisation during the COVID-19 pandemic lockdown caught many companies off-guard. Cybersecurity is not something that can be implemented overnight and is costly. It is important that companies not only invest in cybersecurity but also make use of suppliers and stakeholders with high levels of data security because a failure or breach can result in more than just reputational damage – it can include legal reparations, cost implications and even government intervention.