With personal information becoming a hot commodity on the dark web, it is
critical to understand exactly how to protect data from cybercriminals. A recent global survey revealed that
79% of organisations experienced disruptions, financial loss or other setbacks due to a lack of cyber preparedness in 2020.
As work from home strategies are becoming the reality for a large percentage of the workforce, rapid changes to infrastructure have left some organisations with security vulnerabilities that could significantly impact their day-to-day operations.
POPI aims to protect the personal information of both consumers and employees by making sure that businesses conduct
responsible collection, sharing and storage of information. It holds them accountable, should that information be breached.
Although technology plays a pivotal role in helping organisations become compliant, it must form part of a holistic security framework that includes:
- people
- information
- systems
- processes
- physical surroundings
- culture,and
- processes.
First and foremost, organisations
must re-examine their security architecture, assess their industry, classify the information that is at the core of their business and what level of risk that information carries.
From there, they can decide what measures need to be put in place to protect it. If they have a solid understanding of what information they are holding, which departments within the business should be privy to it and how and where it is going to be used, they will then gain a better understanding of what kind of security measures must be implemented to protect that data.
More and more businesses are now consolidating their data into a central repository such as the cloud. Understanding their roles and responsibilities versus those of the cloud service provider is also
extremely important.
The cloud service provider is responsible for security of the cloud, but organisations themselves are responsible for the security of the data in the cloud, which is why a full understanding of POPI is essential to ensure that data is securely stored.
Cybersecurity breaches are happening on a daily basis. Organisations must have a 24 / 7 monitoring service so that data breaches can be detected immediately. It has been shown that most companies aren't aware of a data breach and that it can take as long as 175 days before they're notified; and then it can take up to 55 days to respond and recover.
By that time data has been
severely compromised and millions of Rands may have been lost — not to mention the damage to reputation and subsequent lack of consumer trust.
Vulnerability testing must be done regularly to make sure the technology and processes in place are robust with the ability to evolve as cybercrime becomes increasingly sophisticated.
Ensuring employee awareness is another crucial caveat when it comes to data protection. Training employees on how to handle personal information and secure any breaches is essential, especially since so many of them may be working in environments outside of the organisation, which may not be secure.
Acquiring a cybersecurity expert or appointing a security officer to train employees on cybersecurity, and how POPI impacts it, can mitigate risks and reduce vulnerabilities.
According to Accenture, South Africa has the third most cybercrime victims worldwide, losing R2.2 billion a year. The commencement of POPI will hopefully see this number drop.
But organisations cannot rely solely on the act to keep them safe. Navigating the complexities around data protection, data privacy and the measures needed for cybersecurity is best done in collaboration with an expert that is properly equipped to give clear, accurate and actionable advice that is future-focused.
For more information, visit
www.trendmicro.com. You can also follow Trend Micro sub-Saharan Africa on
Facebook,
Twitter or on
Instagram.