Kaspersky discovered and intercepted a chain attack by hackers that used two unknown vulnerabilities in new builds of Windows 10 and Internet Explorer 11….
With more than 230 000 new instances of malicious software produced daily, companies are under pressure to ensure the security of their data. Adding to the complexity of the challenge is the evolving legislative environment with the likes of the European General Data Protection Regulation (GDPR) and the local Protection of Personal Information Act (POPIA) putting the focus on maintaining the integrity of personal customer data.
Research has found that the global average cost of a data breach is more than R56-million and the average cost for each lost or stolen record containing sensitive and confidential information is more than R2000.
The question executives need to ask themselves is whether their cyber security measures meet the demands of the digital business environment today. Of course, having perimeter defences in place is only part of the solution. Finding the means to secure consumer data wherever it resides on the corporate network is probably the most critical part of the equation.
Just consider the extent to which business has become reliant on data to not only analyse customer requirements but also develop more tailored offerings for a digital environment. In Africa, this reliance on data goes together with how mobile devices have become ubiquitous across the continent.
In Sub-Saharan Africa, mobile subscriber penetration reached 44% at the end of last year and forecasts are that there will be one billion SIM connections in the region by 2025. Each of these devices (and SIMs) generate data that inevitably feed back into the corporate network for those who have come to rely on mobility in their working life.
Similarly, people are increasingly receiving bank statements, utility bills, accounts, and other documents containing sensitive personal information via email or other digital means (think downloadable copies from sites and even through instant communication platforms). While this has reduced the paper sprawl on desks, it has created a situation where there are multiple electronic copies of the same documents.
A person might have saved a statement on a laptop, viewed it on a mobile phone, and backed it up to a cloud provider. Equally, a company could also have various versions of those documents stored on the corporate network whether that is hosted locally or stored off-site. Compliance requirements dictate that these documents (containing personal information) need to be adequately protected irrespective of where they are stored.
In certain respects, the responsibility of this personal data security is shared between the organisation and the end user. A company must take the required steps to encrypt and protect sensitive documents. A consumer must ensure the device used is secure and that the documents being saved are done so responsibly. In other words, no sending a bank statement via instant messaging to your significant other or submitting sensitive information without checking the security of the provider used.
For the organisation, solutions are available that enable the viewing of a document (such as a bank statement, utility bill, and the like) as either an interactive Web or PDF experience. This means a user can securely view the contents either through a browser or a mobile application. A person will also be able to browse through the document knowing that it is in a protected environment. For example, a cell phone bill can have multiple tabs showing the bill portion as well as data and voice usage.
Additionally, a company can leverage these secure document presentation solutions to make documents available on the corporate Web site. This means they can store customer bills for the last six months in a secure and encrypted environment for users to access as required. It is not only convenient for the customer to have a central repository where all his or her cell phone bills are stored but also negates the need to save those documents on a computer or mobile device.
The pervasiveness of digital culture has necessitated a different mindset when it comes to managing personal data. Organisations must adapt and ensure the integrity of customer data with end users also needing to be wary of how they view, save, and manage these sensitive documents.