POPI ACT COMPLIANCE
POPI ACT COMPLIANCE AND DATA PROTECTION
Intelligent and Secure Cloud Hosted Firewalls - ASG
Firstly, do not panic—there is time to prepare. At ASG we believe that data and information protection is like personal fitness—develop a training programme and set goals—it takes time and discipline.
What are ASG's Cloud Hosted Firewall and SD-WAN features?
The impact of a data breach or cybercrime activity within your organisation can seriously impact your business reputation as well as your business relationships. To be more specific:
- Customers and/or client loyalty will be eroded, this in itself will have a major impact on day-to-day business activities that will negatively impact sales and profitability. A further debilitating consequence is that your organisation may be rendered legally liable to third parties.
- Oftentimes, data breaches and/or cybercrime activity result in prolonged network interruptions that can further damage your bottom-line and reputation. Network interruption may also be a further requirement to allow forensic and/or legal experts to investigate the extent of the breach.
- Organisations that in the unlikely event fall victim to a data security breach and/or cyber-attack can be contractually liable to their business partners. This often includes substantial financial penalties and/or may result in a breach or termination of important business contracts. Organisations may also be contractually liable to other contracting 3rd parties.
- Once the applicable legislation regarding data breaches and/or cybercrime activity has been disseminated in South Africa, organisations will become liable for among other, notification costs, regulatory investigation costs, and/or litigation costs, including criminal sanctions, damages and penalties.
- Where a breach has taken place, organisations may need to notify individuals as well as deal with the negative impact on the organisation’s brand as well as the customer/client loyalty. Organisations that intentionally or accidentally don’t comply with the POPIA will subject be severe penalties. Depending on the seriousness of the breach, the act makes provision for fines of up to R10 million and/or a jail sentence of up to 10 years.
The onus is therefore on organisations to ensure that their data and/or information is adequately protected to prevent loss or theft.
HOW CAN WE GO ABOUT PREVENTING A DATA BREACH?
Take a look at some of our tips to help you protect your data and/or information. Here are a number of best practice recommendations to follow to help minimise the risk of data breaches.
Keep All Security Software Updated:
Ensure all security software is kept updated and regularly patched to prevent vulnerabilities being exposed to cybercriminal exploitation.
Perform Regular Risk Assessments:
Carry out regular vulnerability assessments to review and address any changes and/or additions as well as identify new data protection risks. Aspects to consider should include backup and data storage as well as remote access working for employees. The relevant IT policies and procedures should also be updated to include the latest technologies and best practices.
Data Encryption and Backup:
Awareness Training for Staff:
Staff must be trained to follow best practices. Awareness must include social engineering vigilance and how to avoid mistakes that can lead to security breaches. Security Awareness training should be conducted on a regular basis to form part of creating the necessary company culture.
Ensure Data Protection Standards are Maintained with Vendors and Partners:
Organisations must ensure that 3rd party companies handling your customer data and/or information also have the necessary security compliance practices and systems in place to protect their data and/or information.
3rd Party Data Security Evaluations:
PREPARING YOUR BUSINESS FOR POPIA COMPLIANCE:
To ensure that your response is both quick and effective, a comprehensive incident response plan is imperative. It is of the utmost importance therefore to regularly question what security protocols and programmes are in place to deal with possible data breaches and/or cyber-attacks.
Sophisticated cyber-attack incidents are on the rise across the globe, and South Africa is not excluded. Organisations will do well to expand their efforts to mitigate the consequences of these inevitable attacks. A primary objective for an organisation at this juncture must be to implement the right measures to mitigate and manage the extent of any potential cyber-security threat.
The latest report published by ACCENTURE during this pandemic reported showed that South Africa has the third-highest number of cyber-attacks in the world and that users are naïve not to realize the relevant risks. The report surmises the reasons South Africa is an attractive target:
Threat actors may perceive South African organisations as potentially having lower defensive barriers than those in more developed economies. They may also think they face a lower chance of incurring consequences for their malicious activity. That’s because there is low investment in cybersecurity and developing cybercrime legislation in South Africa. Threat actors are certainly taking notice. On the whole, we as South Africans have been criticized, by all accounts, as being behind the curve when it comes to secure remote working.
To help limit your exposure, increase client/customer confidence, ensure reduced recovery time and costs, and to keep any reputational damage to a minimum.
ASG OFFERING A RANGE OF SECURITY SERVICES ASSESSMENTS AND REPORTS:
- Vulnerability Assessment (Wide Area Network or WAN)
- Vulnerability Assessment (Local Area Network or LAN)
- Vulnerability Assessment Report(s)
- Vulnerability Assessment Remediation Implementation
- Project Plan Vulnerability Assessment Implementation
- Clean-up and Remove Malware in the Network
- IT Compliance Documentation for POPIA
The importance of PC and device encryption for South African companies and for POPI Compliance
Contact ASG to help with your IT Security Assessment and POPIA compliance
Get your compliance vulnerability assessment done today and see if your business is compliant.