Trust is an essential element of customer relationships. When it comes to Internet security, customers trust businesses to protect the personal information they share with them. A recent YouGov survey in Europe found that 72% of consumers are worried about personal data such as email, chat logs, files and pictures are being accessed unlawfully.
Further, the London-based rights group Article 19, have raised concern that more than half of Africa’s countries have no data protection or privacy laws and nine of the 14 countries that have the laws in place have no regulators to enforce them. In Kenya, there has been an attempt to pass the Privacy and Data Protection Bill. While this is positive, it is yet to be realised.
In the meantime, there are various ways in which local businesses especially the SMEs should consider in securing their systems and keeping the information of customers and clients private:
A number of data breaches, have boiled down to the fact that companies involved did not take time to train their employees on security matters. They unsuspectingly helped the hackers. It is for this reason that education and training are key just as any new security technology. Cybercriminals employ tactics that may look genuine, so businesses will be required to enlighten their employees on the newest fraud schemes and urged to employ best practices such as not responding to or opening attachments or clicking suspicious links in unsolicited email messages.
Additionally, those working remotely should be given an email security list of best practices. These include using solid password protections, altering passwords often and inspecting network security. This is crucial especially when they use their individual private devices for work.
Software solutions are not enough when it comes to protecting data. Companies therefore need to go further and strengthen their corporate governance structure to frequently and steadily offer justification for the security required for their systems, people and partners. Ensuring your cloud providers are conducting assessments and going beyond security standard will enable you to safeguard all key access points.
Organisations should take the time to validate any security strategies that are being used internally, even if they have a small permanent staff or part-time workers. When the security policy is in place then everybody will know how to adequately handle company data.
At the same time, due diligence should be conducted with companies that are being used to store an organisation’s data. An organisation shouldn’t just assume that its cloud suppliers have its best interests as their leading priority. Questions should be asked as to what they do in terms of security and how regularly they update their security measures. It won’t hurt to try different cloud suppliers until the ideal security needs are met.
Update systems and software
Having the latest security software, web browser and operating system are the surest defences against viruses, malware and other online threats. This means when an employee’s computer or mobile device needs an update, it should be prioritised and not postponed because of time pressures. Normally it is the older versions of systems and software that hackers use to attack.
Security patches and updates shield an organisations system from such attacks. The updates should be seen as extra barriers that have been erected to reduce the probability of being hacked.
Organisations should have a single day of the week to update all its systems when there are newer versions available. Over time this will simply become a routine security procedure, helping deliver proper protection of data.
Assure your customers
One last step is organisations should let customers know exactly what they are doing to ensure their data is safe. They should be open and clear, rather than hiding details in a long worded privacy statement that few, if any, customers take the time to read and understand.
Destroy data after it’s used
Organisations usually have a tendency of storing customer’s data even after using it. But this shouldn’t be the case. Organisations should give some thought to getting rid of the information entirely after making good use of it. This initiative reinforces customers’ confidence about its privacy measures and transparency.
By Michael Armstrong (FCA) [ICAEW Regional Director for Middle East, Africa and South Asia]