Subscribe

POPI risk from insecure WiFi access

Regina Pazvakavambwa
By Regina Pazvakavambwa, ITWeb portals journalist.
Johannesburg, 01 Sept 2015
Many organisations are failing to ask if their corporate WiFi policy is POPI compliant, says execMobile's Craig Lowe.
Many organisations are failing to ask if their corporate WiFi policy is POPI compliant, says execMobile's Craig Lowe.

In today's digitally driven, information saturated world, data privacy is a massive issue and the imminent implementation of the Protection of Personal Information Bill (POPI) is placing data privacy under a particularly glaring spotlight.

This is according to Craig Lowe, ?MD at execMobile, who notes as local companies prepare for POPI, they are being forced to take a hard look at their systems and processes, and to ask critical questions around various internal policies.

As this process unfolds, Lowe believes many organisations are failing to ask if their corporate Wi-Fi policy is POPI compliant.

"Most companies only protect laptops and there is no security on tablets and phones - this may be due to bring your own device policy or simply that companies have not started considering their travellers, who generally take the latter devices travelling."

Public WiFi is inherently insecure, whether paid or free. Therefore by using an access method which is insecure companies will certainly fall foul of POPI legislation, unless sufficient device, application or architecture security is in place to safeguard the users' data from interception, says Lowe.

Despite this threat, most companies do not compel their employees to install strong end-point security on their personal devices, he adds.

Lowe points out the result is that companies are in danger of non-compliance with POPI, which stipulates that "companies must ensure the integrity and safekeeping of personal information in their possession or under their control, and must take steps to prevent the information being lost or damaged, or unlawfully accessed".

When POPI comes into effect, these organisations will need to implement upgraded security measures, at great cost, to assure secure connectivity, he says.

With this knowledge, IT departments should be implementing security measures that address device and infrastructure security, such as virtual private network tunnels, encryption and so on, he continues.

Daryl Blundell, GM for Sage Pastel Accounting, one way to handle POPI is to use cloud applications provided by a reputable service provider. Most major service providers and software companies will already have data security standards and technology in place that adhere to POPI standards, says Blundell.

This is more secure and usually cheaper than trying to handle all the information security yourself - a good provider will have strong encryption, high-end firewalls, and other solutions in place. notes Blundell.

The biggest challenge is going to be around culture, company policy, and end-user behaviour, since the enabling technology is fairly simple to implement, he adds.

The challenge isn't encrypting data or enforcing strong passwords, but getting your employees to understand why they need to follow security policies that may seem annoying and time-consuming, says Blundell.

Share