Striata says organisations need to step up the security of customer data across digital channels
In the wake of another data breach in the US, the public and private sector need to step up customer data security, specifically across digital channels, says Greg Gatherer, Head of Strategic Accounts for Africa at Striata.
In the wake of yet another massive data breach in the US (the Internal Revenue Service in May, the Office of Personnel Management in June and Ashley Madison in July), and considering the prevalence of identity theft across the globe, both the public and the private sector need to step up the security of customer data, specifically across digital channels.
Says Greg Gatherer, Head of Strategic Accounts for Africa at Striata, "South Africa is way past the initial wave of organisations establishing electronic communication channels with their customers, turning off print correspondence and reaping the cost savings. Now these same organisations need to review the security of the information they are e-mailing to their customers, to ensure that their customer data is fully protected."
No password protection = weak document security
According to Gatherer, it is highly concerning that the mobile industry in South Africa sends millions of customer statements and invoices by e-mail with no password protection. "The mobile network operators implemented e-mail billing years ago with simple document encryption. This only makes the document tamper-proof and compliant with SARS's electronic invoicing requirements. If that document is stolen in transit, or accessed illegally at any number of hops during delivery, the personal information inside the document is wide open."
Although SA banks are at the forefront of customer service on digital channels, the security of the documents they e-mail to customers can still be improved. Says Gatherer, "In order to adequately protect personal information contained in an electronic document, an organisation needs to use multi-factor security: this means a combination of encryption, strong passwords, digital certificates and the most crucial element - sustained customer education."
"It only takes one industrious cyber-criminal or disgruntled employee to gain access to weakly protected documents containing personal information. Decision-makers in large organizations are gambling with their business reputation by implementing only the bare minimum in electronic document protection. Organisations that have not done everything in their power to protect that information may suffer massive damage to their reputation and business confidence."
Get your act together before POPI is in play
While the Protection of Personal Information (POPI) Act quantifies what a data breach will cost an organisation (up to R10 million in fines and possible jail sentences), Gatherer says the financial knock-on effect for the business and the affected data subjects will be much more than that. And once the Regulator is appointed and the Act becomes enforceable, he points out those organisations with relaxed document security are at risk of being on the wrong side of the first civil class action.
"Now is the time for organisations to upgrade the security of their electronic documents, before the Act is fully in play and before they suffer a major data breach. It is no longer acceptable for reputable brands to e-mail documents containing personal or confidential information without using the best document security available."
Gatherer also encourages organisations that utilise a 3rd party vendor or application to commission an independent review on the security of the electronic documents they send out. "If your customers are trusting you to protect their personal information, then you need to be 100% sure your document security is not vulnerable. As the leading e-mail billing provider with a significant footprint in South Africa, we advocate the implementation of tighter electronic document security across the industry," says Gatherer.
Greg Gatherer, Head of Strategic Accounts - Africa
Greg is Head of Strategic Accounts for Africa. His career in Operations Management within various industrial sectors has given him strong technical and operational experience.
Greg's move into the sales environment has enabled him to merge commercial business discussions with the "how to" operational conversations in order to get things done profitably and more cost effectively. As Head of Strategic Accounts, Greg manages a group of individuals with varied skills within different teams. Together they coordinate all sales and operational activities for select organisations in the telecommunications, banking and insurance industries.
Greg is passionate about people, processes and business in general. He is a natural change agent, always looking to provide the best fit for client and company.
Greg holds a National Diploma in Operations and Production Management.