Data Fix or Hefty Fines | Data security

Fix your security or face hefty fines like Dis-Chem: The importance of securing client data

In today’s world, customer service goes beyond the traditional requirements of in-store experience and after sales service. Protecting your clients’ data is equally important – and failure to do so could land you in hot water with the authorities.

Data breaches and hacking attempts have been in the news again lately as Dis-Chem was ordered to improve its data security or face a R10 million fine. More disturbingly, the Department of Defence was found to have been hacked for over a year with more than a terabyte of data being stolen.

As prominent organisations find themselves under attack by hackers once again, let’s take a look at the steps that every business can take to ensure the safety of their customers’ data.

Dis-Chem could be on the hook for a hefty fine of R10 million

The Protection of Personal Information Act is one of South Africa’s newest laws protecting customer privacy, and the Information Regulator has already shown its willingness to punish companies that fail to comply.

Recently, the retail pharmacy chain Dis-Chem found itself in hot water when the information regulator issued it with an enforcement order regarding a data leak last year that saw more than 3 million customers’ personal information released on the internet.

  • Customers’ full names and phone numbers were some of the information leaked after a brute force attack allowed hackers to gain access to the company’s computer systems last year.
  • The Information Regulator has ordered Dis-Chem to strengthen its passwords and implement a full cyber security response plan, failing which a fine of R10 million may be levied in accordance with the law.

Who’s defending the Department of Defence online?

The week of cybercrime revelations continued as the media reported that the Ministry of Defence had been hacked continuously for over a year, with 1.5 TB of information including personal and company emails and documents having been stolen.

The organisation responsible for the hack, which calls itself Snatch, has spoken openly to journalists about its ability to infiltrate the servers of the very government department tasked with keeping the country safe.

To date, the department of defence seems unable to reach an agreement for the return of the stolen data, with some officials seemingly refusing to accept that the incident took place.

Learn from high profile mistakes – keep your client data secure

With the number of cyberattacks skyrocketing, the potential for lost customer information is huge. To make matters worse, the prospect of being fined up to several million rand by the Information Regulator should be a wake up call to any business that handles customer information.

Keeping private data safe is no longer just a PR problem to consider as a business owner. It now has legal ramifications that could land your company in serious financial distress.

Protecting your company and client data has never been more important.  That’s why we offer a full range of encrypted cloud storage solutions that help keep your data secure and out of the wrong hands.

It’s simple to secure your company data today. Take a moment to view our range of secure cloud storage packages for businesses to get started.

FNB App Data Breach | Data Loss

FNB under fire after major data breach on its app

Applying for a bond using your bank’s smartphone app is supposed to make life easier, but for some FNB clients the experience turned into a nightmare recently when customer information was accidentally leaked to fellow users from the FNB app.

FNB customers started to report a glitch while using the bank’s mobile app, which is now in its tenth year of use. When applying for a bond using the online platform, users were able to see the names, addresses, ID numbers, and other personal information of other banking clients displayed in the app.

This disturbing user experience sent shockwaves through the banking industry as clients question the safety of their data in the hands of financial institutions.

While many major companies have been in the news recently after falling victim to ransomware attacks, the FNB incident appears to be the result of a technical glitch on the bank’s part.

Did FNB act too slowly? POPIA regulators may say yes

The Protection of Personal Information Act makes it a legal requirement for companies to report the loss of confidential data, whether it occurred deliberately or by mistake.

However, when questioned by the media about the recent data leak, FNB stated that they were still in the process of reporting it to the authorities. If you’re not clear as to how your own business would respond in a similar scenario, here’s a quick rundown of the legal requirements.

  • Companies are required to report any loss of customer information to the Information Regulator as soon as possible. Fines of up to R10 million and jail sentence of after 10 years are the maximum penalties that can be applied if a violation is found to take place.
  • There are further legal requirements including a risk assessment, containing the breach, and informing all affected customers or other data owners in a timely manner.
  • If your business finds itself in the tricky situation of having a data leak or breach. It’s essential to report this to the Information Regulator without delay.

Avoid a data loss catastrophe with secure cloud storage

The latest FNB app data breach comes in the wake of an increasing number of data breaches from leading banks and South African organisations such as systems integrator Dimension Data, who only recently suffered another “limited” breach on their CMS platform.

Data leaks, breaches, and ransomware attacks are causing millions of Rand worth of damage to corporations across South Africa. In addition to being legally compliant, it’s also essential for you to back up all sensitive customer information using secure online storage.

Our encrypted cloud storage packages are the ideal way to keep your client data safe and prevent reputational damage if a leak occurs.

 Going to war over data | Data leaks

Is your data worth going to war over – data leaks need to be plugged

Information has become so valuable in the 21st-century that it’s worth a lot more than oil. In reality, it’s probably as valuable as the water we drink and the air we breathe and could even be worth going to war over!

Here’s why data could become a flashpoint for conflicts and how data engineers can help ensure ready access to information and prevent another major war.

Protecting a valuable resource

Since the birth of the Internet, the value of information has skyrocketed and it’s hard to imagine this changing anytime soon.

In recent memory, wars have been fought over oil in the Middle East, access to the black sea in Ukraine and even mining rights in Africa. Could the next major war be fought over access to data?

In a world where access to information counts, secure cloud storage and other data protection systems couldn’t be more important. At the same time, regulators are raising concerns about the club of tech giants that have the capacity to gatekeep our sensitive info.

  • Considering how crucially important data is to the functioning of every economy and business, it’s a little scary that this precious resource is controlled by a handful of companies.
  • The likes of Alphabet Inc (Google), Microsoft, Meta (formerly known as Facebook) and Apple have access to the data of billions of users and until now they’ve done a reasonably good job keeping it safe – but what if that changes?
  • A major data breach at one of the world’s tech giants is a huge concern for cybersecurity experts and big names like Google and Facebook invest heavily in cybersecurity. But if a massive ransomware event had to strike one of these corporations the disruption to electronic communication around the world could be huge.

A less probable but equally scary scenario sees a major tech player deciding to use its data ownership for political purposes.

This may sound like it has the makings of a dystopian movie, but with the number of cyberattacks increasing around the world, the power that comes with access to other people’s data is on display for the world to see.

Could governments find themselves facing down tech companies for access to vital data?

The economic consequences of events like these could be enormous – but help is at hand.

Are data engineers the guardians of the future?

To avoid this type of confrontation and keep private data safe and secure, governments around the world, tech giants, data engineers and IT experts all have a vital role to play in keeping our personal and business information safe.

Engineers keep your data safe at the ground level by encouraging companies to practice data awareness and implement effective online security measures. That’s where cloud storage comes in.

If you’re concerned about the safety of your own data and aren’t sure who to trust, we have good news. Secure cloud storage is an effective way to protect your personal information and keep it encrypted so that only authorised users can access it.

Learn more about our data storage solutions and secure your essential information today.

Reporting a data breach | Cybercrime

Do I need to report a data breach?

According to the POPI Act, an organisation that gathers personal information about others is required to report any data leak or breach in security in a timely manner.

In other words, once you are aware of the data breach you should waste no time in informing the Information regulator and providing as much information as you can so that the organisation has a clear picture of:

  • exactly what kind of data was leaked
  • when it happened
  • who was affected

when do I need to report a data breach?

The number of data breaches affecting South African companies almost doubled over the past year, making it more likely than ever that your business may be affected by one.

For company owners and managers, dealing with the damaging effects of compromised data or a ransomware attack can be extremely stressful – and there’s also a further requirement that any compromised personal information needs to be reported to the authorities.

The POPI (Protection of Personal Information) Act places a strong duty on organisations that collect customers’ personal data to report data leaks in a timely manner. To help our customers comply with the regulations, let’s take a look at the POPI regulations and the responsibility of data collecting entities in more detail.

reporting data leaks is your legal obligation

As a business operating in South Africa, you are obliged to abide by the terms of the POPI Act. One of the regulations that companies need to follow is reporting data leaks to the Information Regulator of South Africa, a body which monitors and enforces POPI compliance.

Here’s what the law has to say about companies’ obligations to report compromised personal information:

  • In terms of section 22 of the POPI Act if there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, the responsible party (your business) must notify the Information Regulator and the data subject (the victim of a data leak) and provide a comprehensive notification of the type of breach.

In other words, if you think a data leak or breach has occurred you need to let the Information Regulator of South Africa know about the incident in detail – without delay.

covering yourself: the benefits of complying with the POPI Act

Reporting incidents when the personal information of your client base has been compromised in a data leak is a legal obligation that will help keep your business on the right side of the law.

It’s also an action that could help you legally if one of the people whose information was leaked decides to take action against you in a civil case.

While the information in this article is a general overview of the law, we are not in the business of dispensing legal advice. When a data leak occurs, it’s essential to consult a lawyer who specialises in cybersecurity cases so that you follow a strategy that’s legally sound.

protect your business and customer data with secure cloud storage

There’s no doubt that complying with the POPI Act is a legal requirement, but it also can be a very stressful and time-consuming process. To reduce the risk of a cyberattack and the need to report compromised personal data, it’s essential to secure your company’s information using encrypted, cloud-based storage. To discover a package that’s right for your business, browse our service offerings today.

Defend your Data | Cybersecurity

Cybersecurity must haves to defend your data

If you are a regular reader of our blog, you’ll know that we’ve been  sounding the alarm about the rising tide of cyberattacks targeting SA companies and other institutions. Several large data leaks affecting well-known brands have been dominating the tech headlines since late last year, serving as a strong reminder that cybercriminals won’t be going away anytime soon but it’s never too late to defend your data.

In order to ensure the safety of your business data, it’s essential to take a holistic approach to dealing with online threats and resolving them from a data and financial point of view.

Here are some things  to consider when protecting sensitive information from hackers and online criminals.

ransomware: the threat is real

The Veeam Ransomware Trends report for 2022 reveals  that 9 out of 10 companies have experienced a ransomware attack, with one third of the data involved being unrecoverable.

  • In the case of large companies, ransomware attacks can be especially costly, with each incident involving an average of R7 million in ransom. Even if the company refuses to pay this type of amount, the damage to their brand and reputation could easily exceed it.

insure against cybercrime losses

No business would operate without physical insurance covering their premises and inventory. Yet many companies are inadequately insured against cybercrimes, exposing their owners and shareholders to costly financial losses.

2022 is the year to review your backup plan and your business insurance. It’s time to take a stand against cybercrime by protecting your business from cyber threats, and ensuring that if you’re security is breached, you are insured for any financial losses resulting from stolen data, lost sales, and damages claimed by customers whose information is lost in a data breach.

make sure your company is POPIA compliant

The Protection of Personal Information Act places extensive obligations on businesses to protect their clients’ information.

  • While ensuring your business against these losses as mentioned above, it is essential to ensure that you comply with the new law and take all necessary measures to protect your customers’ data.
  • This includes asking for permission to store and distribute any sensitive information that comes from your client base.

make secure cloud storage the backbone of your cybersecurity preparedness

Taking a simple step such as backing up your data in the cloud and encrypting it could help protect your sensitive information from cybercriminals while minimising the impact of a data leak or hacking attempt. Insuring your business against such an attempt or loss of data is a secure backup to your online backup.

To learn more about secure cloud storage and how it can benefit your business visit our website or contact us today.

Ai Aids Conservation | Big Data

AI powers conservation efforts worldwide

Saving our planet is the top priority this century and AI is increasingly being used to help organisations around the world achieve their sustainability goals.

From preserving endangered species to ensuring adequate food supply in the decades to come, technology is being used in new and creative ways in the interests of a green and prosperous future.

Here are some exciting projects using AI to solve some of the most pressing issues of our time.

Conservation goes online

Scientists tasked with preserving biodiversity on earth often face the challenges of insufficient funding and too few people on the ground. But now a new initiative called Wild Me is empowering average citizens to do exceptional things when it comes to documenting wildlife.

  • Using a technology called Flatfile which applies AI and machine learning to upload and process data quickly, the platform allows people around the world to photograph wild animals and upload them to a central database.
  • Scientists then use this data to create and update a comprehensive list of species and estimate their population numbers.

Initiatives that maximise the impact of volunteers from the public could expand far beyond wildlife conservation in the future. Crime reporting, new creative communities, and citizen journalism are just some of the applications that Flatfile makes possible.

solving the food crisis with smart farming

The world’s population is set to expand by 2 billion over the coming decades, and securing enough food for our planet’s burgeoning population is becoming a very real challenge for farmers and governments around the world.

Minimising wastage and ensuring food quality are two areas where AI can be deployed extremely effectively. By using sensors to monitor soil quality, rainfall, invasive pests, and other factors that affect the growth of crops, technology is helping farmers to optimise yields and ensure a reliable food supply.

more AI means more data – and it needs to be kept safe

As artificial intelligence becomes widespread in virtually every area of life, the sheer amount of data produced on earth every day is staggering.

To avoid data leaks and breaches and keep sensitive information out of the hands of hackers, cybersecurity protocols including secure cloud storage have become non-negotiable.

Take the first step in securing your company’s data today with our range of secure cloud storage solutions.

Shoprite Data Leak | Data theft

Shoprite the latest victim of data leak crime wave

Millions of South Africans trust Shoprite, South Africa’s largest supermarket group, to bring them great deals on groceries and household items. Social media was abuzz in June when the retailer suffered a major data breach exposing personal details of its money transfer clients.

The cyberattack carried out by the hacking group RansomHouse is the latest in a wave of online crimes targeting South African corporates. Here’s how it happened and what it could mean for you if you use Shoprite to send money to friends and family.

Shoprite gets more than it bargained for from cybercriminals

A discount retailer may not sound like a prime target for criminals trying to steal sensitive information, but it wasn’t the shopping side of Shoprite’s business that fell prey to hackers.

  • The company’s “know-your-customer” database (FICA) for its money transfer service, which is used by many people who don’t have traditional bank facilities, received a rude awakening when customer information fell into the hands of RansomHouse with the hacking group posting about its success on the Dark Web.
  • Claiming full responsibility for the attack, RansomHouse hackers boasted that Shoprite’s weak data security policies resulted in sensitive information being stored by staff in plain text documents which were unprotected and unencrypted.
  • Once obtained by the hackers, this information containing customers’ personal details was as easy to access as any word document on any computer.

The hackers threatened to auction the data on the dark web with bidding starting at 20 bitcoin (app R6.7 million). To prove that they had the files RansomHouse posted more than 350 files of customer data on it’s dark web website.

cybersecurity is no longer simply a “nice-to-have”

The Shoprite cybercrime incident shines a spotlight on the dangers of unprotected data and the absolute necessity for companies of all sizes to protect their information.

Shoprite has refused to communicate with the RansomHouse hackers to prevent further leaks but assured customers that they would launch a full investigation with forensic experts to ascertain the origin of the data leak, how and why it happened and the scope of the leak. The company also stated that additional security measures and detection strategies had been implemented across the group to prevent further loss of data.

There is little doubt that Shoprite has been left wondering if the entire event could have been avoided simply by using secure cloud storage and taking other simple data protection measures.

protect your data with secure cloud storage

When it comes to cybersecurity, sometimes it’s best to learn from the mistakes of others and avoid a damaging cyberattack. Reduce and mitigate the risk of a data leak by protecting your business information today with one of our secure cloud storage packages.

Zero Trust Principles | Data Security

Defining “zero trust principles”

There’s an old saying in business: trust but verify. When it comes to the safety of your data, “don’t trust until you verify” may be the safest policy your organisation can pursue.

The COVID pandemic instigated a hybrid work environment that required businesses to take a critical look at their cybersecurity policies and practices. Zero trust principles are at the heart of cybersecurity best practices. Let’s take a look at this powerful security methodology and find out how it can make your company data more secure.

Zero trust, zero worries?

At its core, data security is all about keeping information out of the wrong hands. For businesses and other organisations, this means restricting access to networks, files and folders so that only the people with permission to view them can access these resources.

  • To achieve this level of security it’s necessary to screen every potential user before granting them access to the data on your network.
  • Assuming that someone trying to access the file or folder from within your network is a trusted user could be very risky.
  • Hackers who gain access to your network could do untold damage before their presence becomes obvious.

That’s why it’s essential that you grant access to resources on a case by case, user by user basis.

secure your fortress

You wouldn’t allow someone into your business premises or home unless you knew who they were, where they come from, and what the purpose of their visit was.

Applying the same set of conditions to users who want to visit your network and access company resources can significantly lower the possibility of a data breach or hacking attempt and mitigate the risk of a data leak.

Practically speaking, this means setting up your network security so that every request to access files is screened according to several criteria:

  • User credentials
  • Geolocation and IP address
  • Permission to access the specific resource

If you’re ready to apply this strategy on your own network, secure cloud storage could be the missing link in your security chain.

the one thing you can trust: secure cloud storage

A zero trust data policy is an important step in keeping your information safe, and it works even better with encrypted data kept safe in the cloud. Place your trust in secure online backup by browsing our packages for business and home users today.

Mitigating Data Leaks | Part 2

How to Reduce and Mitigate Data Leaks

In the first article about data leakages, we took a deep dive into the causes and consequences that follow when private information from your business gets into the wrong hands.

Preventing unauthorised access to privileged information is essential for every company in the digital age. In this article, we take a look at some policies you can implement to secure your data and take you through a response plan that you can implement if a data leak occurs.

Plugging the leak before it happens

The majority of data leaks are not malicious. They usually take place as a result of human error, and it’s not easy to prevent your team from making mistakes no matter how well you train them.

However, it’s important and possible to implement systems that take away the potential for major data loss as a result of employees making simple mistakes.

Here are a few strategies you can employ in your business to secure your data against leakages

Train your team

  • IT security training is essential for all company employees in a modern business;
  • As part of this training, you’ll want to brief your team on secure email policy, how to identify risky behaviours, and why it’s important to never share sensitive company information with outsiders.

Implement zero trust security

  • Data leaks take place when the wrong person has access to your information;
  • Limit your team’s data privileges so that each member can only access files and other information that are essential to their tasks.

Automate your tracking and monitoring

  • There are many excellent types of software that will allow you to monitor suspicious behaviour like sensitive files being emailed outside of the organisation or unknown users accessing your folders.
  • Automatic alerts and access denials can be built in to help you respond swiftly to a data leak.

Mitigate data leaks within your organisation by further enforcing cybersecurity best practices, such as;

  • Controlling devices with a Mobile Device Management solution
  • Implement robust email security policies
  • Ensure strong printer controls
  • Enforce real-time data auditing

What to do if a data leak takes place

As with any security event, time is of the essence when you realise that a data leak has taken place in your business.

As soon as the leak is brought to your attention you should take the following steps to minimise the damage it may cause.

  • Identify the responsible party. This calls for a lot of honesty and trust between you and your team but it’s always better to admit your involvement in a data leak than trying to hide it.
  • Understand exactly what’s been leaked. By documenting the number of files that have leaked out of the organisation and knowing what they contain, you’ll have a good idea of what information could potentially be in the wrong hands.
  • Beef up your security to prevent future leaks. Once you understand exactly how the leak occurred you can take steps to ensure that the same chain of events never occurs again. This will help secure your company’s data in the future.

Secure cloud storage is an essential tool in preventing data leaks

One of the reasons why leaked data is so dangerous is that anyone can read it and use its contents to do harm. But if your data is encrypted and safe in the cloud, it’s highly unlikely that anyone will be able to access it – and even if they do it’ll be incredibly difficult for them to decode it and make sense of the contents.

A secure cloud storage solution could be your company’s secret weapon in the fight against data loss. To learn more, browse our range of packages and find one that suits your personal or business needs.

Understanding Data Leakages | Data Leaks Part 1

Understanding Data Leakages – Part 1

Cybercriminals are responsible for a huge amount of data-related crimes every year – but they aren’t the only ones responsible for the loss of sensitive business information.

A data leak, which is often the result of employee carelessness or weak IT security policies, can cause crucial information to flow out of your business, even if it wasn’t deliberate.

In this article we unpack the notion of a data leak, find out how it’s different from a data breach, And explore some of the ways data leaks occur.

is it a data leak or a data breach?

If your company suffers a sudden loss of sensitive data this is probably the first question your IT security consultant will ask. Knowing the difference between a data leak and a data breach is the first step in keeping your organisation’s information safe in the digital age.

  • A data leak is any unintentional sharing of sensitive information with an unauthorised user outside your organisation. As the name implies, the ‘leak’ usually takes place from the inside out and often involves an employee or trusted user.
  • A data breach is a deliberate attempt to break through your IT security system from the outside, usually by hackers or cyber criminals. This type of crime takes place from the outside in.

Put differently, the difference between a data leak and a data breach is like the difference between leaving your front door open and someone breaking the lock to get in.

what causes a data leak?

As we mentioned above, most data leaks take place due to negligence or carelessness. Here are the different types of data leaks along with the most likely cause of each one.

accidental data leaks

These data security failures take place by accident and are often caused by employees –

  • sending an email containing sensitive information to the wrong person
  • sharing access to confidential folders with people outside the organisation is another common cause of data leaks
  • taking videos of sensitive company information or events and sharing them on social media is another way data privacy can be compromised

malicious data leaks

This type of leak is deliberate, usually carried out by a disgruntled employee who –

  • seeks to discredit the company or blackmail the management

Malicious leaks often take place anonymously and it can be difficult to determine who the original culprit was.

data leaks carried out by outsiders

This type of incident is almost never an accident. Like a data breach, it is typically carried out by an outsider who plans to use the data for criminal purposes.

  • perpetrators will usually try to trick an employee of the company into sending them confidential or giving them access to privileged files and folders
  • IT managers can sometimes track and investigate this type of leak by flagging emails and folder access granted to people outside the organisation

data leaks caused by IT security failure

This type of leak is caused by incorrect network security settings or errors in mailing list automation software.

  • by the time the error is discovered, important data will probably already have leaked out of the company
  • identifying the cause of the leak and ensuring that doesn’t occur again is essential in this scenario.

protect your data from cybercriminals

No matter what causes a data leak, the cost to your business can be huge. Over the past few years, we’ve witnessed financially damaging data leaks at companies including household names like Nespresso.

Ensuring that your IT security is on point and that your data is encrypted and secured with cloud storage  will help you avoid a similar scenario in your own business.

In our next article, Data Leaks Part 2, we’ll explore the topic of data leaks in more detail and look at some ways you can protect your business against this preventable but damaging type of cybersecurity failure.