FNB App Data Breach | Data Loss

FNB under fire after major data breach on its app

Applying for a bond using your bank’s smartphone app is supposed to make life easier, but for some FNB clients the experience turned into a nightmare recently when customer information was accidentally leaked to fellow users from the FNB app.

FNB customers started to report a glitch while using the bank’s mobile app, which is now in its tenth year of use. When applying for a bond using the online platform, users were able to see the names, addresses, ID numbers, and other personal information of other banking clients displayed in the app.

This disturbing user experience sent shockwaves through the banking industry as clients question the safety of their data in the hands of financial institutions.

While many major companies have been in the news recently after falling victim to ransomware attacks, the FNB incident appears to be the result of a technical glitch on the bank’s part.

Did FNB act too slowly? POPIA regulators may say yes

The Protection of Personal Information Act makes it a legal requirement for companies to report the loss of confidential data, whether it occurred deliberately or by mistake.

However, when questioned by the media about the recent data leak, FNB stated that they were still in the process of reporting it to the authorities. If you’re not clear as to how your own business would respond in a similar scenario, here’s a quick rundown of the legal requirements.

  • Companies are required to report any loss of customer information to the Information Regulator as soon as possible. Fines of up to R10 million and jail sentence of after 10 years are the maximum penalties that can be applied if a violation is found to take place.
  • There are further legal requirements including a risk assessment, containing the breach, and informing all affected customers or other data owners in a timely manner.
  • If your business finds itself in the tricky situation of having a data leak or breach. It’s essential to report this to the Information Regulator without delay.

Avoid a data loss catastrophe with secure cloud storage

The latest FNB app data breach comes in the wake of an increasing number of data breaches from leading banks and South African organisations such as systems integrator Dimension Data, who only recently suffered another “limited” breach on their CMS platform.

Data leaks, breaches, and ransomware attacks are causing millions of Rand worth of damage to corporations across South Africa. In addition to being legally compliant, it’s also essential for you to back up all sensitive customer information using secure online storage.

Our encrypted cloud storage packages are the ideal way to keep your client data safe and prevent reputational damage if a leak occurs.

Prevention better than cure | Data Loss  

Data loss – Prevention is Cheaper and Better than the Cure

When it comes to potential threats that could cost your business thousands, hundreds of thousands, or millions of Rands, “don’t worry about it” may not be the best strategy.

Yet that’s exactly what some business owners say about data security.

As the South African economy becomes increasingly digital, companies are processing unprecedented amounts of personal data and the potential for cyberattacks has never been greater. Considering the astronomical amounts that cybercriminals have been demanding from ransomware victims, investing in cybersecurity is a small price to pay for peace of mind.

how can you “lose” your data?

Data loss can happen to anyone regardless of the size of their business and it can be lost in a multitude of ways from a malware infection to a device malfunction. While some of the circumstances are unpredictable and difficult to prevent, others are most definitely avoidable, but one thing is for certain – prevention is better than cure.

Implementing data loss prevention best practices and keeping your employees up to date with your prevention strategy can lower your risk of human error, which accounts for almost 25% of data breaches.

Prevention is better than cure

A cyberattack can wreak havoc in your business as you scramble to protect sensitive customer information, payment details, and confidential information about your products and services.

At the same time, the reputational damage your business could suffer, will persist for months or years into the future. Finally, the Protection of Personal Information Act requires businesses to report data leaks and breaches to the relevant authorities, and failure to do so could land your business on the wrong side of the law.

With the potential to lose anything from thousands to millions of rand in actual losses and brand damage, as well as possible legal action from customers who have been affected by the data breach or ransom ware attack, investing a small amount of money in security each month makes excellent business sense.

There are very few small businesses in South Africa that would feel comfortable operating without a physical security system and armed response, yet many of the same business owners have been shrugging off the risk of cyberattacks for more than a decade. With the number of these attacks set to double over the next few years, now is the time to be proactive and secure your business online.

To learn more about secure cloud storage and how it can keep your company data safe and encrypted, view our package of cloud storage solutions today.

Shoprite Data Leak | Data theft

Shoprite the latest victim of data leak crime wave

Millions of South Africans trust Shoprite, South Africa’s largest supermarket group, to bring them great deals on groceries and household items. Social media was abuzz in June when the retailer suffered a major data breach exposing personal details of its money transfer clients.

The cyberattack carried out by the hacking group RansomHouse is the latest in a wave of online crimes targeting South African corporates. Here’s how it happened and what it could mean for you if you use Shoprite to send money to friends and family.

Shoprite gets more than it bargained for from cybercriminals

A discount retailer may not sound like a prime target for criminals trying to steal sensitive information, but it wasn’t the shopping side of Shoprite’s business that fell prey to hackers.

  • The company’s “know-your-customer” database (FICA) for its money transfer service, which is used by many people who don’t have traditional bank facilities, received a rude awakening when customer information fell into the hands of RansomHouse with the hacking group posting about its success on the Dark Web.
  • Claiming full responsibility for the attack, RansomHouse hackers boasted that Shoprite’s weak data security policies resulted in sensitive information being stored by staff in plain text documents which were unprotected and unencrypted.
  • Once obtained by the hackers, this information containing customers’ personal details was as easy to access as any word document on any computer.

The hackers threatened to auction the data on the dark web with bidding starting at 20 bitcoin (app R6.7 million). To prove that they had the files RansomHouse posted more than 350 files of customer data on it’s dark web website.

cybersecurity is no longer simply a “nice-to-have”

The Shoprite cybercrime incident shines a spotlight on the dangers of unprotected data and the absolute necessity for companies of all sizes to protect their information.

Shoprite has refused to communicate with the RansomHouse hackers to prevent further leaks but assured customers that they would launch a full investigation with forensic experts to ascertain the origin of the data leak, how and why it happened and the scope of the leak. The company also stated that additional security measures and detection strategies had been implemented across the group to prevent further loss of data.

There is little doubt that Shoprite has been left wondering if the entire event could have been avoided simply by using secure cloud storage and taking other simple data protection measures.

protect your data with secure cloud storage

When it comes to cybersecurity, sometimes it’s best to learn from the mistakes of others and avoid a damaging cyberattack. Reduce and mitigate the risk of a data leak by protecting your business information today with one of our secure cloud storage packages.

Mitigating Data Leaks | Part 2

How to Reduce and Mitigate Data Leaks

In the first article about data leakages, we took a deep dive into the causes and consequences that follow when private information from your business gets into the wrong hands.

Preventing unauthorised access to privileged information is essential for every company in the digital age. In this article, we take a look at some policies you can implement to secure your data and take you through a response plan that you can implement if a data leak occurs.

Plugging the leak before it happens

The majority of data leaks are not malicious. They usually take place as a result of human error, and it’s not easy to prevent your team from making mistakes no matter how well you train them.

However, it’s important and possible to implement systems that take away the potential for major data loss as a result of employees making simple mistakes.

Here are a few strategies you can employ in your business to secure your data against leakages

Train your team

  • IT security training is essential for all company employees in a modern business;
  • As part of this training, you’ll want to brief your team on secure email policy, how to identify risky behaviours, and why it’s important to never share sensitive company information with outsiders.

Implement zero trust security

  • Data leaks take place when the wrong person has access to your information;
  • Limit your team’s data privileges so that each member can only access files and other information that are essential to their tasks.

Automate your tracking and monitoring

  • There are many excellent types of software that will allow you to monitor suspicious behaviour like sensitive files being emailed outside of the organisation or unknown users accessing your folders.
  • Automatic alerts and access denials can be built in to help you respond swiftly to a data leak.

Mitigate data leaks within your organisation by further enforcing cybersecurity best practices, such as;

  • Controlling devices with a Mobile Device Management solution
  • Implement robust email security policies
  • Ensure strong printer controls
  • Enforce real-time data auditing

What to do if a data leak takes place

As with any security event, time is of the essence when you realise that a data leak has taken place in your business.

As soon as the leak is brought to your attention you should take the following steps to minimise the damage it may cause.

  • Identify the responsible party. This calls for a lot of honesty and trust between you and your team but it’s always better to admit your involvement in a data leak than trying to hide it.
  • Understand exactly what’s been leaked. By documenting the number of files that have leaked out of the organisation and knowing what they contain, you’ll have a good idea of what information could potentially be in the wrong hands.
  • Beef up your security to prevent future leaks. Once you understand exactly how the leak occurred you can take steps to ensure that the same chain of events never occurs again. This will help secure your company’s data in the future.

Secure cloud storage is an essential tool in preventing data leaks

One of the reasons why leaked data is so dangerous is that anyone can read it and use its contents to do harm. But if your data is encrypted and safe in the cloud, it’s highly unlikely that anyone will be able to access it – and even if they do it’ll be incredibly difficult for them to decode it and make sense of the contents.

A secure cloud storage solution could be your company’s secret weapon in the fight against data loss. To learn more, browse our range of packages and find one that suits your personal or business needs.

How to find lost data | Data recovery

How can lost data be recovered?

Have you ever tried to open a file on your computer only to find that it’s corrupted or not there at all?

Be it a single file or an entire directory or hard drive, data loss can be a huge inconvenience for any business. Fortunately, there are some ways you can recover lost or corrupted data – and the best way of all is by choosing secure cloud storage.

Let’s take a look at the process involved in physical data storage and loss and how you can try to overcome this problem should it occur.

data storage 101

Before you can recover lost data, you’ll need to know exactly how it’s stored on your computer. Here’s how information goes from your screen to your hard drive:

  • When you save a file, it gets broken up into many small bits of data and each of these is stored in a different part of your hard drive.
  • When you access the file, your computer puts these little pieces back together and splits them up yet again when you save the file again.
  • This process goes on almost continuously when your computer is in use, and it’s not surprising that with all this splitting and recombining, errors sometimes occur.

If even one of the tiny pieces of your file is missing, your operating system and software probably won’t be able to read the file. At this point you’ll probably get an error message saying that your file is corrupted.

how to recover lost data

Corrupted files are only the tip of the iceberg when it comes to data loss.

If a large enough error occurs or if your hard drive is physically damaged, you could lose an entire directory or even lose access to your hard drive altogether.

Another difficult scenario could occur if you accidentally delete a file and want to access it later.

Fortunately there are a few things you can do to recover your data. While none of these is guaranteed to work in every case, there’s still a chance that you could get some of your information back.

Windows Users

  • Windows Backup may have stored a usable version of your file. If not, a disk imaging app may be a good option to keep your data safe.

Mac Users

  • Using Time Machine, Apple’s built in backup and restore app, you may be able to recover your lost or damaged files.
  • It’s important to note that depending on when your last backup was, you may not be able to access the most recent version of your files.

All of these techniques are worth trying, but the reality is that you may still find yourself unable to recover your data. To enjoy full peace of mind it’s always best to opt for cloud storage and keep your data safe even if you have a hardware failure.

stop data loss before it happens:  trust the cloud

Physical storage like hard drives, DVDs, and flash drives will always be vulnerable to hardware failure. That’s why you need the cloud.

Secure cloud storage allows you to save your data remotely, with multiple copies and encryption technology working to ensure the safety of your information.

To find the cloud storage package that suits you best, browse our range of packages today.