Best practice tips for strengthening data privacy system

Issue 6 2023 Security Services & Risk Management, Information Security


Kgotso Masenya.

South Africa has become a fertile hunting ground for international cybercriminals. Research by security company Kaspersky, indicates that more than half of South African companies were targeted in the past year, while spyware attacks increased by 18,8% between the last quarter of 2022 and the first quarter of 2023. In respect of the latter, it is mostly government systems that are under siege.

Phishing, business e-mail ‘spoofing’, and malware attacks are among the most common cybercrimes, though Internet of Things vulnerabilities are increasingly being exploited as well. Unsecured smart devices often do not have adequate protective controls in place to detect, isolate and mitigate these cyber onslaughts.

According to Kgotso Masenya, Head of Information Technology at World Wide Industrial and Systems Engineers (WWISE), it has become crucial for organisations to build secure data privacy systems able to mitigate any possible attack.

Masenya has compiled a checklist of requirements for such systems. This includes:

• Compliance with regulations: The company should comply with any applicable data privacy laws, such as PoPIA in South Africa.

• Data inventory and classification: A company’s data should be broken down into categories based on significance and sensitivity.

• Access control: Access restrictions need to be put in place to guarantee that only people with permission may access sensitive information.

• Encryption: Encryption safeguards data both at rest and while it is being sent

• Data lifespan management: A plan for managing data throughout its lifespan, including rules for data destruction and retention.

• Secure data storage: Use of compliant and secure data storage options for data to protect against known vulnerabilities.

• Data masking and anonymization: Anonymise or pseudonymize sensitive data wherever it is practical.

• Data transfer security: Secure data transmissions are made possible by employing encryption protocols like SSL/TLS. Secure communication routes should be used, especially when sharing data with other parties.

• Audit trails and monitoring: Implement reliable auditing and monitoring mechanisms to keep track of data access and modifications.

• Incident response plan: Develop a thorough incident response strategy to deal with data breaches or privacy problems right away.

• Regular security audits and penetration testing: Periodic security audits and penetration testing.

“A further course of action,” Masenya says, “is the implementation of ISO/IEC 27001:2022, a standard developed by the International Organisation for Standardisation (ISO).” The tool speaks directly to information security, cybersecurity and privacy in terms of information security management systems.

“This standard gives an organisation the ability to implement a framework of controls that ensures there are sufficient redundancies and guidelines to conform to a school of international guidelines/standards that embodies governance, statutory and regulatory requirements, and cyber and information security,” Masenya says.

Enlisting the services of the right ISO specialist is just as important as the implementation itself, and companies should always look at aspects like reputation and experience, competence, conformance to industry standards and laws, proof of concept and the quality of gap analysis reports.

“Once implemented, the key people in managing the data privacy system are usually your chief information security officer, data protection officer, chief information officer, IT department and data owners and custodians,” Masenya says.

“What you want from them is to explain the importance of privacy and data management obligations and emphasise how crucial it is to follow data protection rules. They should also provide guidance on impact analyses and act as a point of contact for data subjects.”

“In addition, staffers in these positions should be responsible for implementing access restrictions, encryption and other strong security measures,” he adds.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Identity recovery matters most
Security Services & Risk Management
As cyberattacks grow more targeted, more destructive, and increasingly aimed at the very fabric of trust within the enterprise, the ability to restore identities has become just as critical as restoring data.

Read more...
ISO 27701 helps demonstrate privacy compliance beyond POPIA
Security Services & Risk Management
ISO 27701 include privacy-specific controls and provides a structured way to manage Personally Identifiable Information (PII) throughout its lifecycle, giving organisations a way to demonstrate how privacy is managed.

Read more...
Echoes of 2018? Follow-up on Woolworths explosions
Technews Publishing News & Events Security Services & Risk Management Retail (Industry) Facilities & Building Management
SMART Security Solutions follows up with Jimmy Roodt to find out more about an old connection to the Woolworths bombings from 2018. The investigation remains ongoing.

Read more...
Increase in cyberattacks on the manufacturing sector
Security Services & Risk Management News & Events Industrial (Industry)
According to a new Kaspersky ICS CERT report, in the first quarter of 2026, the percentage of industrial control systems (ICS) on which malicious objects were blocked reached 19,6% globally.

Read more...
Next-generation cash-in-transit vehicle
News & Events Security Services & Risk Management
Fidelity Services Group has unveiled a new, purpose-engineered Cash-in-Transit (CIT) vehicle designed to redefine crew protection, deter threats, and enhance operational resilience in an increasingly complex criminal environment.

Read more...
The risk at the edge of South Africa’s agriculture supply chain
Security Services & Risk Management Agriculture (Industry) Logistics (Industry)
Research from ESET has found that a significant number of South African agritech operators and farmers continue to believe their companies are not attractive targets for cybercriminals. Unfortunately, that belief is precisely what makes them one.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
AURA partners with Discovery to launch Discovery 911
News & Events Security Services & Risk Management
AURA has announced a partnership with Discovery Insure to power the security-response component of its new Discovery 911 virtual panic-button offering, which is available through the Discovery Insure app.

Read more...
Break the silence on fraud
Security Services & Risk Management
We are entering a new era of fraud, one defined by groups that operate across borders, using advanced digital tools and impersonation tactics to deceive victims and wear down communities' trust and financial security.

Read more...
Africa’s white-collar crime landscape
Security Services & Risk Management
White-collar crime in Africa is no longer a predominantly domestic concern; it has expanded onto the international stage, and so too has the corporate exposure that accompanies it.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.