Best practice tips for strengthening data privacy system

Issue 6 2023 Security Services & Risk Management, Information Security

Kgotso Masenya.

South Africa has become a fertile hunting ground for international cybercriminals. Research by security company Kaspersky, indicates that more than half of South African companies were targeted in the past year, while spyware attacks increased by 18,8% between the last quarter of 2022 and the first quarter of 2023. In respect of the latter, it is mostly government systems that are under siege.

Phishing, business e-mail ‘spoofing’, and malware attacks are among the most common cybercrimes, though Internet of Things vulnerabilities are increasingly being exploited as well. Unsecured smart devices often do not have adequate protective controls in place to detect, isolate and mitigate these cyber onslaughts.

According to Kgotso Masenya, Head of Information Technology at World Wide Industrial and Systems Engineers (WWISE), it has become crucial for organisations to build secure data privacy systems able to mitigate any possible attack.

Masenya has compiled a checklist of requirements for such systems. This includes:

• Compliance with regulations: The company should comply with any applicable data privacy laws, such as PoPIA in South Africa.

• Data inventory and classification: A company’s data should be broken down into categories based on significance and sensitivity.

• Access control: Access restrictions need to be put in place to guarantee that only people with permission may access sensitive information.

• Encryption: Encryption safeguards data both at rest and while it is being sent

• Data lifespan management: A plan for managing data throughout its lifespan, including rules for data destruction and retention.

• Secure data storage: Use of compliant and secure data storage options for data to protect against known vulnerabilities.

• Data masking and anonymization: Anonymise or pseudonymize sensitive data wherever it is practical.

• Data transfer security: Secure data transmissions are made possible by employing encryption protocols like SSL/TLS. Secure communication routes should be used, especially when sharing data with other parties.

• Audit trails and monitoring: Implement reliable auditing and monitoring mechanisms to keep track of data access and modifications.

• Incident response plan: Develop a thorough incident response strategy to deal with data breaches or privacy problems right away.

• Regular security audits and penetration testing: Periodic security audits and penetration testing.

“A further course of action,” Masenya says, “is the implementation of ISO/IEC 27001:2022, a standard developed by the International Organisation for Standardisation (ISO).” The tool speaks directly to information security, cybersecurity and privacy in terms of information security management systems.

“This standard gives an organisation the ability to implement a framework of controls that ensures there are sufficient redundancies and guidelines to conform to a school of international guidelines/standards that embodies governance, statutory and regulatory requirements, and cyber and information security,” Masenya says.

Enlisting the services of the right ISO specialist is just as important as the implementation itself, and companies should always look at aspects like reputation and experience, competence, conformance to industry standards and laws, proof of concept and the quality of gap analysis reports.

“Once implemented, the key people in managing the data privacy system are usually your chief information security officer, data protection officer, chief information officer, IT department and data owners and custodians,” Masenya says.

“What you want from them is to explain the importance of privacy and data management obligations and emphasise how crucial it is to follow data protection rules. They should also provide guidance on impact analyses and act as a point of contact for data subjects.”

“In addition, staffers in these positions should be responsible for implementing access restrictions, encryption and other strong security measures,” he adds.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

More than just a criminal record check
iFacts Security Services & Risk Management
When it comes to human-related risks, organisations and their most senior leaders focus on a narrow set of workforce risks, the potential risks that human workers pose to the business.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).

Tech developments lead hologram growth in 2024
News & Events Security Services & Risk Management
Micro-lenses, micro-mirrors and plasmonics are among the rapidly-emerging optical devices that have evolved on the back of holographic and diffractive technologies, and are seen as part of the natural evolution of optical science by R&D teams.

Trellix detects collaboration by cybercriminals and nation states
News & Events Information Security
Trellix has released The CyberThreat Report: November 2023 from its Advanced Research Centre, highlighting new programming languages in malware development, adoption of malicious GenAI, and acceleration of geopolitical threat activity.

SA enterprises can benefit from AI-driven cybersecurity
AI & Data Analytics Information Security
Cybercrime is big business, and threat actors deploy cutting-edge tools to carry out attacks. Fortunately, cybersecurity is constantly evolving to meet and counter the threats they face.

Africa Online Safety Fund announces grant winners
News & Events Information Security
The Africa Online Safety Fund (AOSF) has announced the winners of this year’s grants; among them are five organisations operating in South Africa to educate people about online risks.

Are you leaving money on the table?
Editor's Choice Security Services & Risk Management
How many customers have you helped since starting your business? Where does most of your new business come from? If the answer is not from your database’s existing customers, you might have a problem.

Consolidated cybersecurity management
Technews Publishing Editor's Choice Information Security Infrastructure
SMART Security Solutions spoke to Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro, to find out what makes Trend stand out from the crowd and also its latest market offerings.

210 million industrial endpoints secured by 2028
News & Events Information Security Industrial (Industry)
A new study by Juniper Research has found that there will be growth of 107% over the next five years in the number of industrial endpoints featuring cybersecurity protection.