Protecting your customers’ data

1 October 2019 Training & Education, Security Services & Risk Management


Simon Murrell

While customers may be taking precautions to safeguard their personal information and verify the companies they provide personal information to, they are entrusting organisations with their details and expect them to have measures in place to ensure that their data remains secure. However, according to the World Wide Worx State of Enterprise Security in South Africa 2019 study that was conducted in association with Trend Micro and VMware, only 35% of South African IT decision-makers were prepared for cyber-attacks at any time in the next 48 hours. Companies need to take action and have processes in place that not only protect their customer’s details but also provide their customers with tools to help prevent them from falling for phishing scams or spoofing emails for example.

Email verification tools

Email spoofing occurs when recipients receive emails that resemble official organisation emails. For example, a client may receive an email that appears to be sent from his bank with the corporate logo and similar distinct graphics that have been sourced online or copied from legitimate emails sent from the organisation previously. These images are embedded into spoof emails to convince recipients that the emails are legitimate and encourage them to follow specific phishing instructions.

However, email spoofs are not only sent to customers, there are instances where emails appear to be sent from internal sources to company departments and employees with particular instructions. These include instructions that request immediate payment of funds or for funds to be released or even requesting particular customer details. Without the necessary verification tools in place, these emails are often actioned with immediate effect.

With approximately 93 percent of malware coming from emails[4] it is evident that companies lack mechanisms for email authentication. These emails often look legitimate at quick glance and as such the recipient is likely to action it as per the instructions included. To overcome this, company email signatures should aid in enhancing security. This could include providing recipients with a verification page that provides additional information about senders, qualifications, titles, and details about the company.

The details included on the verification should be approved by various departments within the organisation to ensure that the job title and qualification for example, are accurate. In addition as email correspondence can constitute a legal document, the organisation should put measures in place to ensure that all emails that leave the company authenticate the identity of the sender on behalf of the organisation.

By adopting these security measures, companies would provide added peace of mind to their customers that emails they receive from the organisation are authentic.

Securing company templates

Looking beyond email signatures, companies need to put measures in place to secure company documents and templates from third parties. This includes removing former employees from systems and limiting the access vendors and other external parties have to company documents. For example, if important documents such as company letterheads are easily accessed via an unsecure platform, anyone could use the document to spoof recipients into providing valuable personal data or releasing funds.

For added security, company documents and templates should be housed centrally on a cloud platform that restricts usage to only those departments and individuals that need access to these documents. In addition employees should not be able to save company documents to their desktops for future use as these can be easily tampered with or shared with employees that do not need access to them.

Companies should incorporate a tracking system that provides line of site of who is accessing documents and when, as well as providing executives with statistics of user template compliance at any point in time.

This is supported by Varonis which states that fewer people should be able to access to sensitive company information as some of the biggest data breaches in the past year stem from a user who had access to files they shouldn’t have been able to see in the first place [5]. In addition they found that on average, only 3% of company folders are secured leaving employees open access to the majority of company documents and customer information.

Protection from the inside out

In many instances, companies have invested significantly into improving IT security with firewalls and antivirus and antimalware software, however, internal security measures have fallen through the cracks.

In some instances companies rely on third party organisations for email branding to be applied in the form of banners and email signatures which are applied after the email has been sent from the sender. By intercepting these emails, the emails are effectively tampered with and could put customer data at risk. It also poses questions about email authenticity which is key to establishing trust with customers.

Identity theft can occur by neglecting to cancel former employee access to documents. When employees leave an organisation, their access to company documents and systems should be removed from the system immediately and any storage of documentation on the workstation should immediately be flushed. According to Varonis 34% of company user accounts are stale but enabled and 64% of user accounts are stale or inactive. This opens up additional opportunities for identity theft and gives hackers access to useful information that could go easily unnoticed for an extended period of time. As stated by Varonis, “if you’ve got outdated users with active accounts, it’s like handing over a new set of papers to your hacker.”

Giving employees’ access to locked content that cannot be tampered with, provides additional security for customers. This practice reduces the risk of employees and third parties from altering the content and minimises the possibility of intentional and unintentional sabotage from employees. It also adds a layer of authenticity to the email, giving recipients added peace of mind that the content is authentic.

Putting the basics in place

While protecting customer and company data is a huge task, most companies have already started putting measures in place to minimise the risk of data breaches and identity theft. However, in order to provide holistic protection, they need to pay attention to basic requirements that can go a long way to adding a layer of protection to both the company and its customers.

Companies would benefit from building compliance standards into company documentation and emails, adding additional verification measures into emails and limiting access to specific documentation can all go a long way to helping to minimise threats and taking security to a higher level.

BrandQuantum develops software solutions to help companies deliver compliant customer communications and documents. The tamperproof email signatures that are sent out with every single email via Microsoft Outlook have built in verification tools to give customers added peace of mind that your company emails are authentic. The BrandOffice solution offers permission control to company documents so that only those employees that need access to your documents have it. In addition access to company documentation and templates is tracked and audited to give companies line of site of document usage and overall documentation compliance.

For more information, contact BrandQuantum at www.brandquantum.com

[1] www.securitymagazine.com/articles/90394-identity-theft-and-cyber-fraud-in-the-uk-hit-all-time-igh

[2] www.transunion.co.za/archives-article/your-identity-can-be-stolen

[3] www.banking.org.za/consumer-information/bank-crime/identity-personal-information-fraud

[4] www.varonis.com/blog/data-breach-statistics/

[5] www.varonis.com/2018-data-risk-report/

www.brandquantum.com/




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Value and industry insight
Securex South Africa Training & Education News & Events
Securex South Africa 2025, co-located with A-OSH EXPO, Facilities Management Expo, and Firexpo, drew thousands of security professionals from across the continent and beyond, offering a platform for networking, product discovery, and knowledge sharing.

Read more...
Gallagher Security achieves ISO 27001 recertification
News & Events Training & Education
Gallagher Security has successfully achieved certification to the updated ISO/IEC 27001:2022 standard for Information Security Management Systems (ISMS). This accomplishment builds on previous certifications and reflects a continued commitment to the highest standards of information security.

Read more...
A new generational framework
Editor's Choice Training & Education
Beyond Generation X, and Millennials, Dr Chris Blair discusses the seven decades of technological evolution and the generations they defined, from the 1960’s Mainframe Cohort, to the 2020’s AI Navigators.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
Key design considerations for a control room
Leaderware Editor's Choice Surveillance Training & Education
If you are designing or upgrading a control room, or even reviewing or auditing an existing control room, there are a number of design factors that one would need to consider.

Read more...
The deepfake crisis is here and now
Information Security Training & Education
Deepfakes are a growing cybersecurity threat that blur the line between reality and fiction. These AI-generated synthetic media have evolved from technological curiosities to sophisticated weapons of digital deception, costing companies upwards of $600 000 each.

Read more...
CCTV control room operator job description
Leaderware Editor's Choice Surveillance Training & Education
Control room operators are still critical components of security operations and will remain so for the foreseeable future, despite the advances of AI, which serves as a vital enhancement to the human operator.

Read more...
SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.