Every SME out there should be concerned about the Protection of Personal Information (PoPI) Act and the impact it has on your bottom-line.
All businesses store and process personal information at some point, be it that of employees or customers. PoPI is all about effectively governing the usage and storage of that data.
Most businesses & their people today, require the ability to access that data online whilst working remotely. This creates a huge risk of non-compliance and exploitation.
The reality is that POPI does impact all businesses that have control over, or process any kind of personal information. According to Botha, Eloff, Swart (2015), “Personal information is defined by PoPI as any information relating to an identifiable, living, natural or juristic person”.
Why is PoPI Important to SME’s?
The answer is simple: Brand reputation, business impact, financial and legal consequences.
According to thought leader, Monisha Prem, “It is in your business’ best interest to comply with PoPI as the consequences of non-compliance are severe”. Monisha reports on some startling financial and criminal penalties:
- Civil action for damages
- Fines of up to R10 million
- 12 months to 10 years imprisonment.
This begs the question: What can a SME owner do to circumvent this risk, and better secure the information that resides on its network?
Below is some advice on how you can secure this information & your network by implementing some basic network security elements.
Step 1: Ask & Answer
If PoPI is all about the protection of personal information then answer some questions about that data:
- Where is the data stored?
- Who has access to the data and is access effectively governed?
- What is the data used for?
- Is the usage or processing of the data tracked and controlled?
Once you understand how and when all this data is being used & stored, you can then look at taking the first step in safeguarding your business against the repercussions of non-compliance or security breach.
Step 2: Start at the beginning, its always a good place to start
You need to secure & govern access to all your data. If you have a website, a CRM server, or are keeping any records accessible via the internet, your data integrity and SME is at risk.
By implementing proper data security and access control, you can protect your accountability as a business, and more effectively govern the use of that data.
By showcasing your willingness to comply, you can also increase trust between your business and your customers.
Think about it: I would rather share more information with a company that I can trust to take the proper precautions with my personal data. I would be more inclined to shop online through their e-commerce store, or place my electronic signature on an order or contract.
Some things to consider about first-line protection, are:
- Draft a data security policy that governs storage, processing, and security of personal data. Ensure that the actions mentioned in the policy are measurable
- Store the data on a secured server/s behind some form of firewall
- Implement stricter access control mechanisms for your network
Step 3: Tighten-up your access points
By controlling access to the data, you decrease the risk of exploitation. The best and most effective way to do that, is:
- Train your staff on proper information management. Most security breaches happen due to human vulnerabilities or ignorance
- Implement secure access control mechanisms such as login’s, passwords etc.
- Secure your network – Control access to your network and data by using a firewall.
Related: PoPI: This Changes Everything
Step 4: Invest in Tech. Educate your Assets
Use firewalls to secure your network/s good and proper. Train-up your staff on information security and data management practice, and lock-down your network – one-time-shoe-shine.