South Africa is one of the top countries targeted by hackers. Unfortunately, businesses of all sizes tend to ignore the threat until they are hit. But, that’s all about to change.
New legislation requires all businesses in South Africa to tighten up their cyber defences – or face being hit with fines of up to one hundred thousand to ten million rands. The POPIA law (the Protection of Personal Information Act) was enacted in 2013 and stated that organisations must protect personal information, and it’s enforced as of 1 July 2021.
How Does POPIA Affect My Business and Cybersecurity Needs?
The POPI Act compels businesses and organisations to be more responsible when handling personal information, including the security of data and privacy policies. According to the act, “personal information must be kept secure against the risk of loss, unlawful access, interference, modification, unauthorised destruction and disclosure”.
If you are a business of any size that processes personal information inside South Africa, you need to comply. If you are not based in the country but use automated or non-automated means of processing in the country, it also applies to you.
One of the primary takeaways from the new regulations is the impact on security safeguards needed. It’s not something to be taken lightly. It affects businesses of all sizes. If you hold any private information, you need to secure it and ensure it complies.
Personal information covers more than your contact information. A company holding documents about your work history would need to secure this too, for example. Employment records, tax information, the list goes on. You are allowed to have the information, but you have to encrypt it, or if it is non-digital, store it in a high-security safe.
What does this mean for your business? First, it requires you to put in security strategies for the storage and/or termination of the private information data. For cybersecurity, this means putting in reasonable systems to prevent a breach of the data you hold.
If you have a breach, even though you have a cybersecurity system in place, you can walk away in terms of the POPIA regulations. But with South Africa firmly on the map as one of the countries consistently targeted by hackers, you also can’t risk your company’s reputation by any form of breach.
How To Get POPIA Compliant
You will need to work with a range of partners to be compliant. An attorney will be able to assist you with your legal compliance. They will walk you through the administrative and management steps that are in place.
In terms of your IT department, you will need to engage specialists that can supply you with the necessary security to help you become compliant. We can apply a solution fairly quickly.
Here are some of the steps we would take to ensure you are POPIA cybersecurity compliant:
First, we will conduct a risk assessment to see what’s in place. Based on this, we may suggest the following:
- New endpoint protection: If you have existing but insufficient endpoint protection, you can continue with it until the renewal is due. After this, we can install more stringent endpoint protection to ensure you are completely protected.
- The installation of a next-generation firewall on the edge of the network: A next-generation firewall (NGFW) has advanced security features. It detects and blocks malicious traffic that previous generations were not able to. This will constantly monitor the network. If it picks up a computer under attack, it will automatically isolate it from the network, begin resolving the issue, and alert us of the threat.
- Login security: If your employees are not using two-factor authentication for logins, this will be implemented
- Encryption: We will migrate you to an email server that allows encryption of emails.
What are the Costs of POPIA Security Compliance?
There are no upfront costs apart from the next-generation firewall stored in your server room that will protect you from outside hacking threats. The size required will depend on the size and needs of your business.
Cybersecurity Solutions for South African Businesses
The POPIA IT component is relatively small, but it’s vitally important. Coming soon, however, is the Cyber Security Act which is anticipated to be signed into law. It expands the need for cybersecurity. In addition, it will place penalties on businesses if they are hacked. A POPIA security intervention will ensure you are compliant with POPIA and future proof you for the upcoming legislative changes.
Let us take a closer look at two solutions.
Installing Microsoft 365 Exchange Online
POPIA requires that your information is stored securely. If you are currently using an IMAP or POP3 system as an email account type, you are not going to be POPIA compliant because they don’t include 2-Factor Authentication leaving your account vulnerable to hackers using brute force techniques. There are other benefits. If an employee’s mobile phone is stolen, for example, a quick call to your software manager of Microsoft 365, and we can wipe the logins to prevent anyone from accessing the device.
Install Sophos InterceptX Advanced
Sophos InterceptX Advanced is an extremely advanced and sophisticated endpoint protection solution for your computer. It is a very effective way of securing all of your personal and business computers. Sophos InterceptX Advanced protects your endpoints. SophosLabs threat intelligence helps you detect and mitigate threats in real-time, which is crucial to modern security. In addition, Sophos web, application and peripheral access policies follow your users wherever they go with tight security.
Many of the breaches companies encounter are caused by unsafe email use of their employees, such as clicking on links that are phishing scams. Part of the service when Sophos Security is installed is gamified training. Staff are sent mock phishing attempts, and if they fall for the “scam”, they are automatically flagged and given information and support to ensure it does happen in an actual situation.
Want a Free POPIA Compliance Cybersecurity Audit?
Contact PM&A Consulting, and we will set up an appointment for a free on-site audit. We will make recommendations and supply you with an obligation free quote.
Whatever the size of your business, we will assist you in becoming POPIA compliant and offer you affordable managed services for network support and maintenance. In addition, we’d love to discuss how we can help support and protect your organisation.