Data loss continues to make headlines worldwide with financial institutions being the primary target. Breaches include everything from insider data theft to skimming to stolen or missing hardware.
Being one of the most highly regulated industries, financial services needs to improve its data protection more than ever before. This industry is being put under the microscope by regulators, clients and investors alike - especially with the introduction of the Protection of Personal Information (PoPI) Act.
The vast range and volume of new devices being deployed in the marketplace make it nearly impossible for companies to safely manage and dispose of excess electronics. Most companies are oblivious to the risks associated with asset disposition and theft, failure to mitigate the risks could have dire consequences.
Xperien CEO Wale Arewa says financial institutions offer a good economic return for data thieves. "Although data theft is a concern across all industries, the financial services industry is a primary target of fraudsters due to the inherent value of the underlying data."
"For these organisations, data breaches often mean a public relations nightmare, a distrustful customer base, a disgruntled board and uneasy stockholders. Regulatory non-compliance is just as big a risk and can be devastating, it’s a huge reputational risk," he warns.
There is a deluge of personal data that financial institutions deal with and possess as a part of their day-to-day operations. They are increasingly focusing on enhancing their data privacy programs due to the rising threat of data breaches, identity theft and associated fraud.
Arewa says audits can be time-consuming and resource intensive. "It can easily diminish even the healthiest budgets. Audits provide the necessary feedback that will reduce costs, and shortages, and negate the whole compliance process."
Technology devices hold all kinds of proprietary company data as well as confidential customer and employee information. Data breaches are hard enough to control within any organisation, but when they toss old computers in the trash without erasing the hard drive of old laptops, they could be releasing confidential data into the wild.
Data security laws mandate that organisations implement adequate safeguards to ensure the protection of individual privacy. Preventing employees and benefactors from receiving retired computers without data sanitisation and by acknowledging the risks and inherent conflicts of interest surrounding retired assets will result in more effective IT Asset Disposal (ITAD) policies and adequate safeguards.
He says data loss prevention is an executive-level initiative that impacts everyone, from HR to accounting and legal. "In a fast-paced and ever evolving IT environment, management continuously needs to recognise new methods for data protection, not only on working devices but on retired IT assets as well."
There has been a huge shift in the financial services sector to protecting data assets, these could include personal information, medical information and credit card numbers.
Financial institutions owe it to their staff, clients and shareholders to implement data protection mechanisms to ensure privacy and confidentiality. However, most financial services organisations no longer have a choice of implementing privacy protection due to the implementation of Government regulations with which they have to comply.
“Not only is the introduction of mandatory protection of personal data a huge challenge for companies, but now organisations are being prompted to rethink how they approach the reuse, recycling or recovery of their eWaste. The loss of confidence that they face from their suppliers and customers could seriously jeopardise their business,” he concludes.
For more information contact Xperien at (011) 462-8806 or email itad@xperien.co.za