Jan Coetzee
There is a great deal of talk around GDPR (Global Data Protection Regulations) these days. Especially about how external companies (e.g. Social networks, marketing, and online shops) access and use peoples’ personal data. As well as to how to protect yourself and your data online, from your data being exploited or sold without your knowledge for example.
How do companies deal with protecting their most valuable asset ‘Information?’ It has become the currency of the 21st century. There is no getting around this statement, you control the data, you control revenue streams and the access to information that people have. If we look at how fast, we consume information and how swiftly it has seemingly become something we cannot live without, one would even be as bold to say it has reached a point where we can and should include it in Maslow’s hierarchy of needs. Just like, there are calls to add access to the Internet to Maslow’s Pyramid of needs. This is not an exaggeration, just look at your own web surfing and social media habits.
The way most of us act, it would be considered at the top of the pyramid. Which begs the question; how secure is your organisation’s data? We hear of breaches and leaks of information in various organisations and industries, and recently at our very own doorstep. Namibia had to deal with one of its own organisations being the victim of a data leak at the Social Security Commission. Personal information, details and data of thousands of people registered with the Social Security Commission (SSC) was leaked online. The leak, extracted from the SSC website recently, included personal information of clients such as salaries, home addresses and copies of national documents, including ID cards and passports. A tremendous security leak and breach any organisation has to deal with. The extent of the leak is not yet fully known, but documents reportedly seen by The Namibian newspaper so far shows that the breach of confidential information affects over 2000 people registered with the agency.
How does an organisation address these challenges?
One would think that getting the most expensive security measures in the world would do the trick. However, how do we know which is the best? There are lots of criteria for this. There is a saying; ‘most expensive is not always the best.’ Is the most expensive the best for our organisation? Do we need a sledgehammer to hammer in a nail?…Might the security solution not be too much for an organisation. One size definitely does not fit all.
We need to examine and answer with regards to operating model, strategy, industry regulations, Risk Appetite and Cultural and Behavioural Aspect, of the specific organisation.
Right here in Namibia there are organisations like Headway Consulting, specialised in answering exactly these questions and capable of analysing the needs of an organisation. Embracing, adopting, and adapting best practice frameworks is the safest way to proceed and makes the most business sense.
ISO/IEC 27001, the Standard for information security management in organisations, specifies an Information Security Management System (ISMS), a suite of activities focused on the management of information risks or ‘information security risks’ in the everyday life.
The standard covers all types of organisations (e.g. commercial enterprises, government agencies, non-profits), from micro-businesses to huge multinationals, and all industries or markets; e.g. retail, banking, defence, healthcare, education and government.
The COBIT 5 framework for the Governance of Enterprise IT is essential to abide by for organisations. It is the latest edition of the globally accepted framework, providing an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises.
The principles, practices, analytical tools and models found in COBIT 5, embody thought leadership and guidance from business, IT and governance experts around the world.
This all seems a bit high level and for many of us sounds like another language or a whole different world. However, there are specialists that can assist and ensure that data breaches don’t occur and that your own data and information as well as that of your customers and users is safe, secure and adheres to international standards.
That is why the consultants at Headway are there. It is their information and data too, which they can help keep safe. Namibian organisations play and operate in a global arena these days and need to adhere to international best practises on many levels, but especially when it comes to keeping data safe.
*Jan Coetzee is the Managing Director of Headway Consulting