With the creation of business-related WhatsApp groups becoming something of a norm in today’s digitally-connected society, Simone Dickson, Director within the Technology and Sourcing practice at commercial law firm Cliffe Dekker Hofmeyr, says that businesses need to be especially aware of the inherent data security risks associated with using these social platforms.
“As is the case with any social media platform today, businesses and their employees need to exercise discretion in what information is shared and made available, also ensuring that the host or provider of the social media platform has taken security measures acceptable to the business and appropriate to the risk. Awareness of who the business is actually engaging with is critical.”
Cyber breaches are a real risk, she explains, referring to the World Economic Forum 2018 Global Risks Report, which ranks large scale cyberattacks and major data breaches or fraud among top five most likely risks in next 10 years. “On an international level, UK market research company, Ipsos MORI undertook a cyber-security breaches survey in 2017 and identified that 46% of UK business experienced cybersecurity breaches in the last 12 months.
“There have also been a number of data breaches either in South Africa or affecting South African users which have hit the headlines as of late,” she adds. “The potential risks to businesses affected include damage to reputation, loss of shareholder and customer confidence, business interruption, loss of competitive edge, loss or damage to technology and infrastructure, possible regulatory scrutiny, fines and penalties and costs to remedy the breach.”
When asked what legal recourse is currently available locally, Dickson says that businesses would generally need to rely on common law remedies in the event of a breach, although this would need to be assessed on a case-by-case basis. “Whilst the Protection of Personal Information Act, No. 4 of 2013 (POPI) and Cybercrimes and Cybersecurity Bill (Bill) do introduce statutory measures which will assist businesses in legal recourse in the event of cyber breaches, neither of these are fully in effect as yet.”
As such, she urges business owners to undertake effective due diligence on service providers providing them with social media platforms and online services. “This includes assessing levels of data security and deciding whether the platform is appropriate in the context for which it is going to be used.
“In the context of WhatsApp in particular, whilst this may be used effectively as a business tool, it is still ultimately user-based and not centrally controlled by the business itself. Accordingly, the rules of engagement and employee policies must be clearly established upfront. It is also essential to determine where data is to be hosted to consider which data protection laws are in place in the relevant jurisdiction.
“Where sensitive business data is shared via a social media platform (including any backups of such data), this should be subject to stringent security measures. Due to the prevalence of cybersecurity risk, this should be a board level agenda item with a dedicated focus. Businesses should also formulate a breach response plan in order to be fully prepared in the event of a data breach so as to allow for pro-active management rather than crisis driven responses,” Dickson explains.
She adds that data breaches are unfortunately inevitable and it is up to business to be aware of inherent risks and take pro-active steps to mitigate these risks. “Awareness and education is critical,” she says.
Product of the Day1 week ago
Naspers invests R42-m in public transport
Product of the Day7 days ago
Opera launches Hype in SA
People 'n' Issues1 week ago
Loyalty points get tax break
People 'n' Privacy7 days ago
POPI is NOT coming to get you
Stream of the Day1 week ago
E3: What to expect from Ubisoft Forward
Stream of the Day7 days ago
Square Enix summer showcase comes to E3
Cybersecurity6 days ago
Biometrics set to replace passwords
Stream of the Day6 days ago
Fate of Kai changes the way we game