data breach

Largest Settlement Ever Paid for a Data Breach

We have spoken about the cost of data breaches to businesses in the past, but recently, the industry has seen the largest settlement ever paid for a data breach and it serves as an apt reminder. Equifax, a reliable credit reporting agency, is paying a whopping R10 billion to settle claims after a data breach that affected just less than 150 million people. Shocked? You should be!

The Compromise that Cost R10 Million

The data breach started at the beginning of 2019 where 3 800 breaches, which were publicly reported, compromised a massive collection of records – 4.1 billion to be exact. As it turns out, email addresses were exposed in some of those breaches (70%) as were passwords (65%).

While Equifax is paying the biggest settlement ever in SA for data breaches, the extent of the exposed data doesn’t begin to compare to that of Liberty Life’s, which saw the personal info of more than 30 million people leaked online. It seems, conversely, that Equifax is facing more responsibility.

The Problem & The Solution

The sheer volume and number of data breaches in South Africa implies a lack of observance by businesses to comply with data security laws and implement safety measures to protect the personal particulars of customers.

A reasonable solution to this problem would be to hold companies accountable for their failure to implement the necessary safeguards. To do this, the regulator needs to get involved and ensure the following:

  • Strict measures are enforced to prevent data breaches
  • Action must be taken against negligent companies in terms of the PoPIA (Protection of Personal Information Act) and the GDPR (General Data Protection Regulations.

The ideal scenario is that businesses will pull up their proverbial socks when the threat of hefty fines, civil claims, and damage to image, become a reality.

The Responsibility of IT Managers is Changing

In the past, IT managers had a rather relaxed approach to asset management which provided the ideal opportunity for business assets to be used in some way or another to action a data breach.  In future, IT Managers will have greater responsibilities that would ensure that they:

  • Are accountable for each and every device within the business including laptops, tablets, mobile phones, PCs, and more.
  • Have a detailed list of all employees that have access to any IT asset and where each asset is at all times.
  • Ensure that networks are set up to disallow connection from risky devices and to ensure that all connections are secure.
  • Declare that all devices have data encryption software installed and that regular, secure data backups are carried out without fail.
  • If BYOD (Bring Your Own Device) is allowed, measures must be set in place to safeguard against data risks arising from such a policy.
  • Ensuring that disposal of redundant IT equipment and devices is done in a safe and secure manner.

Data security is becoming more of a risk with each passing year and it is the responsibility of the business owner and employed IT managers to ensure that the business, its employees and customers are effectively safeguarded and protected. Are you doing everything possible to protect your business and its sensitive data? If not, take the first steps today!