How to protect data in a highly connected age
Examining the preparations that payment card industry professionals are undertaking to meet the security measures required for Payment Card Industry (PCI) compliance, it’s clear just how valuable the Payment Card Industry Data Security Standard (PCI-DSS) can be when it comes to safeguarding personal data. PCI-DSS is a real hero, designed to protect cardholder data that, of course, represents some of the most personal of personal data out there.
Under the Protection of Personal Information Act (POPI), any personal data you collect, process or retain in any form, physical or electronic, creates the obligation that you reasonably and adequately safeguard that data in order to be in compliance with the law. Performing a PCI-DSS gap assessment and implementing PCI-DSS controls to a wider scope of personal data beyond just cardholder data (including credit card numbers) within your organisation can establish a strong foundation for extended personal data handling and keep you on the good side of POPI regulators.
With POPI set to have a sweeping impact across all industries, especially for verticals such as financial services, healthcare, retail, hospitality, and law firms, due to the nature and type of personal data processed, the rule has created demands that many businesses will need assistance in meeting. It’s predicted that SMBs, NGOs, NPOs and charities will need more education, support and guidance in preparing their activities and systems for POPI compliance. Enlisting a high-quality consultant can help your company build out a roadmap of the measures that must be put in place, and services providing affordable solutions for taking reasonable measures to serve compliance needs will be highly sought by many sole-proprietors, closed corporations, company directors and board members seeking to solve these particular issues for their organisations.
In protecting personal information or sensitive data, organisations must look not just at safeguarding their internal data stores, but also at the many portable modern devices employees often carry and use to perform their work duties. Bring-Your-Own-Device (BYOD) items including laptops, USB drives, smartphones and tablets are equal links in the data security chain, and while they help keep employees productive, these devices are also more exposed to increased risks of loss or theft. Prioritising encryption for these portable devices used by an organisation’s workforce is essential to begin protecting data. Consider that these types of risks will soon rise as the aptly named “silly season” arrives in South Africa, when incidents of robberies, business and home burglaries, hijackings and car break-ins increase alongside insurance claims for the theft of these same kinds of portable electronics that organisations must be careful to secure.
Encryption alone, however, is only one piece of a successful data protection game plan. To guard against unauthorised device or data access and even potential identity abuse, organisations should seek out added functionality to perform data quarantines, on-network and remote data wiping, revocation of access when necessary, and killing of cached-credentials for further protection of accounts. These solutions provide better security for both company and employee-owned mobile data devices, along with the mobile device management capabilities and adequate reporting to demonstrate compliance to POPI regulators. Organisations will be able to find services like these offered locally by managed service providers (MSPs).
In many ways POPI has only raised the stakes for what were already beneficial data security practices. Data breaches, already costly and reputationally damaging, will now come with increased exposure, stiff fines and in some cases risks of criminal prosecution as well.
Whether driven by best practices or by the law, organisations should recognise their risk areas, either from exposed and unencrypted data or from unprotected employee BYOD devices, and invest in data security protection that will better safeguard its stakeholders going forward.
SMBs, NGOs, NPOs and even small charities might not have big systems, large budgets, or deep resources, and for many their entire operation runs not on servers but on a single or a few PCs alongside organisation-or-employee-owned devices. Still, these organisations cannot plead naivety and must do the basics to reasonably safeguard the heaps of personal data they process and hold. It’s true that all personal information is not created equal, but one good practice for these organisations is for them to adopt a “big buckets” approach for practical, reasonable, and effective security safeguards.
POPI should not be thought of as this big monster law that prohibits the processing and flow of personal information, but instead respected for its aims to regulate and provide an improved framework for what we lawfully can, cannot, or should not process, how we go about it, and what obligations we carry when processing or holding personal information of any natural or juristic persons in our possession. One reason parliament enacted POPI is to protect our people from harm, and, with identity theft and cybercrime on the rise in South Africa, it’s a needed law.
Amit Parbhucharan is the South Africa Country Manager for Beachhead Solutions, a company that designs cloud-managed mobile device security tools.
Automation of repetitive tasks leads to higher value work
Two-thirds of global office workers feel they are constantly doing the same tasks over and over again. That’s according to a new study (2021 Office Worker Survey) from automation software company UiPath.
Whether emailing, inputting data, or scheduling calls and meetings, the majority of those surveyed said they waste on average four and a half hours a week on time-consuming tasks that they think could be automated.
Not only is the undertaking of such repetitious and mundane tasks a waste of time for employees, and therefore for businesses, but it can also have a negative impact on employees’ motivation and productivity. And the research backs this up with more than half (58%) of those surveyed saying that undertaking such repetitive tasks doesn’t allow them to be as creative as they’d like to be.
“When repetitive, unrewarding tasks are handled by people, it takes time and this can cause delays and reduce both employee and customer satisfaction,” Gavin Mee, Managing Director of UiPath Northern Europe tells Business Chief. “Repetitive tasks can also be tedious, which often leads to stress and an increased likelihood to leave a job.”
And these tasks exist at all levels within an organisation, right up to executive level, where there are “small daily tasks that can be automated, such as scheduling, logging onto systems and creating reports”, adds Mee.
Automation can free employees to focus on higher value work
By automating some or all of these repetitive tasks, employees at whatever level of the organisation are freed up to focus on meaningful work that is creative, collaborative and strategic, something that will not only help them feel more engaged, but also benefit the organisation.
“Automation can free people to do more engaging, rewarding and higher value work,” says Mee, highlighting that 68% of global workers believe automation will make them more productive and 60% of executives agree that automation will enable people to focus on more strategic work. “Importantly, 57% of executives also say that automation increases employee engagement, all important factors to achieving business objectives.”
These aren’t the only benefits, however. One of the problems with employees doing some of these repetitive tasks manually is that “people are fallible and make mistakes”, says Mee, whereas automation boosts accuracy and reduces manual errors by 57%, according to Forrester Research. Compliance is also improved, according to 92% of global organisations.
Repetitive tasks that can be automated
Any repetitive process can be automated, Mee explains, from paying invoices to dealing with enquiries, or authorising documents and managing insurance claims. “The process will vary from business to business, but office workers have identified and created software robots to assist with thousands of common tasks they want automated.”
These include inputting data or creating data sets, a time-consuming task that 59% of those surveyed globally said was the task they would most like to automate, with scheduling of calls and meetings (57%) and sending template or reminder emails (60%) also top of the automation list. Far fewer believed, however, that tasks such as liaising with their team or customers could be automated, illustrating the higher value of such tasks.
“By employing software robots to undertake such tasks, they can be handled much more quickly,” adds Mee pointing to OTP Bank Romania, which during the pandemic used an automation to process requests to postpone bank loan instalments. “This reduced the processing time of a single request from 10 minutes to 20 seconds, allowing the bank to cope with a 125% increase in the number of calls received by call centre agents.”
Mee says: “Automation accelerates digital transformation, according to 63% of global executives. It also drives major cost savings and improves business metrics, and because software robots can ramp-up quickly to meet spikes in demand, it improves resilience.
Five business areas that can be automated
Mee outlines five business areas where automation can really make a difference.
- Contact centres Whether a customer seeks help online, in-store or with an agent, the entire customer service journey can be automated – from initial interaction to reaching a satisfying outcome
- Finance and accounting Automation enables firms to manage tasks such as invoice processing, ensuring accuracy and preventing mistakes
- Human resources Automations can be used across the HR team to manage things like payroll, assessing job candidates, and on-boarding
- IT IT teams are often swamped in daily activity like on-boarding or off-boarding employees. Deploying virtual machines, provisioning, configuring, and maintaining infrastructure. These tasks are ideal for automation
- Legal There are many important administrative tasks undertaken by legal teams that can be automated. Often, legal professionals are creating their own robots to help them manage this work. In legal and compliance processes, that means attorneys and paralegals can respond more quickly to increasing demands from clients and internal stakeholders. Robots don’t store data, and the data they use is encrypted in transit and at rest, which improves risk profiling and compliance.
“To embark on an automation journey, organisations need to create a Centre of Excellence in which technical expertise is fostered,” explains Mee. “This group of experts can begin automating processes quickly to show return on investment and gain buy-in. This effort leads to greater interest from within the organisation, which often kick-starts a strategic focus on embedding automation.”