By Craig Lowe, MD at execMobile
In today’s digitally driven, information saturated world, data privacy is a massive issue. One only needs to look at recent high profile cases of corporate cybercrime (Sony, AshleyMadison.com) to grasp the scope of the challenge.
On the local front, the imminent implementation of the Protection of Personal Information Bill (‘POPI’) is placing data privacy under a particularly glaring spotlight. As local companies prepare for POPI, they are being forced to take a hard look at their systems and processes, and to ask critical questions around various internal policies.
As this process unfolds, I believe that many organisations are failing to ask a key question: Is our corporate Wi-Fi policy POPI compliant?
In my view, most companies would have to answer this question with a resounding ‘no’.
As a reaction to the high costs associated with data roaming, and countless reports of bill shock when executives and employees return from business trips abroad, companies have been actively encouraging their traveling employees and executives to use the public or hotel Wi-Fi for connectivity.
Yet in most instances, employees only travel with their personal smartphones and tablets (not their laptops), and so use these personal devices to access potentially sensitive company data and IP.
As a result, these devices are being used to connect to public or hotel Wi-Fi, which is notoriously vulnerable to cyber criminals. Indeed, late last year, Russian security firm Kaspersky Lab discovered that devices belonging to executives visiting luxury hotels in Asia were being infected with malware delivered over public Wi-Fi networks.
Despite this threat, most companies do not compel their employees to install strong end-point security on their personal devices. Worryingly, the result is that companies are in danger of non-compliance with POPI, which stipulates that ‘companies must ensure the integrity and safekeeping of personal information in their possession or under their control, and must take steps to prevent the information being lost or damaged, or unlawfully accessed.’
By encouraging employees to use public or hotel Wi-Fi on their personal devices (without strong end-point security), particularly for work purposes, I believe companies are exposing information to the risks of being both lost and unlawfully accessed.
It must be noted that non-compliance with POPI carries stiff penalties – Directors can land themselves in jail, and companies can face huge and potentially crippling fines.
So how can organisations address the issue of connectivity for employees traveling abroad, at minimal expense, while remaining POPI compliant?
The first, more expensive option is to ensure that there is strong end-point security on personal devices being used abroad. Another option is to force employees to use local SIM cards, but this presents a host of new security concerns. The third potential option is to use a secure, mobile Wi-Fi solution. At execmobile, for example, we have developed a sophisticated mobile device called PocketWifi, which makes it both safe and affordable to use mobile data in over 140 countries.
As local companies become simultaneously more global and more dependent on secure access to data at anytime, and from anywhere, it is critical for them to find the right solution. And when the full force of POPI is unleashed, those companies caught flat-footed and unprepared will undoubtedly face severe repercussions.