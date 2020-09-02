Over the past decades, we have read reports of data breaches at some of the world's most famous companies with millions of customer accounts hacked, raising concerns about the safety of online shopping services.

Fortunately, countermeasures have repaired much of the damage. But each time there is a significant security breach, trust in online transactions is affected. Damage is done mainly to the thrust of moving most activities online.

There have been calls for guidelines to ensure customer privacy and protection on a global scale. The Europeans have in place the General Data Protection Regulation (GDPR) which aims to give residents of the EU more control over their data. Under the GDPR, organisations that handle data of EU residents must comply with clearly outlined data and privacy rules.

The Caribbean is also rolling out similar legislation and, in the case of Jamaica, the Data Protection Act passed earlier this year provides guidelines for the treatment of personal data. It also speaks to transparent oversight that will enable the public and private sectors to strengthen systems that provide protection for personal information. It was a hotly debated Act, and since its passage there have been lingering concerns. The Media Association of Jamaica, for example, insists that its suggestions to protect journalists were ignored.

Overall anxiety about data privacy remains a valid concern, considering how easily we share vital information in our online activities. Health records, tax registration numbers (TRN) and banking details are on the list of the most sensitive information stored online. Add to that all our social media activities, location data and search engine queries which are valuable and, in some instances, sold without permission unless you sign one of those wordy legal documents which come up from time to time.

Many of us have also become comfortable with “Siri” and “Alexa” which, while responding to your needs, create another set of valuable data.

And don't forget that the Internet of Things (IoT), meant to make living easy, is another way of gathering data from our refrigerators and other appliances.

All this creates both a challenge and an opportunity since we must ensure that we have the resources to manage the security systems required. All too often, organisations make security a lower priority when compared to other projects or goals. Implementing proper security controls can be costly, time-consuming, resource-intensive, and tedious.

The greatest challenge for us is protecting small businesses, since there are hundreds of such enterprises without the resources to stop intrusions.

Some of them are individually owned/operated while others collectively employ a few dozen people, if that many. They must protect their businesses in order to stay safe from phishing attacks, malware spying, ransomware, identity theft, significant breaches and hackers who would compromise their security.

Every organisation should have a security awareness programme. At a minimum, that programme should include formal classes on how to keep your environment secure, including password, e-mail, and web use guidelines.

It is vital to share corporate policies, procedures, and where to find them as well as how to recognise suspicious links, e-mails, and activity. There must be a high awareness of the heightened threat posed by pirated or legal downloads.

There must be regulations regarding the loss of corporate or personal devices used for work assignments. Personal security requires a database of contacts in case an incident occurs or if clarification is needed.

At a minimum, covering these aspects of security in a formal setting will help protect your business and ensure that each person within the organisation is doing his or her part when it comes to cybersecurity.

Data security goes beyond the workplace, particularly now that working from home is becoming commonplace. Being alert to the possibility of data theft is a requirement to round out best practices and will go a long way in securing information. In much the same way that you take measures not to alert thieves to your absence from home when you go on vacation, the same mindset will reduce the potential for break-ins to your storehouse of vital information.

It's a gentle but crucial reminder that safety and protection is everybody's business, whether it's your data or your home.

Send your feedback to: digitallife@jamaicaobserver.com