Physical, digital and behavioural security the key to cyber protection
Singapore's new Personal Data Protection Act (PDPA) may not be enough to cover all aspects of data security, a new white paper by Shred-it says.
The PDPA received 3700 complaints about data leaks since July 2014, with additional research stating that more than 20% of fraud cases equal at least S$1.37 million, says the white paper. With a typical organisation losing 5% of revenues, it can be damaging for small businesses in particular.
The white paper, titled Identity Theft - What the Future Holds, states that card theft affected 28% of the population over the past five years. Card theft is closely linked to identity theft.
Even stolen mobile phones can expose confidential information to unwanted access. Leaving paper in a rubbish bin or on messy office desks also jeopardises organisational security.
Data security has used digital platforms to prevent outside hacking attempts, however the white paper states that 58% of breaches are committed by employees, whether intentional or by accident. As a result, external threat protection is useless. Social hacking is also a threat that leverages employee gullability to access sensitive information, instead of committing a full-scale external attack.
The white paper suggests that cybersecurity should be a well-rounded approach, managing security and people to better protect organisations against threats.
"We believe every business would do well to take a holistic approach to data security, which involves taking into account physical security, digital security and human behaviour," says Duncan Brown, General Manager of Shred-it Singapore.
"Companies need to focus on methods to protect both physical and digital security, while at the same time putting processes in place to ensure employees are not susceptible to accidental breaches or phishing scams while still being able to carry out their duties without too much red tape," Brown continues.
The white paper suggests shredding physical documents as well as implementing digital data protection.