The Protection of Personal Information Act (POPI)

Why encryption is an important element in data security

TAKE THE COMPLIANCE CHECK DOWNLOAD FREE GUIDE

POPIA & Security

POPIA states that ‘appropriate, reasonable technical and organisational steps’ to prevent personal information from being unlawfully handled, and that international standards and laws should be considered.

The General Data Protection Regulation (EU) and the Data Protection Act (UK) are therefore important points of reference that describe the three necessary pillars of IT security…

3 Pillars of IT Security

 

1. The Fundamentals: Endpoint Protection

The ever-increasing cyber threats such as ransomware, phishing or social engineering present risk to your data and a successful attack can bring about both a data and financial loss to an organisation. ESET Endpoint Protection uses multi-layered, next-generation technologies that go far beyond basic virus scanning that should form the foundation of any basic IT security setup.

2. Integrity through secure system access

Weak or lost passwords are among the greatest security risks to a system. No amount of security can be effective if passwords are compromised. ESET Secure Authentication is a two-factor authentication product that minizes the risk of passwords becoming compromised and allowing attackers to gain unauthorised access to your system and data.

3. Confidentiality through encryption

Maintaining the confidentiality of personal information is a key requirement of POPIA, especially account numbers and ‘special personal information’. The GDPR specifically prescribes encryption as a mandatory measure towards data privacy, and therefore encryption is a necessity for POPIA compliance. DESlock Encryption by ESET is an effective measure for protecting highly sensitive information, as well as providing a safeguard against a data breach if a portable storage device is misplaced, intercepted or stolen.

What do I need from encryption?

While key length and the range of software features are important, they do not tell you how well a product will perform from the user’s point of view – or from the administrator’s.

FIPS - 140 Validation

The most widely accepted independent validation is the FIPS-140 standard. If a product is validated to FIPS-140 then it is already more secure than most situations demand and will be acceptable under the GDPR and other regulations.

Ease of use for non-technical users

There will always be situations where your employees will need to decide whether or not to encrypt a document, email, etc. It is vital that they are able to use the software provided and can be confident that encrypting data will not lock them – or authorised recipients – out.

Remote management of keys, settings and security policy

To avoid staff having to make security decisions, encryption can be enforced everywhere – but this tends to restrict legitimate business processes and can stifle productivity. The inclusion of a remote management capability – one that allows changing of encryption keys, functionality or security policy settings for remote users, who typically represent the biggest security issue – means that the default settings for enforced encryption and security policy can be set higher without limiting normal processes elsewhere in the business.

Management of Encryption Keys

One of the biggest usability challenges is how users are expected to share encrypted information. There are two traditional methods:
Shared passwords, which suffer from being easy-to-remember-and-insecure or impossible-to-remember-and-secure-but-written-down-or-forgotten, or;
Public-key encryption, which works well across smaller workgroups with no or low staff turnover, but becomes complex and problematic with larger or more dynamic teams.
Using centrally-managed, shared encryption keys avoids these problems, with the added bonus of mirroring the way that physical keys are used to lock our houses, apartments, cars, etc. Staff already understand this concept, and it only needs explaining once. Coupled with a premium remote-management system, shared encryption keys strike the optimum balance of security and practicality.

Try ESET DESlock+ for free

While key length and the range of software features are important, they do not tell you how well a product will perform from the user's point of view - or from the administrator's.

We use cookies to ensure you get the best experience on our website. More info.

OK