Over the past few years, the term “digital transformation” has been bandied about, but most companies were at a relatively early stage of this journey. Then Covid-19 hit, and not only highlighted the need for digital transformation, but pushed it to the forefront for most businesses.
Organisations of all sizes have fast-forwarded their digital transformation journeys exponentially in order to prepare for the remote work environments that lockdown forced on us. What started with a scramble to provision laptops for employees has turned into a normal way of working for most knowledge workers. However, what became apparent early on was how few companies were prepared for this move, particularly when it came to securing their data.
Because, ultimately, modern business is all about the data.
It’s about the ability to use data to enrich business offerings, create better profits and efficiencies – and it’s about the protection of data. Companies have accumulated vast troves of data over the past decade, and while governance and privacy strategies may have been put in place by many companies, locally at least, this has not been highly regulated.
We have been operating with the King guidelines, which are essentially about doing the right thing with customer data, but the promulgation of the Personal Protection of Information Act (POPI) completely changes the conversation. As an industry, and as a company, we are looking forward to this regulation being enacted because it will fundamentally change the behaviour of many people making decisions in business, the same way GDPR has in Europe or CCPA has in the state of California in the US.
That’s because there is a growing trend for consumers to make choices about the companies they go to based on how well those companies protect their data. And because, when it comes to data, there’s always a dark side.
Bad actors are constantly looking for ways to get to people’s data. They want to get hold of customer data, of a company’s IP, and are constantly looking at ways they can exploit technology to achieve this. They can always find vulnerabilities because not everyone has security in mind when building a service, and there is still a disconnect between how companies create a service, how they take it to market, and how they secure it.
Covid-19 has accelerated an awareness of the need to have security baked in from the start. There are no borders in cyber, and this has proved the biggest challenge for companies who have been forced into a remote working scenario. What organisations used to assume was their border is no longer relevant as they have had to start creating 500, 10 000 or 30 000 borders for each of their staff.
As a result, companies are starting to enforce security and being secure, regardless of the services they offer, and how they offer them. There is a growing awareness that if security and securing information is not paramount, there’s no point. The minute a company’s data is hacked, it becomes a cost to the company and a cost to the consumer. Once it’s on the internet, someone can buy your credit card details for $1. They can buy your identity for $10.
In much the same way that the effects of the recession of 2008 saw the birth of companies like Uber, Netflix, and so on, Covid-19 is allowing businesses to reenvisage what people are doing, and how they are consuming things. This will give rise to new companies that will find new ways to take advantage of digital services. But they have to do so in a safe way.
At the moment, security is only a concern after an incident has occurred. This must change, and security must be baked into every product and service. As technologies and services continue to become more complex, security must be the paramount consideration, not an after-thought.
to connect with our expert