PHOTO - George Chang - Fortinet's regional director for Southeast Asia & Hong Kong.
Malaysian companies need to review their securing of sensitive information as the theft of Personally Identifiable Information (PII) is increasing, according to network security provider Fortinet.
Fortinet regional director for Southeast Asia & Hong Kong George Chang said Malaysian companies need to protect against PII breaches to prevent reputation loss and reduce compliance penalties.
"While financial penalties for non-compliance can be prohibitive, these fines can easily be exceeded by the costs of 'clean-up' and remediation, should customer PII be either accidentally or maliciously exposed in an actual data breach," said Chang. "Such 'clean up' includes physical letters to the entire database, resources to deal with customer queries and possibly manufacturing costs of new credit cards, not to mention reputation loss. These accumulated costs could be enough to take a company out of business."
He said that PII included any data that could be used for identity theft purposes, i.e. any unique piece of data that can be linked to a specific person, such as name, address, date of birth or telephone and social security numbers. "Identity theft has become a growing problem as hackers and cyber criminals could easily access a company's network and steal customer's sensitive data."
The importance of securing PII has increased recently as more organisations in Asia Pacific adopt compliance regulations, which include financial penalties for those not meeting security standards. "However, surveys show that identity theft incidents are still on the rise. Easy access to databases through cloud collaboration platforms and social networking, mobility and the other IT trends have paved the way for cyber criminals to pilfer users' most personal information from the Web."
Chang said that while data was never 100-percent secure, especially when stored or being transferred online, CIOs and IT security professionals in Malaysia are advised to adopt the following best practices to mitigate the risks of PII breach:
- Educate management and employees on risks;
- Adopt role-based data loss prevention solutions;
- Comprehensively assess the location of all risk areas.
Sign up for CIO Asia eNewsletters.