With recent data breaches at banks here and a regional government, an information technology expert has warned Government and companies to pay greater attention to cybersecurity.
And just as lawmakers move to introduce a law to protect personal data, the expert, the regional sales and business development manager with technology solutions firm Group PBS Ashish Uttamchandani is cautioning people about the amount of personal information they post on social media.
“You may post something today and 20 years later it may show up again.
“So the more data you post the most exposed you become.
“The more often you post, what you post, where you post it, people can start creating a profile on you. We should be mindful of that.
“I don’t think we need to be scared but we need to exercise common sense.
“At the end of the day, we need to balance the benefits of technology and still exercise some caution,” he said.
The warning follows a number of recent developments including a recent hacking of a number of government websites in Trinidad and Tobago and Automated Teller Machine (ATM) fraud here where criminals hacked into customers’ accounts and stole an unknown sum of money.
Uttamchandani said it was critical that both public and private sector organisations pay careful attention to cybersecurity and that individuals play their part by becoming more aware.
Firms should make it a priority to carry out regular penetration testing to ensure they were always ahead of hackers, he suggested.
He told Barbados TODAY: “Thousands of websites are defaced on a daily basis across multiple regions including the Caribbean.
“We need, whether from a government or private sector perspective, to ensure that we have our systems patched and we have our cybersecurity environment in order.
“What we need to definitely focus on is how do we have our systems patched, how do we conduct annual or, I would suggest, even quarterly penetration testing to make sure that these websites are not defaced, because while they may not be connected in some instances to core systems, the damage to defacing these websites is really on a reputation impact.
“So as we move towards a more digitally connected economy we need to spend a lot more time on the security side of the business.”
Using phishing – the practice of soliciting information under pretence – as an example of how data can be stolen or misused, Uttamchandani said businesses should play a greater role in educating staff and clients.
In relation to ATM fraud, he urged both individuals and institutions to employ a “multi-layered approach” to data breaches, which he suggested are inevitable.
“The financial institutions need to look back at their security and make the public more aware of these things,” he said while encouraging individuals to also ensure their own safety by checking the banking machines before using them.
He further advised that as companies become more proactive they should also implement “a form of cybersecurity incident response so that when an incident does happen we are prepared in terms of public dialogue and we know the steps taken from the business side”.
In light of the introduction of the draft data protection law, which legislators say is compliant with the European Union’s recently enacted General Data Protection Regulations (GDPR), the PBS executive said he welcomed the move.
He added: “What it essentially says, for the average person, is that organizations and governments will ensure that their data is protected and they will take adequate steps to ensure that if there is a particular breach that those persons whose data have been breached they would be notified in an appropriate manner.
“Fundamentally, as we move towards a more digitally connected economy we do need to pay a lot more attention to the security component.” [email protected]