The world is getting more interconnected, and every day, the digital and the physical world get more interwoven. Just like everyone has a physical identity, people now also have digital identities on the different platforms they use and interact with.
Subsequently, we now have core privacy concerns on our hands. There is a concern about safety arising from the surveillance and tracking features that a lot of platforms use to track user behaviors and activities.This has some users concerned about how this information may or may not be used to cause them some sort of harm. You might recall some time ago when Uber was in a fix with the Lagos state government because it refused to release real-time customer data about movements and locations. This is just one instance.
We also have to be concerned about the inconsistent privacy policies. Privacy policies continue to change from one platform to another, and now users find it harder to maintain privacy or even determine how much information they are willing to share. That, however, is a topic for another day. My core concern today is that of large-scale data breaches exposing personal information, with the potential to lead to identity theft or fraud. Let’s look at the NIMC for instance.
Tekedia Mini-MBA edition 15 (Sept 9 – Dec 7, 2024) has started registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
Since the start of 2024, the National Identity Management Commission (NIMC) has been taking the heat for several data breaches which unverified websites now use to sell the identity of registered Nigerians. Investigative reports reveal that on websites like Expressverify, Idfinder.com.ng, Verify.ng, Championtech.com.ng, Trustyonline.com, and Anyverify.com; anyone can buy the national identification numbers (NINs), bank verification numbers (BVNs), or other personal data of Nigerians for as low as N100.
Mind-boggling, yeah?
There are many theories as to what could have gone wrong since the NIMC insisted that there had been zero breaches in its database. One of these postulations is the proliferation of third-party access to the NIN database. This more or less implies that with multiple third-party agents sending in illegal entries to the database, they may also have been able to access existing data. There have, of course, been calls for the Nigeria Data Protection Commission to heighten scrutiny of NIMC licensees after the website breached data protection protocols. But let’s see what lessons business owners can pick out of this.
The first is that you must be careful with user data. Anything that can happen just might happen if you don’t take the necessary steps to prevent it. Data is gold, and you need adequate and robust security protocols for your database. Strong encryption, multiple firewalls, intrusion detection systems, just name it. You need to get all in place to secure your data.
While taking these steps to protect data from external threats, you must not be oblivious to insider threats. It is possible for employees or contractors who have insider access to misuse their access carelessly or maliciously, leading to data leaks. Cybersecurity training for your staff will ensure that they do not carelessly cause data leaks, or click links from phishing emails, thereby compromising your secure data system.
You will need to have in place multi-factor authentications, and enforce strict role-based access controls, ensuring that employees only have access to the data necessary for their job functions. You could also limit the collection and retention of personal data to only what is necessary for the intended purpose, reducing the amount of sensitive information at risk.
If, despite all these, you still encounter a data breach, have an incident response plan to ensure quick and effective action. This plan should be regularly updated in collaboration with cybersecurity experts. It is not only vital to your customers but to the continuity of your business. Imagine what would happen if customers had to think twice before entering their email addresses or phone numbers on your website when placing an order. It could ultimately lead to a sharp decline in sales.
So get a hang on your data protection and cyber security practices, and see how the increased customer trust translates to sustainability over time.