Starting 19 January 2023, about 35,000 users were contacted by Paypal, letting them know about a data breach that happened between 6 and 8 December 2022. This attack involved a case of credential surfing, where hackers gather lists of usernames and passwords. These credentials are in turn used to gain unauthorised access to user accounts.
Additionally, the hackers were also able to access account holders’ full names, dates of birth, postal addresses, social security numbers, and tax identification numbers.
Many businesses collate their customer information using a cloud database security system. This system serves as a hub for all customer data and sensitive business information, hence it is a constant target for hackers.
According to Awelle Osuka, backend developer at Pivo, “It is important to implement user authentication, authorisation, and identity management techniques such as multi-factor authentication, password policies, role-based access controls, and access logging and monitoring in order to restrict access. Regular data backup is important too in case there’s some loss of data along the line. A company can also set up firewalls because a firewall on any level can help block unauthorised access to the cloud database system.”
The implications of unauthorised access to a business database system range from impersonation, theft, fraud, revenue loss, and damage to brand reputation.
Building customer trust and business growth through privacy
Multiple reports of data breaches have led customers to be rightfully concerned about how their data is used, so as a business owner, you must prioritise privacy. Privacy goes beyond regulatory requirements, it is the first step toward gaining customer trust and driving growth for your business.
As a small business, you will most likely deal with third-party service providers who will be privy to all the sensitive information your customers might have shared with you. It is your responsibility to ensure that these service providers are not at risk of a data breach.
With trust comes loyalty, and to gain their trust, you need to prove to your customers that strong policies are in place to protect their data against hackers. Carry out due diligence to ensure your third-party service providers do not have a history of data breaches. Many small businesses are unable to afford the time and money required to recover from a data breach so it is important to put preventive measures in place.
In Nigeria, the NDPB is the body responsible for controlling the collection, use, storage, and processing of the personal data of Nigerians. So ensure all your partners and service providers are NDPR-compliant, just like Pivo. This ensures that your confidential data is safe from breaches and hackers.
If your business collects the personal information of customers, make sure you comply with the following NDPR regulations:
- Seek explicit consent from your customers to hold their data.
- Enlist the help of a data protection officer or a data protection compliance organisation.
- Carry out regular data protection audits.
Consequences of non-compliance with NDPR regulations
Non-compliance with NDPR regulations can result in a lawsuit from your customers or having to pay a fine of 1% or 2% of your annual gross revenue of the preceding year or payment of the sum of 2 or 10 million naira in the case of a data breach.
This will no doubt result in bad publicity for your brand and ultimately loss of customers.
Why customer data privacy is important
- Many businesses require their customers to give out personal details during their registration process. (KYC – Know Your Customer) These details range from the customer’s home address, BVN, next of kin, NIN, telephone number and password. All of these constitute very sensitive information and privacy ensures that they do not get into the wrong hands.
- For financial institutions, privacy ensures that both customer data and funds are safe and secure.
- Data protection and transparency can impact how customers view your brand. Your customers need to know what their personal data is used for and the structures in place to keep such data safe and secure.
What to do when you experience a data breach
In some cases, a data breach might be inevitable due to the increasingly sophisticated methods being developed by hackers. However, by taking quick action you can still protect your business and your customers.
- Make sure to report data breaches to the National Information Technology Development Agency (NITDA) within 72 hours of becoming aware of the breach.
- Depending on the nature of the data that has been leaked, change your passwords and pins.
- Inform your customers so they can take the necessary steps to protect themselves.
By taking appropriate measures to safeguard your data, your business will avoid legal and financial problems and gain the trust of your customers. Privacy should be a key part of your business strategy as it plays a vital role in the overall growth and success of your business.