EY’s Richard Watson, Asia-Pacific Cybersecurity Risk Consulting leader listed four potential repercussions from WhatsApp’s new privacy policy to businesses.
The migration to Signal reflects growing concerns over privacy and security and how business leaders should react.
Business leaders should start encouraging staff to use corporately sanctioned communication platforms for business chat to avoid the disclosure of information or metadata toward third parties that may increase the risk of sensitive information goes to the wrong party.
The level of data encryption adoption to protect clients and consumers has increased among APAC companies.
Since the encryption has increased dramatically in APAC, it will generally affect “data in motion”, however, and not “data at rest”. Much corporate “data at rest” is still unencrypted however, allowing attackers to access this data once they are inside the corporate environment.
This is in response to regulation which requires personally identifiable information that needs to be passed to third parties, such as disclosing credit card information as per required by PCI regulation. Many commonly used businesses software platforms automatically encrypt information, which has increased its take up.
Suggestion for companies to overcome difficulties in deploying data encryption.
As with any technology implementation, companies are suggested to not to try and “boil the ocean”. To successfully implement this, businesses should identify the most important data, consolidating where it is stored and then focusing encryption efforts.
Challenges for APAC companies, multinationals and SMEs, with regards to using encryption technology in data protection.
Additionally, whilst some regulations require encryption of data, other regulations forbid it in certain jurisdictions. Deploying encryption incurs cost and usability roadblocks.
In summary, the encryption debate is particularly hot in areas of law enforcement with increasing tension between users who want communications to be private and law enforcement agencies who want access to that data, generally in the fight against terrorism and crime.
