With the enforcement of the POPI Act coming in the middle of this year, it’s important to ensure that your software, databases, systems and backups are properly secure. Proper access control and security measures need to be checked or put into place as soon as possible to give your business time to fully test each element before POPI comes into effect.
Here are some of the areas that you need to be looking at:
Hosting all information on one server
Companies, especially smaller ones, often use just one server for all of their online systems and storage. This means that anyone who breaches just the top layer of your network is able to gain access to everything – including your most sensitive information. It’s essential to keep your servers separate for front-end content and for anything that needs protecting, as well as including layers of protection between servers.
Placing firewalls between each tier in your server setup will allow added protection from hackers. You should also look to restrict access in terms of who and what systems can connect to your servers. The more valuable or sensitive the information, the more protection and the fewer connections there should be.
Leaving ports open to brute-force attacks
SQL ports are regularly left open to the web, making them extremely vulnerable to brute-force attacks from hackers. The same goes for RDP and SSH ports. All that is keeping them secure is a password, which is only one level of security that most hackers can get around quite easily. These ports are often left open to the web for the convenience factor, but this also leaves your business open to easy breaches.
Not encrypting backups and testing sites
The first places that hackers check out when they want to gain access to sensitive information is the backup and any test servers. Your company backups hold all the same data that you have in your live systems, but so many forget to ensure that it is properly secured from attacks. It’s important to encrypt the backup right from the start, from the moment you save the data.
Test servers are another place that often don’t have proper security in place. These are where developers put together the software they create to test them before deploying on your main servers. They will often use or link to your sensitive information because they need to know that the solution works as is intended. If this server isn’t secure, your information can be accessed quite easily.
At Netgen, everything we develop gets hosted on our secure servers to ensure that none of our information or our clients’ information can be accessed by someone who shouldn’t.
Get your business POPI ready
Making sure your business is fully compliant with the POPI Act can be quite a daunting task. We’ve been working hard to ensure that every piece of software that we create is secure and compliant. Talk to our experts if you need help getting ready.