Nigeria is the powerhouse of the West African economy and the country’s banking sector is embracing digitalisation and innovation.
While this has opened banking services to the population, it also makes the sector an attractive target for ransomware and malware attacks.
Data protection has become a key element of success in a digital world, a fact that is highlighted by the Nigeria Data Protection Regulation (NDPR), which was issued in 2019 and is the principal regulation and framework for data protection in Nigeria. With ransomware attacks on the rise, an attack is a matter of ‘when’, not ‘if’.
The NDPR means that ignorance can no longer be used as an excuse for not protecting data.
More aware of the risk
Although digitalisation and open banking have changed the way financial services in Nigeria operate to a certain extent, the risk to data remains essentially the same as it ever was.
If malware breaches occur, or data is lost or deleted, there is a risk to business that can have detrimental consequences.
The NDPR recognises the critical nature of data and provides legal safeguards for the processing of personal data. The draft Data Protection Bill 2020, which will replace the NDPR if passed into law, will add to this by creating a regulatory framework for the protection and processing of personal data.
In line with global trends and best practices, there is now increased awareness around the need to protect data. While it has always been important, it is becoming mandatory because it is regulated.
From the inside out
Data security is a significant challenge for financial services organisations in Nigeria, and gaps in data protection mean vulnerabilities that can be exploited by malicious actors. With ransomware and other attacks on the increase, it has become imperative to address these gaps in a more proactive manner.
This starts from the inside, with internal processes and education on the risks and the need to safeguard data, particularly personal information.
Financial services and other organisations need to become stricter in how their internal users interact with data and become more proactive on monitoring, detecting anomalies, blocking suspicious activity, and essentially protecting data as a whole.
Becoming more proactive in approach
The first step in protecting data is the ability to identify critical and/or sensitive data as well as the risk that it is exposed or potentially exposed to. This requires an intelligent solution to help identify and highlight sensitive data that is either at risk or stored incorrectly.
Once it has been identified, it can be proactively protected or moved to more appropriate storage to avoid exposure and data leakage.
Once again, however, this begins with awareness, because if organisations do not know what data they have or where it is, it cannot be protected effectively. Proactive solutions are also essential, because reacting to an event after the fact means that it is more difficult to recover efficiently or at all.
Financial services are the foundation
Trust in financial systems is imperative for the stability of countries, and the trust of customers is the number one determinant of success.
These businesses are also large enterprises entrusted with extremely sensitive personal information. This not only makes them attractive targets for ransomware, it means that the reputational damage of an attack can have catastrophic consequences. Having a trusted partner that is a specialist in data protection is essential in helping financial services organisations in Nigeria keep up with the dual challenges of increased attacks and a growing body of legislation.
A complete protection solution, offered via Software as a Service (SaaS) through a trusted partner, helps financial services organisations to identify sensitive information and security gaps, be proactive in preparing for an attack, react efficiently and effectively protect data, their most important business asset.
