09 Apr ATG Digital shares expertise on avoiding the dangers of visitor data protection
In the wake of increasing risk of cyber attacks, ATG Digital has highlighted the dangers of visitor data protection.
Personal data is under siege from all sides and with notable cases in the headlines including Experian, Lightstone and TransUnion, it’s never been more important to tackle protecting information.
At the forefront of access control and visitor management, ATG Digital has built an impressive reputation in South Africa and the Middle East for pioneering technology.
Discussing the most efficient solutions for data protection, ATG Digital’s Ariel Flax commented: “When people do business with your company, they trust you with their information. Your responsibility for their privacy should extend to anyone who submits their personal information when they check in at the gate or reception.”
According to Flax, visitor data can be targeted by criminals or competitors. Good privacy practices aren’t just a courtesy but a legal requirement since POPIA came into effect in July last year.
ATG Digital have also shared guidance on how to avoid data breaches and protect visitor privacy:
Rule #1: Only Collect What You Need to Know
Collecting critical data only at check-in saves visitors time and mitigates risks. “Your guests love the swift experience and feel safer on your premises,” said Flax. He explains that visitors immediately get their backs up when they have to answer too many questions.
As per POPI act regulations, Flax advises businesses only to collect what is necessary for the purpose of access control security on-site.
Rule #2: Encrypt Personal Information at Reception
“If you’re still using handwritten registration books, ditch it,” cautioned Flax. “Our most recent survey revealed that over 60% of visitors peep at who’s checked in ahead of them—that’s 60% too many.”
Names, cell phone numbers, and ID numbers should not be exposed at any time. Electronic devices can be locked, encrypted and remotely wiped in the event of theft.
Rule #3: Write Data Protection into Your Company DNA
Security and governance go hand-in-hand, yet many companies fall short by assigning the responsibility of visitor data either to physical security or IT.
Firewalls, IPS and IDS go a long way, but Flax said: “It’s everyone’s responsibility to know and enact the security policy. Employee training against social engineering (phishing), network and physical perimeter protection must be enforced daily.”
These days, a cell phone number and a name are enough for unscrupulous hackers. In line with POPIA, have a policy that defines the process of collecting data, securely storing it and deleting it as soon as it is no longer necessary. You’ll need a shredder if you have paper records.
Digital visitor management software like At The Gate and At Reception immediately encrypts data and uploads it to the cloud. Records are not stored on the device and cannot be accessed by security guards, receptionists, or anyone else who may handle the device.
Bonus Tip: Consider Ears Too
While most companies are primarily concerned with praying eyes (and long fingers), Flax raises an interesting point about keeping sensitive information out of earshot.
He said: “Discussions in meeting rooms and offices also need protection. Assess the acoustics of your offices and meeting rooms. Consider investing in some soundproofing if need be. You can make a policy not to discuss the personal data of visitors/patients/partners in common areas of the office.”
Concluding, Flax said: “The point of [data] entry can be the very point where sensitive information leaves. If you’re asking visitors for information on arrival, guard it the same way you would any other data on your network.”