Forum: Prioritise data security to prevent breaches and unauthorised access
Sign up now: Get ST's newsletters delivered to your inbox
I refer to the report on an intern’s unauthorised access to sensitive information of OCBC customers while serving his internship at the bank (Poly intern accessed 55 OCBC customers’ info without authorisation; jailed six weeks, Aug 5).
This incident sheds light on the crucial need for strict security protocols in financial institutions. In today’s digital landscape, where data breaches have become increasingly common, companies need to implement stringent security measures to protect customer information. The incident also underscores the significance of adopting a “least privilege” approach, wherein employees, including interns, are granted only the minimum level of access necessary to perform their assigned duties.
By adhering to the principle of least privilege, access to sensitive data can be restricted, significantly reducing the risk of unauthorised access.
Role-based access control (RBAC) is another vital measure that can enhance data protection. RBAC assigns permissions based on job roles and responsibilities. This ensures that employees, interns and contractors can access only the data relevant to their roles, preventing unauthorised access to confidential customer data.
To bolster security awareness within financial institutions, regular and comprehensive training sessions should be provided to all personnel handling sensitive customer information. Such training should encompass best practices for data privacy, the risks associated with unauthorised data access, and the importance of maintaining strict confidentiality.
Financial institutions must also establish a robust incident response plan, which should clearly outline protocols to be followed in the event of a data breach, including immediate reporting to relevant authorities and affected customers. Thorough investigations should be conducted to understand the extent of the breach and prevent further harm to customers.
Collaboration between financial institutions, regulators and educational institutions is also essential. Banks should work closely with educational institutions to ensure that interns and employees understand the gravity of data privacy and adhere to ethical conduct in handling customer information.
It is crucial that the entire industry comes together to prioritise data security and protect the privacy of customers. By taking proactive steps now, we can create a safer digital environment and prevent such incidents from occurring again.
Zulkifli Jalil
