How to build data security into digital communication

The digital world has given us incredible freedom, but we cannot afford to let our guard down for a cyber second, writes Striata SA’s Stergios Saltas.


Stergios Saltas

Digital communication is pretty ubiquitous these days. Emailed monthly statements from your bank, marketing newsletters from your favourite retailer, or invoices from your mobile service provider are all types of digital communications.

Today’s customers want to be able to access their information instantly, wherever they are and irrespective of what device they are on. Digital communication technologies fulfil that demand. They also meet supplier needs to manage their costs and efficiencies. Digital communications enable companies to provide the information their customers want without incurring printing and mailing costs, and the associated production overhead. Digital correspondence also allows companies to engage customers interactively via their customer’s preferred channel – email, web portal or mobile app.

Data that is captured and stored electronically is vulnerable to theft, however, as recent high-profile security breaches show. Personal customer information (whether individuals or organisations) needs to be kept secure, but security measures cannot be too cumbersome or employees and customers will find ways to get around them – or worse. A recent survey from Net Promoter Score (NPS) says up to a third of an organisation’s customer base could move elsewhere if the security layers embedded into a system are not user-friendly.

Digital transformation – or moving paper documents and processes to digital ones – is necessary for any number of reasons, but this does not mean that documents have to be placed at risk once they become digital. Digital documents can be protected at every stage of their life cycle – from creation, to transit over the internet, to storage and end of life – using a combination of security measures.

Document protection solutions should provide multiple layers of protection, beyond network level security (firewalls) and encryption at the database level. Encrypt and protect each individual customer document regardless of where it is – stored in a database, travelling via the Internet, or saved on a customer’s device.

Confidential documents should never be transferred unprotected – either via email, the web or on a mobile app. Documents should always be encrypted and password protected. This not only protects the contents from attack, but also acts as a safeguard in case of human or system error where a confidential document is sent to the wrong recipient.

Providing encrypted and password protected documents will also ensure customers keep their information safe when it is stored on their own devices. Emailed/downloaded documents are stored automatically on different devices and are vulnerable if the device is hacked or stolen, unless saved in a protected format.


Education is critical

The best technology in the world cannot protect against humans and human error (or malice). For this reason, employees need to be adequately and regularly trained on what can happen, how to recognise it and how to avoid being the point of failure in a data breach.

Businesses must also constantly educate their customers on how to recognise a legitimate versus a fraudulent communication to help them protect themselves against phishing attacks (where an email is spoofed in a bid to get a customer to give away their personal information).

Organisations can effectively do this by adopting a set of email standards – elements of a communication that are always included in any communications from the company and are hard for fraudsters to fake. For example, consistent personalisation, partial account numbers, mobile numbers or address details and authentication tools such as digital signatures, all work to combat potential loss of personal identifiable data.

The second, equally important, part of this strategy is to constantly reinforce what emails from your company will never contain or request.

For example, repeatedly tell customers that your company will never send an email linking to a security page requiring a login, neither will you ever ‘suspend their access’ and request an urgent logon to mitigate a security risk.

Given the many advantages of digital communication, companies cannot afford to stick to traditional ‘print and post’ methods. Digital communications enable companies to improve their customer experience and deliver the products and services their customers need, when and where they need them.

Companies communicating digitally need to bear in mind the risks, and ensure that security is built into any tools they use from the ground up. They must ensure that employees undergo recurring risk training, so that they do not become the weak point in the chain, and they must ensure they include customer education in their digital communications strategy from the get-go.


  • Stergios Saltas is the Managing Director of Striata SA. He has 15 years’ experience in the ICT industry and is responsible for guiding Striata’s strategic direction and operational performance in the African region.