Safaricom - 2020 Sustainable Business Report

37 INTRODUCTION OUR BUSINESS OUR MATERIAL TOPICS OUR STAKEHOLDERS CONCLUDING REMARKS Helping our customers tackle fraud During the year, we continued with our road shows and local language campaigns in televisual, digital, print and radio media to raise awareness of the social engineering attacks that criminal syndicates may use to exploit M-PESA users, such as Jichanue and the 333 fraud reporting hotline. Radio and TV campaigns achieved a reach of 60 per cent of our customer base, and 5.5 million customers were reached through SMS broadcasts. We also continued to promote awareness of our voice biometric security measure, Jitambulishe, through which your voice is your password. We also continued to work closely with the Directorate of Criminal Investigations (DCI) and through our collaborative efforts, 54 individuals were apprehended and prosecuted for various offences, ranging from irregular SIM registration to electronic fraud and identity theft. Customer and data privacy We created a Customer Privacy Department that reports to the Chief Corporate Security Officer during the year. The creation of this department reflects how important we consider this aspect of our business. The purpose of this department is to review our processes and policies and ensure that we are compliant with all regulations in this regard, such as the Data Protection Act of 2019 and the European Union (EU) General Data Protection Regulations (GDPR). The department has already benchmarked the company against other members of the Vodafone Group and borrowed best practices from them, conducted a company-wide data protection impact assessment of employee awareness and published a Data Protection Policy that guides employees on the use and management of the personal information of customers. It has also conducted customer privacy and data protection awareness sessions with key business partners, including dealers and agents. The department has also published a Data Protection Statement on our website that describes the legal rights of customers in this regard, and how these rights can be exercised. Staying ahead of cyber threats In order to reduce the risk exposure for the company, we have taken bold steps to combat cyber threats through our 24/7 Security Operations Centre, which has enhanced visibility to enable proactive response through monitoring, analytics and prompt detection. Our Security Operations Centre is built on a strong foundation for operational excellence driven by well- designed and executed processes, a multidisciplinary team of experienced engineers, strong governance, and a constant drive for continuous improvement to stay ahead of the cyber adversaries. In addition, we are partners in fulfilling the business goals of our customers through a highly responsive and flexible engagement model to deliver quality Managed Cyber Security products and services at optimal costs, allowing our customers to stay focused on their core business. Our team of security engineers are highly qualified and skilled with the business and technical acumen to deliver value to our customers. We also held quarterly sessions with Banks and Sacco Societies (savings and credit co-operatives) to raise awareness of cyber security risks and empower them to introduce effective prevention controls on their mobile money platforms. GRC The Governance, Risk and Compliance System (GRC) implemented is a solution which is enabling the business to manage regulations and compliance while tracking risks and the related controls environment across the enterprise. The system has ensured easy integration of Governance, Risk and Compliance activities into existing process as well as automation of monitoring activities. It also has a case management module which is used in tracking fraud cases and managing their investigation and closure of the cases effectively. RAS The Revenue Assurance System (RAS) implemented has ensured automation of all end to end assurance processes. It has also ensured timely detection of billing anomalies. The move from manual to automation has enabled more focus to improvement of business processes. Risk management systems