As threats to business’ security and data grow ever more complex and diverse, businesses must be on constant guard against the next danger, especially where they must notify individuals in the event of a data breach.
The new mandatory data breach notification regime has now come into operation. Having only begun on 22 February (Meyer Vandenberg has previously written on the topic to explain its implications here), we have already had companies come forward to notify of a data breach (such as Svizter Australia).
Closer to home, the University of Canberra suffered a well-publicised breach when some of their employees were sent the personal details of every employee. Alice Tay, partner at Meyer Vandenberg, says that businesses need to be wary of attacks, or even faults from within their own organisation.
“We have recently helped a local Canberra business deal with a data breach. An email account was hacked and fraudulent payment details sent to a customer, resulting in payment to the hacker’s account. Data breaches are more prevalent than people think, and many businesses simply aren’t prepared for them.”
“It’s not just hackers that you need to be concerned about. Many data breaches result from a mistake by an employee, rather than anything malicious. Businesses need to get secure systems in place, provide training for employees as well as having appropriate policies to deal with a breach when it occurs.”
But what can you do to protect yourself in the first place?
At Meyer Vandenberg’s Corporate and Commercial Forum, held on 15 March 2018, they identified 6 Quick Tips to assist you in protecting the security of your business.
1. Identify your Important Assets
Your first step should be to identify the critical assets that are in most need of protection. This might be your client list, systems or intellectual property – whatever is most important to your business.
It is on these assets that you should expend the most time and effort on security, as if they are not adequately protected, you may no longer have a viable business.
When identifying your important assets, take a look at the environment of your business and particularly what information other parties would be most interested in. This can determine how you appropriately allocate resources for the protection of particular assets.
2. Use the Cloud
Many small businesses don’t have the resources necessary to ensure that their system is secure. But despite thinking that they may be under the radar and won’t be vulnerable, these entities are still at risk and should be prepared accordingly.
For those who cannot spend on security, a good solution is to make use of cloud servers. These can be a cheap alternative to embedding your own security systems, and you can feel safer in the knowledge that the host of the cloud server will maintain security.
Considering the number of dangers out there, it is virtually impossible to have a comprehensive ‘blacklist’ of all those sites, emails and programs that can’t be trusted.
Instead, consider having a ‘whitelist’, comprised of a list of trusted email addresses and domain names which will not be blocked. This can assist in preventing spam and ensuring that you only allow access to your servers from trusted sources.
One strategy commonly used by hackers is ransomware, which denies you access to your systems until you pay to get it back. An effective defence strategy is to maintain dedicated back-up servers, which ensures that you can still get access another way even when you are locked out.
When talking security, too often the focus is on systems and computer security. It can be easy to forget that people are a fundamental part of your protection. Your employees will have access to all parts of your system, and for this reason, they must be properly trained and educated as to how it must be protected.
Effective training will ensure that your employees understand their role and what they have to do to protect your business. An understanding of just how valuable this data is to your business goes hand in hand with employee education and will go a long way to keeping your business secure.
6. No Silver Bullets
An important thing to be aware of is that there are no silver bullets or one size fits all security packages (and you should run from anything claiming it is). Anti-viruses and firewalls won’t protect you from everything, especially new technologies designed to defeat your existing protections.
Protection mechanisms degrade over time, especially as attacks become more sophisticated. The answer to this is to be vigilant and take active steps to update your security measures regularly.
How can you get help?
As threats to business’ security and data grow ever more complex and diverse, businesses must be on constant guard against the next danger. But if the worst does occur and you need some assistance with your legal compliance with the new data breach notification regime, contact Meyer Vandenberg.
Original Article published by MV Lawyers on The RiotACT.