As of last week’s, legislation coming into effect on 22 February 2018, data breaches must be reported to both:
- The Office of the Australian Information Commissioner
- And people affected.
(NDB = Notifiable Data Breach legislation.)
A wide range of entities are at risk and the statistics are worth reviewing.
- In Australia in April and May 2017 there were estimated to be about 200,000 cyber security attacks.
- 63% of confirmed data breaches involved leveraging weak, stolen or default passwords and usernames.
- 22% of small businesses breached by ransomware attacks in 2017 were so badly affected they could not continue operating
- 41% of people surveyed globally could not identify a phishing email; 30% of phishing emails were opened and 12% clicked on infected links or attachments.
It is worth becoming aware of your responsibilities as a business owner.
Go to the link of the government web site below to get the facts.
Briefly the following types of entities have to report a data breach as outlined above:
- Any business that operates in the health industry and this includes personal trainers with client medical information.
- Also, any organisation that generates over $3m in revenue.
Even if you do not sell directly and take payments via credit cards. Think HR records and the like.
The reach of this legislation is vast.
Lax security is frequently to blame for breaches. Businesses should review their arrangements with cloud and other third-party service providers and, where possible, encrypt sensitive information before disclosing it to third parties.
We have produced a White Paper which you can access here that will tell you about the cyber security you need to have in place plus tell about a compliance service that will assist with managing this risk.
Go here for the link: https://gosystems.com.au/whitepaper-keeping-company-cyber-safe
The NDB scheme requires notification of unauthorised access to, disclosure of, or loss of information likely to result in serious harm,
You’re only as safe as your weakest link.
A cyber insurance policy is part of every successful business’ risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies and procedures fail to stop an attack.