Given the frequency of data breaches making the news, you’d think information security might be a key priority for most business leaders. While some organisations are busily bolstering their defences, others are burying their collective heads in the sand and glossing over the increasingly urgent pleas from IT. If like most, though, your business falls somewhere between the extremes, there are some actions you should be taking to reduce your exposure.
Understand the risk. In the last quarter of 2018, there were 262 data breaches reported to Australian authorities. Worryingly, healthcare, education, legal, accounting and finance sectors were most heavily represented; almost half (47%) of breaches were of financial information, while 36% included identity information1.
Malicious attacks made up almost two-thirds (64%) of data breaches1. Ransomware and Crypto-Locker-type attacks are still hitting Australian businesses, from corner shops to manufacturers, with great frequency. The bad news is that such breaches are expensive, both directly in data loss and IT costs, and through the resulting loss of reputation. There is good news, though – making good decisions about prevention can greatly reduce your risk profile and make your business a much tougher target.
Know your responsibilities. In spite of considerable publicity efforts, Australia’s Notifiable Data Breach Scheme (NDBS) is not on the radar of many businesses we speak to. It should be. Organisations must comply with the scheme, following specific reporting requirements when there is a breach, or face punitive fines.
In most industries, there are further compliance requirements of some sort. The way data is managed, stored and disclosed is especially tightly controlled in finance, healthcare and government, but any industry that handles sensitive data or payment information is likely to require more than the basics. Our consultants work with clients in many industries to ensure compliance, with both legislative and industry specific requirements.
Involve ALL your people. A third of data breaches involve human error, and of those involving cyber-attacks, the most common route into an organisation’s systems is via phishing attacks1. One of the best defences against data breaches is to create data security awareness.
Educate staff on the sophisticated types of attacks, make it easy for them to own up to mistakes, and assess processes to see where data breaches might easily happen. Are files left where they can easily be viewed, do staff leave their devices logged in while they go to grab a coffee? And are some processes easily automated to avoid errors by overloaded workers juggling multiple tasks?
Have a plan, know your plan. Disasters can strike any organisation, but the best prepared have by far the greatest chance of survival, whether it be a cyber-attack, accidental loss of data, or even a freak weather event. In spite of all this, 25% of companies don’t treat cyber-threats as significant corporate risks2.
Our best-prepared customers can typically switch over to a remote data centre quickly, so that customers are unlikely to even notice the difference. They have a plan that is shared and tested throughout the organisation, so that everyone knows their job and can step into action instantly. Communications are prepared, and nothing is left to chance.
While this is by no means a comprehensive list, it provides a great starting point to understanding the value of your data and defending your organisation against related risks. Nobody wants to be the next headline about data breaches, and by following these four steps, it is far less likely to be your organisation in the spotlight for all the wrong reasons.
Time to better protect your organisation against data breaches? Chat with our friendly specialists today.
2 MMC Cyber Handbook 2016, http://www.mmc.com/content/dam/mmc-web/Global-Risk-Center/Files/MMC-Cyber-Handbook_2016-web-final.pdf