How secure is your data?

How secure is your data? Article Image

In a hyper-connected world, data security is now a critical issue for Australian businesses – and their clients.

More and more data breaches are being reported to the Australian privacy watchdog, with the Office of the Australian Information Commissioner (OAIC) receiving 812 notifications in 2018 as part of its mandatory breach reporting regime.[i]

What is the cost of data security?

Data breaches bring the potential for significant reputational damage and resource costs, as the Australian Parliament found recently when its computing network suffered an “unfortunate” breach. In response, all user passwords were reset and a range of other unspecified security measures implemented to protect the network.

The incident follows other embarrassing security breaches for the federal government, including the darkweb sale of Medicare card details and an incursion at Austal, a shipbuilding supplier for the Department of Defence.

Reputational damage and IT costs aside, organisations also risk hefty penalties if they suffer a data breach. In March, the Morrison Government announced plans to increase the penalties levied for a privacy breach under the Privacy Act to 10% of a company’s turnover.[ii]


What can you do to protect sensitive data?

The latest OAIC quarterly report found close to two-thirds of all data breaches were attributable to malicious or criminal attacks, with a key attack vector being phishing. Most of the remaining 33% of breaches involved human error.[iii]

To reduce these vulnerabilities, organisations should patch and update software as soon as the option becomes available, encrypt all sensitive data and upgrade when software is no longer supported by the manufacturer.

Given the continuing success of phishing attacks, ongoing employee training on best security practices and ways to avoid socially engineered attacks is also essential.

As human error is responsible for many breaches, automating as many of an organisation’s systems and processes as possible is helpful. Adding filters on emails and internet browsers helps prevent employees accidentally clicking on malicious websites or emails.

Upgrading hardware is another vulnerability point if data is not deleted before it is decommissioned, as laptops and desktops are frequently leased and returned at the end of a contract. Although increasing use of centralised or cloud storage for key data has reduced this problem, many employees still save important data to their local hard drive.

Although robust security measures are vital in avoiding data breaches, there are many low tech ways businesses can protect sensitive data. These include, for example:

  • Encouraging employees to use company network drives for storage of information; and
  • Discouraging the use of USB and portable drives, or the use of local drives on laptops and desktops, for personal or business data.

Making use of a full asset lifecycle service is another simple solution. With this type of contract, Maia Financial takes responsibility for the purchase, ownership and long-term maintenance of business critical assets, including hardware decommissioning and cleaning services.

To learn more about how you can secure your organisation’s data and solve your financial year-end cash flow and capital challenges, download the new Maia Financial whitepaper 3 reasons to explore asset finance at EOFY today.