Can you afford the fine? Our IT expert weighs in on the biggest risks to your network
Recent changes to the Privacy Act now require organisations that have a notifiable data breach to report the breach to the Office of the Information Commissioner (OAIC).
So what is a data breach and what constitutes a “notifiable” data breach?
A data breach occurs when information collected and stored by an organisation is:
- Accessed, modified or disclosed without permission from the person who provided the information or the organisation holding the information
- Subject to other misuse or interference.
A “notifiable” data breach is when a data breach has occurred that is likely to result in serious harm to one or more individuals and the organisation responsible has not been able to prevent the risk of serious harm with remedial action.
A data breach can have significant consequences for both the organisations responsible and the individuals affected by the data breach. These include but are not limited to:
- Financial fraud including unauthorised credit card transactions or credit fraud
- Identity theft causing financial loss or emotional and psychological harm
- Family violence
- physical harm or intimidation.
CSG works with a number of Not for Profit and community organisations that have long had stringent data security policies and requirements due to the large volume of sensitive information that is dealt with on a daily basis. CSG has implemented many mechanisms and systems for the effective management and control of data security to ensure the privacy of all personal information.
There are a number of ways that organisations can reduce the risk of a data breach, or mitigate the risk altogether with the effective implementation of controls, systems and policies.
Where to start? Read our 6 top tips from CSG’s ICT Strategy Advisor, Chris Herbert
- Start where the risk is highest. Effective Endpoint Security and device management is extremely important. Anti-Virus protection, strict software policies, patching and updates, and up to date operating systems, all reduce the risk of attack/compromise. See CSG Total Office.
- Humans are the biggest risk to cyber security. Ensuring effective employee training and awareness can reduce the risk of successful malware attacks and allow staff to successfully identify potential risks before they get out of hand.
- Segregate guest networks from corporate networks. Sharing your company Wi-Fi with guests and visitors is a big no no. By only allowing managed devices on to your company network, you can control what goes in and out far more effectively. Setting up guest Wi-Fi is easy and secure.
- Implementation of web filtering and firewall systems. Policing what is allowed in and out of the network and the border is one of the most effective ways to reduce risk. Controlling internet browsing and using enterprise grade firewalling will provide excellent perimeter defence.
- Whilst prevention is the best cure, sometimes it isn’t always possible. Disaster recovery and backup systems and policies ensure the business can recover back to business as usual in the shortest amount of time possible.
- An area that is commonly overlooked is secure printing. With the use of encrypted secure print devices, you can ensure information being sent to and from the printer is not intercepted by the wrong hands. Check out this video by HP.
Chris has worked in the IT industry for over 18 years, nine of those spent in IT management and leadership roles.
It is Chris’ job to provide organisations with direction and advice in alignment with the business’ strategic objectives to improve efficiency and support current and future business goals.