Blog

NDB Update

The Office of the Australian Information Commissioner (OAIC) several weeks ago published the very first report on the Notifiable Data Breach scheme, or NDB. The results, especially given they only covered about 6 weeks, from mid-February to the end of March, show that Australian businesses are under constant assault and need to be vigilant about protecting data.

In six short weeks, 63 breaches were reported. Yes, more than 10 a week. What is perhaps a little surprising is that the majority of breaches were in the health service provider sector. Less surprising is the assault on legal, accounting, management and finance businesses.

Almost 80% of those reporting noted that contact information was breached; one third involved a breach of health data; and 30% reported the breach involved financial information. 24% identified identity information – such as passport and driver’s license numbers – as the target.

The good news is that more than half of the breaches reported are preventable, as they were caused by human error. The bad news is that almost all the rest were caused by malicious or criminal attacks.

The other bit of good news… or, at least, “not as bad as it might be” news”… is that most reported breaches involved fewer than 100 people. In fact, 37 of the 63 breaches reported involved fewer than 10 records.

What is missing from the OAIC’s statistics is more detail about the number of people involved in breach of more significant data than simply contact information. 33% of the breaches divulged health information, for example – but were these primarily cases of one letter with Joe’s health information accidentally sent to Sam?

Six breaches were reported that involved between 1,000 and 100,000 records. It would be good to know the exact nature of these thousands of records – were they the ones that lost financial, identity or health information? And how many of those thousands were breached as a result of malicious or criminal activity?

It’s clear that your business and personal computers need vigilant monitoring. Blutone Technologies can offer you the peace of mind you need as we continue to see these attacks, breaches, and data losses mounting. Give us a call today.

Source: OAIC’s NDB Quarterly Statistics Report

The OAIC just published information about the reasonable steps that must be taken in order to protect personal information and stay in compliance with current regulations, it’s worth taking a look: (link to https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-securing-personal-information )

An SBS article earlier this year covered the Turnbull government’s addition of TAFE courses to offer vocational training in cybersecurity – an effort to close an estimated job shortage gap of 11,000. Although the “domestic cybersecurity industry was already worth $2 billion,” government experts predict it will triple in just a decade.

As major industries like banks and telecommunications, not to mention government agencies, all compete over a too-small talent pool, it’s no wonder SMBs are left behind.

And now is not the time to be left wondering about the security of your data. Not only are new regulations increasing the urgency, the threats themselves are growing, both within Australia and from overseas hackers.

This is precisely why so many SMBs are choosing to outsource their cybersecurity function to full-service IT support companies that can handle all the tasks necessary to keep their business and customers safe. Tasks like testing security systems, monitoring for breaches, finding and repairing weaknesses, and creating comprehensive data polices are all tasks that can be handled by a third party firm.

The demand for cybersecurity skills is growing rapidly, and the human resources needed to fill every role are simply not available. By partnering with a trusted outside organization, a small-to-medium sized business can essentially “time share” a cybersecurity department – or, indeed, a whole IT department.

More and more SMBs are realizing how difficult it is to compete with large corporations for IT and cybersecurity specialists. They are also realizing that their need for cybersecurity and advanced business technology is no smaller and no less important. Regulations and privacy acts from both the Australian government and those around the world impose the same penalties regardless of how big or small the business may be.

Blutone Technologies is designed to meet the challenges your business faces every day with constant remote monitoring of all your systems. We specialize in creating secure environments and meeting the regulatory standards to which Australian companies must adhere, including not only NDB but GDPR and other regulations worldwide. Give us a call today.

Source: SBS.com.au. James Elton-Pym, “Australian TAFEs will offer cybersecurity diplomas amid shortage.”

Here’s another SBS article from earlier this year detailing how small businesses are underprepared for 2018 cybersecurity laws. If these challenges sound familiar – give us a call. (links to: https://www.sbs.com.au/news/small-business-secrets/article/2018/01/31/small-business-underprepared-new-cyber-security-laws)

25 May 2018 was the date the EU’s General Data Protection Regulation (GDPR) went into effect. As of April, a Crowd Research report found that 60% of companies expected to miss the deadline. And nearly half said they were not knowledgeable enough about GDPR specifics. What about your company?

These key messages were included in the Office of the Australian Information Commissioner’s Privacy business resource 21 as of March:

• The European Union General Data Protection Regulation (the GDPR) contains new data protection requirements that will apply from 25 May 2018.
• Australian businesses of any size may need to comply if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU.
• There are also some notable differences, including certain rights of individuals (such as the ‘right to be forgotten’) which do not have an equivalent right under the Privacy Act.
• Australian businesses should determine whether they need to comply with the GDPR and if so, take steps now to ensure their personal data handling practices comply with the GDPR before commencement
• The GDPR and the Australian Privacy Act 1988 share many common requirements, including to:
  • implement a privacy by design approach to compliance
  • be able to demonstrate compliance with privacy principles and obligations
  • adopt transparent information handling practices.

As an Australian business, how do you know if you are required to be compliant? If you do business (online or with physical presence), gather data, or monitor behaviour of those in the EU, your company’s data processes are required to be GDPR compliant.

It’s important to understand that the GDPR applies to data gathering practices of businesses of ANY size. And, it applies whether or not the business is charging for goods or services. In other words, a free survey you send to a list in the EU falls under GDPR compliance requirements.

At Blutone Technologies, we’ve been working with clients to determine whether or not they are required to be GDPR-compliant – and, if they are, to make sure their systems are meeting all regulations. If you are wondering what to do about GDPR, give us a call and get the expert guidance you need.