Data security enters 'naming and shaming', here's what it could mean for your business
Written on the 27 February 2018 by Paris Faint
Data security isn't something any business should shirk, especially in light of the growing number of malicious software attacks that have occurred over recent years.
In fact, now has never been a more important time for businesses to be tightening the screws on data protection, considering last week the Federal Government established its new Notifiable Data Breaches scheme under an amendment to the Privacy Act.
These new laws mean that all Australian businesses with an annual turnover of $3 million are now obliged to publicly notify individuals whose personal information has been compromised due to a data breach that is likely to result in serious harm.
Under the definition, a data breach can range from something as simple as slipping your client the wrong case file, to something more debilitating like a full-scale ransomware attack.
This will mean that accountants maintaining financial records or doctors keeping medical histories, for example, must publicly notify a client whose information been breached.
At best, businesses walk away named and shamed. At worst, a $2.1 million fine is on the cards. Either way, a scathing black mark appears on the public record.
Kane Sajdak and Bernard Mangelsdorf, founders of BITS Technology Group see it all too often; businesses hit by a data breach that they can't claw back from.
"Most businesses currently look at data security as an afterthought, or something that is nice to have, telling themselves they are safe because they've 'never been hacked before'," says Sajdak.
"But now this new legislation has made businesses and their directors liable for their data security, to the point where they are all publicly shamed for not taking it seriously.
"It's crippling enough for small businesses, but if these companies are publicly listed for example it can mean absolute share price suicide."
A few years ago, Sajdak and Mangelsdorf created their flagship consulting offering called Risk Intelligence which helps the BITS team identify where clients are most at risk of a data breach.
Risk Intelligence works by scanning a business' entire network, checking for the security of things like credit card information, tax file numbers, driver's licenses, financial records and any other sensitive information.
BITS are then able to calculate an estimated dollar figure which represents the financial impact of a potential breach.
Bernard Mangelsdorf and Kane Sajdak, founders of BITS Technology Group
"We had a client that was a power plant operator and they had more than $6 million worth of risk sitting on one accountant's computer, simply because they were storing sensitive information on their desktop," said Sajdak.
"Things as simple as that can really open your company up to exposure, so having a report which gives you actionable outcomes means you have a plan of attack and know exactly what to address."
"Sometimes introducing an information security policy can be the way to go, other times little things like making sure passwords are regularly changed can decrease the risk."
After identifying all risk factors, the BITS team then works with clients to ensure the security of their data.
This feature was written in partnership with BITS Technology Group.
Business News Australia
Author: Paris Faint