The recent Facebook scandal demonstrates how serious data security breaches can be, but they aren’t limited to large organisations. Is your business data secure?
Simply sending a file to the wrong person or leaving your phone in a taxi can set off a data security breach. With a little planning however, you can prevent or mitigate your risks.
Your legal responsibilities
Australian laws protect the privacy of individuals. The Australian Government introduced the Notifiable Data Breaches (NDB) scheme in early 2018. The NDB requires some businesses to notify any individual who may have had their information compromised by a serious data breach. If you don’t comply you may face fines of up to $360,000 for individuals and $1.8 million for businesses.
While only serious data breaches fall within the NDB scheme, you may still be adversely affected by a data security breach.
The risks are high
Cyber-attacks, including scams and incursions by hackers, are often associated with data security breaches. 43% of cyber-attacks target small businesses and 60% of those companies go out of business within 6 months of the attack.(i) While cyber-attacks are serious, other risks like human error, power failure or even natural disaster can also compromise your data.
A data security breach may damage your business’ reputation or lose customers. It may disrupt your business for a significant period of time or result in financial loss that could be devastating. You may even lose valuable information that you need to run your operations.
Protect your data
The first step in protecting your information is to prioritise what data you actually need to secure. Your business may collect a lot of information, so secure data that is most susceptible to hackers or could do the most damage if it gets into the wrong hands first – like customer information and company financials.
Once you’ve identified what to secure, you can put in place these best practices: (ii)
Policies and procedures: Create guidelines and processes that everyone in your company can access. These should cover most situations – from hackers to employees accidentally losing information. Your policies and procedures should outline how to keep data secure, how to identify if there’s been a security breach, and how to respond to a breach.
Assign responsibility: Data security is everyone’s responsibility, but it’s also important to have an area or individual who is accountable for making sure your policies and procedures are in place and followed.
Test and check: Your policies and procedures should be tested regularly to make sure they’re followed and actually address the risks they’re designed to.
Technology plays an important role in data security. There are several types of technology that you can use or may already have in place, that can help secure your business data:
Antivirus and malware: Most businesses have some type of malware software, but it’s only effective if it’s kept up to date. Adding firewalls can also boost your networks’ security.
Encryption: Encryption software makes sure no one can use your data even if it’s compromised. This can be used with databases, servers, backups, and all hardware and devices.
Audit trails and logs: If you have a security breach you’ll need to identify what happened and when. Audit trails and logs can help you do this. While some software has its own audit log, you may need additional software to record some transactions.
Cloud security: Many businesses use cloud-based software, but due to their nature of being able to be ‘accessed anywhere’ it is important that security and password policies are put in place. Cloud workload protection platforms and cloud access security brokers can protect your information in the cloud.
Remote browsers: Internet browsers are the most common source of attack. Remote browser technology isolates an internet browser session so it can’t affect other parts of your network.
Endpoint detection and response: By 2020, Gartner estimates 25% of medium-sized and 10% of small business will have endpoint detection and response technology. This monitors unusual behaviour and can prevent an attack from happening.(iii)
As the amount of data we collect grows, it’s more important than ever to keep your business data secure. It can be a complex area though, so seek out expert advice if you need.