COS-innovate-magazine-2018

6 1300 88 22 44 cos.net.au April, 2018 INN VATE INSPIRATION FOR THE MODERN OFFICE MARCH 2018 INN VATE INSPIRATION FOR THE MODERN OFFICE MARCH 2018 INN VATE Data Security In February of this year the new Notifiable Data Breaches Scheme came in to effect. This new law requires Australian businesses to immediately notify the Office of the Australian Information Commissioner and any affected parties should they experience a significant data breach. This law was designed not to protect the company that has experienced the breach but rather those whose personal information has been released without their permission or knowledge. Does this law apply to you? If you, as a business are required to comply with the Privacy Act, then the Notifiable Data Breaches Scheme (NDB) applies to you. So, if you are one of the following keep reading: • Australian Government agency • Health service provider • Any business or non-profit organisation with annual turnover of $3M or higher • Credit reporting body • TFN recipient (someone holding a Tax File Number in your systems) It’s time to report when: • There has been unauthorised access to, or disclosure of personal information of one or more individuals • Information has been lost that could then be accessed by an unauthorised entity If you believe that, as the result of theft or loss of information there is a risk of harm to any party involved you are required to notify. “Harm” includes financial/economic, emotional, physical, psychological or reputation harm. If a breach occurs you must immediately contact the OAIC, identify your company, provide details of the breach and specifically detail what data has been released. The penalty for not notifying includes fines of $360,000 for individuals and $1.8M for organisations. These new laws have been put in place to improve security standards in Australian business. To protect your precious data and to prevent a breach there are some important steps you should take. 1. Know your vulnerabilities A little research goes a long way to protecting yourself. Learn all the ways hackers can access your information by identifying your points of weakness. 2. Encrypt your data Advanced Encryption Standard (AES) is an international standard for the encrypting and decrypting of data which is particularly important when working wirelessly. There are a number of AES enabled products on the market including keyboards that will encrypt your keystrokes before transmitting them to your PC/ device and USB drives that require a PIN for information to be readable, also leaving no trace of data on the PC/device that you have used once safely removed. 3. Secure hardware Many cyber-attacks occur when physical electronic equipment is stolen. Secure all hardware in the office with lock ports, and when working on the go be sure to properly secure your laptops and devices. 4. Make security a part of everyday business Staff should be made aware of the possibility of cyber-attacks as hackers have many ways of breaching security. Set up clear rules around internet use in the office and make sure staff are educated about what emails are safe to open and what they should be suspicious of. Dissecting Australia’s mandatory Notifiable Data Breach Scheme A handy guide to the NDB Scheme can be found here: www.oaic.gov.au /privacy-law