As of February 22nd 2018, privacy breaches can no longer be hidden from the public.
The Australia Government has introduced the Notifiable Data Breaches scheme under the Privacy Amendment Act 2017. The new scheme means businesses with a turnover of $3million or more are required to notify individuals whose personal information has been involved in a data breach that is likely to result in serious harm. These new rules do not solely apply for private enterprise however, the scheme also applies to government bodies, covering incidents such as the Medicare breach, non-for-profit organisations, credit reporting bodies, health service providers, some TFN recipients and more.
In order to qualify for public notification, a breach must result in:
- Unauthorised access to personal information
- Unauthorised disclosure
- Loss of data (either accidentally or inadvertently)
Following that, it must be determined if the breach can cause serious harm. If it does match the above criteria, then the individual and the Commissioner need to be notified as soon as possible.
How You Can Help Reduce The Chance of Privacy Breach At Work & Home
Norton’s annual Cyber Security Insights Report that surveyed more than 20,000 individuals about their online security habits found that in 2017, more than 6,000,000 Australian consumers were victims of cybercrime, resulting in a $2.3 billion loss. The research also discovered that tech-savvy millennials were notably guilty of poor online security habits despite owning the most devices and adopting security practices such as pattern matching, face recognition, VPN, voice ID and two-factor authentication, nearly one in four (24%) of millennials surveyed use the same password for all accounts. This is a particularly concerning statistic as passwords remain the most common, and often only, method of device protection for Australians. In comparison, 72% of seniors use different passwords.
Here are five tips to reduce the likelihood of individuals and staff falling victim to cybercrime and opening your business up to a potential privacy breach.
1. Take Email Serious & Analyse Authenticity
Emails are an ever growing attack vector. Anyone using email, whether it’s at home or work, must be suspicious of any attachments and links. If you’re ever unsure, do not open or click on the unknown attachments. Common instances of suspicious emails you might see include ones that look completely legitimate – especially when it comes to phishing attacks.
2. Passwords Must Be Complex, Including Numbers & Letters
While this might seem very basic, Norton Cyber Security Insights Report showed individuals still had a long way to go when it came to using passwords effectively. Passwords, at home and work, need to be more intricate: containing at least 10 characters with an unguessable combination of numbers and letters. A simple rule of thumb is the longer it is, the harder it is to hack. Do not use the same password across multiple accounts, because if one gets hacked, the rest become vulnerable. And of course, don’t share your passwords.
Remembering multiple passwords can be really challenging so using a password manager that uses high level encryption is suggested. It is a convenient and much more practical option to reduce the chance of falling victim to cybercrime that could result in a data breach.
3. Update Devices & Software Regularly
While it might be tempting to keep clicking the “remind me tomorrow” notification that seems to pop up every other day, it’s putting your devices at risk and leaving your business vulnerable to attack. Likewise, your online security software needs to have automatic updates on so all new vulnerabilities can be plugged before it’s too late.
4. Use Security Software That Protects Systems
While it might be tempting to grab freeware security software, you really do get what you pay for. A multilayered approach when in the market for security software is necessary, with the antivirus focus only being about 20% of the software. Most detections happen at the network layer, and more than half of detections happening at that layer means they don’t get on your device and execute.
5. Back Up Via The Cloud – Not USB Or Portable Hard Drives
Backing up your data through a reputable cloud company enables you to have access to clean files whenever you need them, even in the event of a cyber attack or data breach. These cloud companies do a lot of the heavy lifting in terms of security, such as making sure there are no holes in the systems and performing security sweeps to ensure their infrastructure is robust and resistant to attack. An added bonus is your files are safe in the event of fire, flood or theft.
It is vitally important to establish processes to help reduce risk of any data breach, for example processes around how you enable access to data on work devices and personal devices. A data breach can be something as simple as someone copying data onto a USB and accidentally leaving it on a bus. Keeping company data safe and secure in order to reduce the risk of privacy breach should always be front of mind, and now with the new notification scheme it is even more important to take proactive steps to reduce the risk of a breach.