Aged Care Insite Issue 107 | Jun-Jul 2018 | Page 37

technology who has access to it, what protections are in place, and whether there are any vulnerabilities that need to be addressed. allowed traffic is analysed for exploits, malware, malicious URLs, and dangerous or restricted files or content. •  Prevent unknown threats through collective threat intelligence. Global information sharing makes unknown threats quickly known and therefore preventable. Automated responses are ideal because manually responding takes too long and increases the ri sk of exposure, whereas an automated response can outrun the threat. 2 Implement security controls, including educating employees Securing individuals’ data is at the nub of NDB legislation, so it’s incredibly important to select and implement the strongest possible security controls to prevent unauthorised access to data from both within the organisation and by external parties. With such a large proportion of data breaches caused by human error, this highlights the ongoing need to ensure all team members are well educated about their responsibilities when it comes to securing data. There are many basic steps people can take to protect the organisation’s data, including not clicking on suspicious email links, not plugging unknown devices into the network, and keeping passwords secret. However, team members don’t necessarily know about these fundamentals of security unless they’re told explicitly and reminded regularly. 3 Develop data breach prevention measures Preventing data breaches is crucial, so proper cybersecurity measures are essential. This involves four key elements: •  Gain complete visibility into all traffic across the network, endpoint and the cloud, classified by application, user and content. Complete visibility provides the context to enforce dynamic security policy. •  Reduce the attack surface, which is expanding rapidly as companies’ use of applications and devices proliferates through SaaS (software as a service), cloud and IoT (the internet of things). A positive security model reduces the attack surface by enabling only specific, allowed applications for the right users while denying everything else. •  Prevent known threats such as commodity information-stealing Trojans, malware and application exploits. Look for security offerings that control threat vectors through granular management of all types of applications. This immediately reduces the attack surface of the network, after which all 4 Test, review, and improve Because cyberthreats are constantly evolving, it’s essential that any security measures and plans evolve just as rapidly. Businesses must regularly test security systems and processes to ensure they are still relevant and active, and must ensure team members are well aware of their responsibilities regarding information security. 5 Develop a response plan Despite an organisation’s best efforts, cyberbreaches can still happen, so it’s important to have a plan in place to deal with these incidents as swiftly and effectively as possible. A plan should outline the roles and responsibilities of people in the organisation, the processes for notifying affected individuals and the OAIC, and the steps that need to be taken to mitigate the attack. Being well- prepared will make the difference between handling a data breach effectively and minimising the damage or being caught in a crisis. Regardless of whether an organisation is officially subject to the NDB scheme, it makes good business sense to demonstrate to customers that the business is committed to keeping their information secure. Following these steps will help organisations minimise the risk of a successful attack and respond effectively if an attack does occur. ■ Sean Duca is vice president and regional chief security officer, Palo Alto Networks. * Reference at agedcareinsite.com.au Our clients join us for many reasons: Accounting solutions aged care providers rely on Our fully integrated suite of software is designed to help you navigate your way quickly and confidently through the aged care minefield. ✓ Real time reporting from their aged care financials ✓ A team that has industry experience, listens and provides useful, practical solutions ✓ Fully supported software with help desk support and product training ✓ Stable, cost effective aged care software ✓ Specialised financial management solutions for Residential & Home care applications ✓ Payroll Bureau or fully outsourced financial management services ✓ Data hosting and recovery services available These are only a few reasons, so give us a call, AIM may have a solution that’s just right for you ✆ Call sales 03 9264 8700  AIM ad_APNInsite_185x90_Nov2017.indd 1 Email us [email protected]  Visit us www.aimsoftware.com.au  33/41–49 Norcal Rd Nunawading 3131 16/11/2017 5:37 PM agedcareinsite.com.au 35