accessed , or could obtain or access , the information , and the nature of the harm to affected individuals .
If you believe there ’ s been some unauthorised access to your business where information has been compromised or stolen , you need to move promptly . This type of breach or theft may cause serious harm to someone and really damage your business in the process . Serious harm can include :
• Identity theft
• Threats to an individual ’ s physical safety
• Humiliation , damage to reputation or relationships
• Workplace or social bullying
If private information was broken into or stolen from your business , take note of it and of how your customers might be affected . First , you must prepare a statement about the data breach and send it to the OAIC ( Office of the Australian Information Commissioner ).
Second , you need to tell affected customers about the incident and how they should respond .
There are three different ways of notifying them :
• Tell each of the people who have been affected
• Also , tell those who might be potentially at risk of serious harm
• If you can ’ t get in touch with these people , then publish a statement on your website and publicise it . This might include advertisements in newspapers , and on websites and social media platforms .
Failing to meet your privacy obligations can be costly , in terms not only of monetary penalties but also of customer complaints and reputational damage . Be prepared and have a data breach response plan in place as part of your risk management plan .
So , what can you do to protect yourself ? The Small Business Cyber Security Guide suggests the following .
First , look at where and how your data are stored and who has access to it . Look at potential threats , and how they could affect your ability to provide for your clients , if they occurred . Look at strategies for coping with this eventuality . This should form part of your regular Risk Management and Disaster Recovery Plans .
Second , organise your software . Register for automatic updates . An update is a new and improved version of your software package , usually protecting you from the new threats that have been uncovered . Also make sure that your anti-virus software is up to date .
Third , do automatic backups of all your data . This is a digital copy of your business ’ most important information . This can be done on a USB or in the Cloud . Backups can also be set to occur automatically , so no human intervention is required .
Fourth , consider multi-factor authentication . This means combining something like a PIN with a secret question . It can also include a fingerprint or sending a code via SMS to be entered along with PINs and questions . These strategies make it much harder for hackers to attack your business .
The fifth strategy involves people . Consider implementing access control . Consider who needs to look at what and limit their number as necessary . Give people the bare minimum permissions they need to perform . This reduces accidentally downloading malware , for example .
Sixth also involves people and passwords or passphrases . The ASCS Guide suggests that businesses consider using a passphrase rather than a password . They are more effective as they are longer , more unique and often easier for the person to remember . This means that they are harder to crack . People often forget their passwords , especially when they are required to add characters and numbers , but may be more likely to remember a phrase . For example , I would use ‘ my favourite coffee is a macchiato ’ as my passphrase but a lot of people know my favourite coffee already so that might not work too well !
Some other password tips include :
• Don ’ t use the same one for every application
• Don ’ t give people your password
• Don ’ t use ‘ password ’ as your password !
Finally , look at employee training , including training staff on the information about passwords listed above , and on being careful with mobile devices such as phones , laptops and tablets . Losing this equipment and not having adequate security on it makes a hacker ’ s job much easier . Talk to your employees about not opening suspiciouslooking emails or texts and reporting anything they think looks suspicious .
Finally , take care when using public Wi-Fi as others can see this too . Don ’ t do anything that is sensitive if using public Wi-Fi and ensure that your employees don ’ t either .
With data theft increasing it is a good idea to review how secure your records are and if you are doing everything you can to protect sensitive information . I am sure none of you would like to be on the news as the latest data breach , so take preparatory actions now .
220 | vol28 | no4 | JATMS