The Facebook Cambridge Analytica scandal demonstrated how data security breaches can impact an organisation, but it is not just large scale projects that can put a company at risk. An employee can set off a security breach by accidentally emailing a file to the wrong person. All businesses need to put in place plans and procedures to minimise risk and protect their information.
Protecting data is now law
Recently, the Australian Government introduced the Notifiable Data Breaches (NDB) scheme. Overseen by the Office of the Australian Information Commissioner, the NDB scheme requires any business with a turnover of over $3 million to notify people if their information may have been compromised by a serious data breach.
Businesses that do not comply with this may be fined up to $1.8 million. These new laws make it even more important to ensure that you have procedures in place to keep information secure and prevent serious data breaches.
Data breaches can put your business at risk
Data breaches can be caused by a range of issues from human error to natural disasters or cyber attacks. It could something as simple as an employee leaving their phone with confidential information in a taxi, or a hacker compromising your computer network. Research indicates that up to 60 per cent of companies who have a cyber attack go out of business within six months of that attack.
Even if the data breach is caused by something unavoidable, it can cause significant damage. The data that is compromised may be essential to operate the business effectively or make it impossible to trade for a period of time resulting in financial loss. Reputational damage can also have a drastic effect on goodwill and result in the loss of customers.
Managing risk is good business practice
To manage the risk of data security breach, businesses must first take stock of what data they have and which is business critical or most susceptible to a security breach. Businesses can then manage their risks by:
- Putting in place policies and procedures: Creating guidelines that outline exactly who can access certain data can ensure that information remains secure. Policies can also outline how to identify a security breach and how the business should respond if one occurs.
- Assigning responsibility: While everyone in organisation is responsible for keeping data secure, it is best practice to make sure that an individual or business function is accountable for making sure the policies and procedures are being followed.
- Testing regularly: Policies and procedures should not just be set and forget. It is important to review them regularly to make sure they are still relevant to the business and take into account any changes that may have occurred.
Take advantage of technology
There are many different technological solutions that can also be used to prevent and detect data breaches and keep data secure. These include:
- Encryption software: Used on databases, devices, servers and hardware, encryption software ensures that data cannot be used even if it is compromised.
- Audit trails: If there is a security breach, the first step will be trying to identify what happened. This is where software that logs transactions or creates an audit trail can be useful.
- Antivirus software: Prevention is better than a cure. Antivirus or malware software can secure a network and prevent hackers or other technology from permeating a firewall.
- Remote browsers: Many data breaches occur through internet browsers. This can be prevented by using remote browsers that allow internet browsing without touching the business network.
- Endpoint detection: This technology watches over a business’ network and monitors for any unusual behaviour. This can both detect a potential breach and even stop it from happening.
By putting these best practices in place, businesses can secure their data and mitigate their risks. If you would like to know more about how you can secure your data, contact EMPR Solutions for a free assessment.