Part 2 – Notifiable Data Breaches: How can you protect your business?
How can you prevent notifiable data breaches from happening?
The Office of the Australian Information Commissioner (OAIC) expects businesses to carry out the assessment of a data breach within 30 days of becoming aware and notify the affected parties as soon as possible.
It’s important for businesses to understand that prevention is far better than cure – especially in a scenario where time, effort, money, and the integrity of your business is at stake. To this end, all businesses must take proactive steps to ramp up security and prevent notifiable data breaches from occurring in the first place.
Let’s take a look at how preventative strategies can work in practice.
A staff member has left a laptop on a public tram, but the device has been encrypted to a high standard which means the information cannot be accessed by unauthorised third parties. What’s more, processes dictate that he notifies IT right away so that they can remotely delete all data. In this situation, the business need not notify the OAIC or affected individuals because the steps it took before and after this event mean unauthorised access or disclosure is unlikely, so there hasn’t been an eligible data breach under the NDB.
We help businesses protect themselves against data breaches in a variety of ways
- Device Encryption: This ensures computers are encrypted so that if lost or stolen, company information is safe and secure.
- Document Encryption: Office documents and PDFs are encrypted to prevent them from being accessed if they fall into the hands of unauthorised third parties.
- Remote Wipe: All data stored on computers, phones and tablets are deleted if misplaced or stolen.
- Selective Wipe: Instantly removes access to work data from personal devices such as phones and tablets, while leaving personal information intact. This is usually used when employees leave a business.
- Data Loss Prevention Policies: These are designed to protect sensitive information and prevent inadvertent disclosure. For example, financial data and health records.
- Multi-Factor Authentication: This acts as an extra layer of security for Windows and Office 365. This means passwords are rendered useless when they fall into the wrong hands.
- Unlimited Cloud Backup: This helps to restore lost data so work can continue uninterrupted.
What should you do now?
Here’s a quick checklist to help you ensure you’re prepared for the NDB scheme:
- Click here to find out whether you’re required to comply with the NDB scheme.
- Do you hold personal information (sensitive, financial, health, or other personal information) that can be involved in a data breach?
- What security systems and processes do you have in place to prevent you from committing an NDB? For example:
- What will be the impact if a staff member emails sensitive information to an unintended party?
- If devices are lost, is your company data and IP protected?
- Are your systems protected by something more than just passwords?
- Are you at risk by storing sensitive data on spreadsheets or by sharing them over email?
- Are your staff members empowered to take the right course of action and immediately notify you of any data loss?
We understand that ensuring your business is adequately protected against data breaches can be an incredibly overwhelming task. So, let’s have a chat. Call us on 1300 991 992 or alternatively, use the contact form on the right to get in touch with us.