The internet as we know it has evolved dramatically from its inception 28 years ago, from basic text-based pages to image and video filled screens that are incorporated into almost every aspect of people’s day to day lives. With an estimated 56.1% of the population currently having internet access, we’ve seen it become an ever evolving and changing function that is now integrated into our daily lives – altering the way we communicate, shop, conduct business and even find love.
However, this constantly adapting system has also changed the way people conduct crime. Consequently, we need to ensure that we are doing everything we can to mitigate against cyber-crime on our systems when surfing online.
Australian regulations and schemes
In their most recent report on Notifiable Data Breaches, the Office of the Australian Information Commissioner reported that the most prevalent form of cyber-crime currently impacting Australians are malicious attacks. These attacks, they confirmed, often target vulnerabilities in relation to human error. With technology now occupying almost every aspect of people’s lives, it is imperative employees know the safe and secure ways in which they should be using the internet. Awareness is critical. Simply clicking a link in an email can open the door for malware, compromising the organisation’s security network and exposing client data.
Under the Australian Privacy Act 1988, the Notifiable Data Breaches scheme was introduced in February 2018. This scheme includes an obligation for organisations to notify individuals whose personal information is involved in a data breach. The notification must include recommendations on what the steps the individual can take to protect their data. The Australian Information Commissioner must also be notified of these data breaches. Failure to adhere to these obligations could result in hefty fines being imposed on the organisation.
Further regulations are placed on APRA-regulated entities with the introduction of the APRA Standard CPS 234 – information security, which will come into effect on 1st July, 2019. In addition to the notification of data breaches, these entities need to ensure they have policy frameworks in place – such as Business Continuity, Crisis Management and Incident Management plans. These plans need to be commensurate with the size of the organisation, exercised and reviewed annually.
How could this impact your organisation
If exposed to a cyber-attack, your organisation could face serious issues impacting almost every aspect of the business:
Human – A cyber-attack could result in the loss or exposure of significant confidential data and information, some of which may impact your employees. A breach could see employees reluctant to provide confidential information or, in severe cases, could see employees leave the organisation.
Reputational – A cyber-attack on the organisation could affect ongoing relationships with customers and key stakeholders whose confidential data and intellectual property may have been accessed in a hack. The threat of customer information being lost or stolen due to a perceived fault on your organisation’s lack of cyber security could clients and prospects reluctant to continue engaging with you.
Operational – In many instances, a cyber-attack will target specific systems and programs that are used by an organisation. These attacks can significantly impact the functionality of systems and programs that your organisation relies on, thereby interrupting critical business functions and impacting operations.
Legal and Financial – organisations are required to report any notifiable data breaches to the OAIC within 30 days of the breach being discovered. Failure to comply with these reporting guidelines could result in a fine of up to $1.8 million. Furthermore, if an investigation is conducted and your organisation is found to have not taken adequate steps to mediate the risk of a breach, you may face additional fines and penalties.
What can you do to mitigate cyber attacks?
Awareness is critical. These six simple steps can ensure that the internet is being access safely:
- When browsing webpages, ensure that the site has a web address commencing with ‘https’ and that there is a padlock on the left side of the browser address bar.
- Make sure the URL is correct if you follow a link from another webpage or email.
- Only conduct banking, shopping or payment of bills on a trusted network – like at home, or through your mobile data. Don’t conduct these activities on a public network like in a café or airport.
- Don’t post highly personal information on public sites. Also ensure that your social media accounts have appropriate levels of privacy settings. Personal information shared publicly can be used to steal an individual’s identity or give unwanted people access to private accounts.
- Remain wary of unreputable sites and possible phishing attempts sent via pop-up advertisements or emails.
- Do not click on links in emails from unknown senders