Over the last few decades, society has transitioned over to a digital era at an exponential rate. Work place processing and manual intensive tasks have been replaced by the instantaneous capabilities of modern technology. Almost every individual and business now operates with some form of digital footprint, whether it be their mobile communicative capabilities or the critical infrastructure underlying the entirety of their operating business model.
Operating in this world of ever-changing workplace practices requires innovative business solutions, and our increasing reliance on critical digital infrastructure leaves many businesses and individuals, exposed to the threats and risks that lurk in the digital realm. Many neglect the potency of cyber threats simply because they are ignorant and unaware of the risks that these cyber threats pose to their operations.
So while the internet has become a pervasive and fundamental piece of infrastructure, one that allows businesses and individuals to transcend global boundaries and challenges, this societal unpreparedness brings about unprecedented levels of cyber threat exposure and risks that many can fall victim to.
So wherein lies the problem?
Cybersecurity and cyber threats remain an issue and risk that individuals tend to attribute only to large corporations who actually have something to lose or government bodies that actually have the infrastructure, data and resources to pump millions into their cyber security mechanisms. While larger corporates and companies may seem like a more appealing target for cyber terrorists, don’t be fooled into thinking that there is no incentive for these threats to target your SME.
Many businesses in the 21st century have physical components in the real world; traditional brick and mortar businesses that only have “minor” system components operating in the digital space. While these businesses tend to always have physical security precautions: their lock and keys, shutters over our windows, alarm systems and video security measures, many don’t realise that these practices are almost comparable to defending your business with a hand tied behind your back.
Did you know that a cyberattack can cripple your business simply by targeting the data stored in an employee’s mobile phone?
The internet has become an intricate web that connects businesses and individuals from anywhere around the globe, operating in this supposedly non-physical space we have dubbed “the cloud”. Whilst the benefits of such connectivity are certainly obvious, many are unable to see how these intricate networks may be the hamartia of 21st century corporates and businesses.
2020 has so far seen too many businesses and individuals working from the comfort of their own home, whether it be because of the recent COVID-19 virus outbreak or as part of some contemporary workplace flexibility package. Being away from the network security systems supposedly provided by your employer means that employees inadvertently expose themselves and workplace systems to the whim of cyberattacks.
In the face of a waking global pandemic that has preached social isolation and ‘draconian” quarantine measures, many Australians found themselves at Bondi beach in 30 degree weather with little to no concern placed on the current quarantine conditions. It’s this same primitive herd mentality that “it won’t happen to me” that also applies to taking the adequate cyber security measures: “My business is too small”, “They’re not going to care about the information on my phone”, or “who would look at my browsing history”. While this mentality is not untoward, it is the penalty that ensues for the breach of such information that should truly strike fear in the heart of businesses.
If there’s an eligible data breach and no notifications are sent, the penalty can reach $1.7 million for organisations and $340,000 for individuals.
The simplest form of a cyberattack takes the form of a data breach. Since all data leaves a trace, extracting data and duplicating this information is an effective methodology that can impact any business regardless of size.
The contents of your phone is by no means equivalent to the multi-billion dollar government contracts found on the servers of The Department of Defense, but they certainly contain data, whether it be emails or meta data, information on your clientele or business contracts on your Google Drive. This information in itself may seem harmless to your business yet the subsequent exposure or theft of this information can actually see you forking out $340,000 as an employee and your business paying up to $1.7 million under the Notifiable Data Breach (NDB) legislation from 2018 of the Privacy Act 1988. If this doesn’t cripple your business, the compensation costs and damage to your brand and reputation certainly will.
WHO DOES THE NDB APPLY TO?
The NDB scheme applies to any agency, organisation or entity that is covered by the Privacy Act 1988 (Cth). Businesses, organisations and entities (with a $3 million or higher turnover per annum in any financial year since 2001) are also covered. Any business that is included in the following categories are also captured under the scheme, regardless of their turnover:
These entities include but are not limited to:
- Health service providers
- Credit reporting bodies
- Entities related to an APP entity
- Entities that trade in personal information
- Employee associations registered under the Fair Work (Registered Organizations) Act 2009
- Entities that ‘opt-in” to APP coverage under the Privacy Act.
The best way to protect your business from the consequences of a data breach is to protect information from the very beginning. Here are a few tips to prevent a data breach:
- Store only essential and relevant personal information
- Make sure the process of data collection & storage is secure
- Install Surge Protectors & Uninterruptible Power Supplies
- Firewalls can thwart malicious hackers and stop employees from browsing inappropriate websites. Install and update firewall systems on every employee computer, smartphone, and networked device.
- Keep your staff educated on dealing with suspicious emails
- Patch Your Operating Systems & Software Regularly - Every new app can open the door to a cyberattack if you don’t regularly patch and update all software on every device used by your employees.
- Use email and web browser filters to deter hackers and prevent spam from clogging employee inboxes. You can also download “blacklist” services to block users from browsing risky websites that pose malware risks.
- Keep information on a trusted platform and have cyber defence systems in place
- Implement procedures to monitor the storage and destruction of information
- Secure All Wireless Access Points & Networks
- Use thedocyard & Whitehawk
The internet has become a digital infrastructure fuelled by growth in modern communicative technology, one that has paved the way for remarkable innovative practices. These contemporary developments offer a bright future for business operations across the globe and provide opportunity for growth in unprecedented and innovative ways. These opportunities however are not without risk or threat. In the 21st century, it is crucial that cyber threats and security not be taken lightly.
Businesses must be accountable for the integrity of their systems and individuals must be mindful of the ways their actions can cause both harm and opportunity in unforeseeable ways. Decisions and actions to minimise our exposure to cyber threats is something that can be practiced by every individual no matter who they are and where they operate.