- Small businesses are often the targets of cybercrime.
- All businesses need to comply with the new privacy legislation
- Businesses need to improve their cyber security
Most businesses hold confidential data and information on both their own operations and their customers’. This may include customers’ bank or credit card details, personal contact details, or even private information about your work with your customers.
It is now a legal requirement to report any unauthorised access of third-party information in a data breach within 30 days of the incident. This applies if your business has a turnover of more than $3 million or if it deals with sensitive personal data. The new rule was introduced by the Australian Government on 22 February 2018.
It is important to remember that 43% of all cyber attacks target small businesses (Symantec survey 2016) and that 60% of small businesses that experience a significant cyber breach go out of business within the following six months (US National Cybersecurity Institute).
What is considered an eligible data breach?
A data breach is any unauthorised access to the unauthorised release of, or loss of, personal information that an employee or business holds that is likely to result in serious harm to the individual/s affected.
Who do you need to contact?
If your agency or employees have experienced a data breach, you need to contact the affected individual/s and notify the Australian Information Commissioner. There can be fines of up to $2.1 million if data breach reports are not made.
How do you report the breach?
The notification to the commissioner can be made using the Office of the Australian Information Commissioner’s (OAIC) Notifiable Data Breach form, which can be found at here.
Cyber Security Checklist
With cyber-attacks on the rise, it is important to take preventative measures. Hackers are increasingly targeting small businesses as their data security tends to be less advanced than larger businesses. The costs of a cyber attack often outweigh the costs of preventative measures. This checklist can help you better protect your business:
1. Ensure employees have access to only the information they need to perform their work. Reducing access can prevent the risk of an “insider” accidentally or intentionally releasing information.
2. Provide regular training and awareness programs for all employees on how to manage confidential data and deal with cyber scams.
3. Employees should be reminded to be alert to suspicious emails or websites and not provide personal or financial data. They should also avoid interacting with suspicious emails or websites, as these can expose your computer system to viruses.
4. Have current anti-virus software installed that is consistently updated, and consult your IT provider. Ensure that electronic information is always backed up and test that the backups work.
5. Create complex computer passwords with a combination of words, numbers and symbols. Ensure each employee has unique passwords and that passwords are changed bi-monthly.
6. Make sure all devices including, phones, tablets and computers lock automatically when not in use and advise all staff to lock their computers when they leave their desks.
7. Cyber insurance can help manage the financial loss of a cyber attack. Learn more: aon.com.au/cybercover
8. View common online cyber threats and more preventative measures at Stay Smart Online Small Business Guide. To find out more about the new legislation and improve your cyber security, visit aon.com.au/professionsnews or call 1800 805 191.