The answer is to embed your ICT Security Policy.
Majority of cyber attacks linked to compromised user names and passwords.
The introduction of the Notifiable Data Breaches (NDB) scheme last month will shine a spotlight on ICT security and compliance for Australian organisations.
News recently broke of an extraordinary breach of national security following the discovery of highly sensitive cabinet documents in two old filing cabinets bought at a second-hand shop in Canberra.
There’s no question the level of trust and confidence customers have in a brand directly impacts profitability. The reputation of a business is essential to survival.
Just this morning, we’ve seen the publicity regarding the contractor breach exposing 50,000 Aussie government and bank staff records. And recently, much media attention was given to the theft of confidential technical information about new fighter jets, navy vessels, and surveillance aircraft from an Australian defence contractor.
In February 2018, new legislation for mandatory data breach notifications will be introduced as an amendment to the Australian Privacy Act. This amendment will apply to all organisations required to comply with the Australian Privacy Act 1988 and could result in penalties for non-compliance of up to $1.7M for organisations and $300,000 for Directors.
The recent data breach at US credit reporting firm Equifax provides a valuable lesson.
Does your organisation have up to date well documented ICT security policies?
Does your organisation have up to date well documented procedures for ICT security (like patching, which is the vulnerability exploited in the WannaCry hack)?
Although the term “lessons learned” is commonly heard now, many organisations, certainly in Australia, do not actually utilise this valuable opportunity for risk management.