In the 21st century, businesses have to be tech-savvy. We increasingly rely on the abundance of hardware and software at home and at work. However, this increasing use and reliance on modern technology can often open the door to online (or cyber) security vulnerabilities; that is the risk of your information and data, including confidential information, falling into the hands of unwanted individuals who seek to use and take advantage of that information.
The recent incident with PEXA, the national (and, now in Victoria, mandatory) e-conveyancing system, is a prime example of the potential impact of cyber-crime. The incident, where hackers fleeced significant sums from home sale transactions, led to an almost immediate reaction from PEXA to deploy a tighter set of security controls for its users.
So what does this mean for you and your business?
Good governance requires businesses to be on the front foot understanding and dealing with cyber security risks. A proactive approach, ensuring all data and documents are protected from leaks to the public or attacks from cyber hackers, is vital to minimise disruption to your business and ensure continued compliance with Australia’s privacy laws.
With this in mind, we have a few key tips to ensure your business is cyber-safe:
- Develop a business plan/strategy that addresses cyber-security. Establish clear policies and procedures for your business and employees that deal with collecting, disclosing and securing business and personal information. Determine what security measures are currently in place to protect your business assets, including a plan of action in the event a cyber-attack occurs. Make sure that your staff are aware and educated on your policies and procedures in relation to cyber-security.
- Ensure that all hardware and software owned or operated by your business is up-to-date and fit for its intended purpose. It may be worthwhile seeking the assistance of technicians or experts to test your systems, making sure there are no loop-holes in your e-security systems.
- Invest in cyber insurance. You should ensure your policy offers an end-to-end risk management solution to stay ahead of the curve of cyber security risks by protecting your business against the costs that may result from a cyber-attack.
Cyber-Crime and Privacy Laws
Cyber-crime and e-security is just as much about protecting the personal information of individuals than it is about protecting business assets.
Australia’s privacy laws require business to ensure they are collecting, storing and disclosing personal information in a manner consistent with Australia’s Privacy Principles, including:
- an individual having the option of transacting anonymously or using a pseudonym where practicable;
- the collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection;
- how personal information can be used and disclosed (including overseas);
- maintaining the quality of personal information;
- keeping personal information secure;
- rights for individuals to access and correct their personal information.
However, these already stringent requirements look set to change following a recent alteration in European privacy laws. The new European General Data Protection Regulation (GDPR) focuses on ensuring that users know, understand, and consent to the data collected about them, and seeks to shift the power balance towards the consumer by restricting how personal data is collected and handled. Companies will be required to be clear and concise about their collection and use of personal data.
Although these laws are yet to be incorporated into Australian domestic law, it is anticipated that these new regulations will find their way over to Australia in due course, highlighting the ever-increasing scrutiny being placed on businesses to ensure an individual’s privacy is protected with upmost care, including protection from cyber-crime.