- Since Australia’s Notifiable Data Breaches (NDB) scheme was introduced in February over 60 data breaches have been reported
- 50% of notified breaches were the result of human error, although malicious or criminal actors are believed to have been behind a further 44 percent of incidents.
- Despite the new NDB scheme, research from HP has found many Australian SMBs remain at risk of data breaches
Your business IT systems may be protected by passwords and firewalls, but common security blind spots could be leaving sensitive customer information vulnerable to attacks from cyber criminals.
Since Australia’s Notifiable Data Breaches (NDB) scheme came into effect earlier this year, 63 businesses have reported data breaches. This is a timely reminder that cyber security should be top of mind for all Australian SMBs.
NDB Scheme requirements
The revised NDB scheme applies to businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients. Under the scheme, these businesses are required to notify particular individuals and the Australian Information Commissioner about unauthorised access to or disclosure of personal information, or the loss of personal information.
According to the Office of the Australian Information Commissioner, a data breach must be reported if it is likely to result in serious harm to any of the individuals to whom the information relates. This may include serious physical, psychological, emotional, financial, or reputational harm.
Beyond the reputational risks a data breach can pose to Australian businesses, the legal and financial consequences of failing to comply with the latest NDB scheme — civil penalties of up to 10,000 penalty units or $2.1 million in fines — are enough to motivate businesses to sit up and take notice.
Many organisations do take basic steps to keep sensitive data safe. However, there are some areas where security is often neglected.
The risks of remote working
According to the HP Australia IT Security Study, close to 2 in 3 Australian small and medium businesses (SMBs) today allow employees to work remotely on a regular basis. This practice has become commonplace in the modern-day workplace but without the right measures in place it poses a huge security threat.
Field workers, commuters and employees who regularly travel interstate for work often access company networks from public places. This can put your business at risk, not only through the use of unsecured public wifi, but from visual hackers.
Visual hacking is not the work of technically-minded cyber sleuths. It is as simple as someone looking over your shoulder while you work. From employees working on presentations while they wait to board a flight to responding to work-related emails on the bus, there are ample opportunities for visual hacking.
Despite the significant financial, operational and reputational implications of exposing company information to the wrong people, HP has found visual hacking to be a security blind spot for Australian SMBs.
The best way to mitigate risk is to have access policies on personal devices in place. In some instances, it may be necessary to restrict the data that can be accessed from personal devices to limit how much data can leave your business network.
In many cases, the restriction of remote working is not possible. For businesses with employees who must access company information outside of the office, using an HP laptop with the protection of an in-built HP Sure View privacy screen can prevent the risk of visual hacking.
The not-so-humble printer
While many SMBs do think to secure PCs, smartphones and tablets, printers are often overlooked. In fact, HP research suggests less than 2% of printers around the world are secure from hackers. Thanks to this trend, the not-so-humble office printer is becoming a favoured entry point for cyber criminals.
The HP Australia IT Security Study has revealed only 29% of businesses that recently undertook a security risk assessment included printers in their analysis. Just as dead bolting a front door is pointless if you leave the window open, assessing computers and smartphones for risks but neglecting other connected devices like printers can leave your network vulnerable to attack.
The sensitive information that can be found on printers isn’t just what’s printed on paper. Before files appear on paper, they are data. This can be intercepted and read by unwanted outsiders.
The security assessment gap
Despite the ever-present risk of a data breach, the HP Australia IT Security Study found more than half of Australian SMBs had not undertaken any sort of IT security risk assessment in the last twelve months. The lack of robust and regular security assessments leaves SMBs wide open to attack, especially in these times of increasingly clever tactics used by cyber criminals.
Hackers are continually upping the stakes, developing new ways to steal data and personal information. Security checks must be performed on a regular basis, rather than being viewed as a set-and-forget task.
The first steps to secure your SMB from the risk of hackers
The security stakes for Australian SMBs are higher than ever. The first step for any Australian SMB looking to improve its cybersecurity posture is to begin auditing and updating IT policies and procedures. It is important to assess the effectiveness of the security measures already in place and to frequently revise them to keep up with evolving technology.
While creating passwords for all devices and installing security software is critical, security best practice shouldn’t stop there. Weak links like visual hacking and network access via printers should be identified as part of regular security reviews. Staff at all levels must also be educated about risk prevention and company policies.
As the number of connected devices being used in the workplace continues to grow, so too does the sophistication and volume of cyber attacks and data breaches SMBs face. With concerns about how personal information is stored and shared now having a growing influence on customer purchasing decisions, securing devices and the personal information they hold is essential to preserving the trust and confidence your customers have in your business.
Business Insider Emails & Alerts
Site highlights each day to your inbox.