Did you know that simple human error was responsible for more than a third of data breaches in Australia in the last year, according to the Australian privacy commissioner.
35% per cent of breaches were the result of human error, nearly two thirds (60%) of data breaches were found to be the result of malicious or criminal attacks, and only 5 per cent (5%) were attributed to system faults.
Data breaches pose a significant threat to many Australian businesses, and since mandatory reporting was implemented, they can also result in costly fines.
We’ve outlined the practical steps your business can take to implement best-practice procedures and prevent a data breach.
1. Store Only What You Need
Audit the current client / customer information you gather and where this is stored on your servers. Identify only what you need, and don’t collect additional unnecessary information. Minimise the number of places this personal data is stored.
2. Destroy Data Before Disposing of it
Destroy hard copies of records such as DVDs, USBs, and other portable storage devices. Deleting files does not erase customer data so use software custom-designed to permanently delete a hard drive, or physically destroy using a best practice process.
3. Protect Your Data
Restrict access to only those employees who need access. Conduct police or background checks before hiring new employees, and never give temporary contractors or vendors access to personal information. Ensure physical records are stored in a secure location.
Implement password protection on all devices and train staff to never leave electronic devices unattended. Ensure ‘strong’ passwords are mandatory, and changed regularly, and ensure staff work remotely only on company computers.
Don’t permit your employees to use file-sharing websites, block access to inappropriate websites, and do not allow staff to upload unapproved software to company devices.
4. Train Your Employees
Simple mistakes are by far the biggest contributor to human error data breaches in Australia! Emails sent in error to the wrong person were responsible for over 90% of human error incidents, and forgetting to ‘blind copy’ (bcc) was also a contributor. By implementing simple procedures such as reminding staff to double check addresses before sending, or having a colleague check an address, can easily mitigate such errors.
Create security and data policies and procedures and educate all staff about these procedures, so they understand types of information that are sensitive or confidential, and their responsibilities as employees to protect this data.
Ensure procedures include things like:
- Lock computers when unattended
- Logging off computers
- Storing files securely e.g. locking filing cabinets
- Keeping passwords secure and never sharing them
5. Encrypt Data Transmissions
Ideally, encrypt all data including email. Avoid using Wi-Fi networks, especially unsecure networks in public spaces such as staff working in coffee shops with ‘free Wi-Fi’.
6. Maintain / Update Software
Implement best-practice security software, use firewalls, and ensure security software such as anti-virus and anti-spyware software is kept up to date. Engage a reputable IT Services company to manage your security, and follow their advice regarding vulnerabilities and associated patches.
7. Closely Monitor and Control Use of Portable Media
Be wary of the use of portable devices that are more easily lost or stolen, and automatically ‘sync’ with desktop or laptop computers. Ensure these devices have strong password protection and encrypt the data that is downloaded to these devices.
Don’t Wait Until it’s too late
Sadly, for many businesses, they only care about security after they have been attacked or there is a serious data breach, which can be a costly legal, business and compliance issue.
This can be effectively mitigated by following the above best-practice steps, and engaging a reputable and experienced IT company who can help manage your data security.
If you’d like any further information, assistance with your cyber security or you don’t know where to start please call us on 1300 478 738 or email us email@example.com.