Security & Data Breaches

Security Policies

In response to the new Notifiable Data Breaches scheme mentioned below, we've reviewed and revamped our Security Standards which apply to all our Managed Clients.

The threat of Cyber Attacks, Viruses and Ransomware as well as Data Loss is ever increasing and is everyone's business!  Your Manager or IT Provider are not the only persons responsible here.  If you use a computer at home or work, it is essential to understand the risks.

We published an article some time ago on Identifying Cyber Threats - a recommended read if you've not already done so.  In this article, we'll provide an overview of the systems we have in place to help prevent attacks on our Client's Systems.

  • User Permissions - Tighter permissions are being applied in order to disallow accidental installation of unwanted apps and software.
  • Anti-Virus & Internet Security - a combination of Bitdefender Endpoint Security, Web Filtering Rules and Comodo DNS Protection to block access to known and unknown malicious sites and files.
  • Remote Access - Firewall Protection against Brute Force password attacks via Remote Access services.
  • Two-Factor Authentication - an optional Security Layer for Remote Access Users, similar to many Banking Websites.
  • Backups & Disaster Recovery - a well Documented and Tested Regime to ensure Business Continuity in the event of a Disaster (Cyber or Natural).
  • 24/7 Monitoring - Managed Services Clients are under constant review as all Systems are monitored 24/7 for key Metrics.

Our detailed Security Policy is available to Clients upon request.

Mandatory Data Breach Reporting

As of 22nd February 2018, companies with more than $3 million in revenue or in the healthcare industry are forced to report notifiable data breaches immediately.  A targeted company has 30 days to investigate and report on the breach in greater detail. Failure to do so attracts a $360,000 fine for the directors and $1.8 million for the company itself.

What is the Notifiable Data Breaches scheme?

The passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017 established the Notifiable Data Breaches (NDB) scheme in Australia. The NDB scheme applies to all agencies and organisations with existing personal information security obligations under the Australian Privacy Act 1988 (Privacy Act) from 22 February 2018.

The NDB scheme introduced an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner (Commissioner) must also be notified of eligible data breaches.

Agencies and organisations can lodge their statement about an eligible data breach to the Commissioner through the Notifiable Data Breach statement — Form.

Agencies and organisations must be prepared to conduct a quick assessment of a suspected data breach to determine whether it is likely to result in serious harm, and as a result require notification.

Which data breaches require notification?

An ‘eligible data breach’, which triggers notification obligations, is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates.

A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.

Examples of a data breach include when:

  • a device containing customers’ personal information is lost or stolen
  • a database containing personal information is hacked
  • personal information is mistakenly provided to the wrong person.

Source: https://www.oaic.gov.au/ndb