Incidences of cyber crime and identity theft are set to rise once more in 2018, following the trend that has been well established since the beginning of digital data storage. With the new year and new legislation just around the corner, many businesses are looking to the future and reassessing their digital security practices.
Tens of millions of cases of identity theft occur annually, with stolen funds now exceeding $15 billion each year. Studies suggest that in the last six years, cases of identity theft have increased as much as 200%.
Every organisation handling the data of clients, customers, or employees is at risk of a security breach. Statistically, the greatest threat is experienced by sectors such as education and health, which store large amounts of personal data, as well as financial institutions, an obvious target for cyber criminals looking for monetary gain.
With the risk of cyber crime increasing annually, attention needs to be given to data protection, both in legislation and in the digital security practices of individual organisations. Next year will see legislation tightening in both Australia and the EU, with new laws imposing heavy penalties on organisations that experience digital security breaches.
Beyond the fines imposed by governing authorities in the case of a data breach, companies also experience financial losses in the recovery process, as well as a significant loss of trust in their client base.
The sensitive information in question can include names and addresses, medical records, bank account details, and photographic images or video footage, as well as information on a customer’s workplace. It can also include the expression of certain personal opinions.
With legislation tightening and public awareness of data security issues rising, data security is likely to become a key deciding factor in consumer choices. Companies are taking stronger measures to ensure their clients remain protected from cyber crime and data theft. Below, we suggest several steps that can be taken to significantly minimise the risk of data security breaches in workplaces across Australia.
ADD's tips to secure your company’s data against cyber threats in the workplace
The Australian Privacy Protection Act and the Australian Privacy Principals (APPs) are legally binding principles that inform privacy protection in Australia. Familiarise yourself with these documents and follow the ten steps below to help ensure the protection of sensitive data.
Consider whether it is necessary to hold sensitive information in the first place, and what minimum amount of information it is necessary for you to collect. Over-collection of data or storage of unnecessary information increases security risks by increasing the amount of data for which your organisation is responsible.
Conduct a Privacy Impact Assessment (PIA) or an assessment of information security risk, if applicable. A PIA is a written assessment identifying the privacy impacts of a proposal and making recommendations for management of those impacts. It describes the flows of personal information within the scope of the proposal, analyses the possible impacts, and explains how the organisation intends to decrease or eliminate the identified risks. The OAIC website can assist you in determining if you require a PIA or an information security risk assessment.
Educate your staff on good cyber-security workplace habits. Raise awareness within staff groups of methods used by cyber criminals and ensure that all the employees within your organisation understand the importance of digital security.
Ensure that your information handling practices are embedded with the appropriate privacy protections. By always handling a data securely, within a planned and deliberate information handling framework, you will minimise your risk of information leaking due to unsafe handling practices or human error.
Account for the possibility of human error. Ensure your staff complies with strict policies within your information handling framework regarding access to, and distribution of, sensitive data such as customers’ personal details. Account for the possibility that human error can occur by having systems in place to deal with breaches, if and when they occur due to human error.
Equip all hard drives with digital security safeguards and software. Keep all programs updated and patched to ensure that your software is up to date and ready to handle the constantly shifting landscape of digital threats.
Ensure there are appropriate alarms in place so that, if a breach occurs, you are made aware immediately and can deal with the issue in the most efficient way possible.
Only hold data for the time that it is necessary to do so. Once sensitive data is no longer necessary, destroying it immediately and completely ensures that it will not become a security issue in the future.
Ensure all paper copies of sensitive information are disposed of appropriately and safely. Work with a data destruction company and ensure your staff understands the sensitive nature of paper copy information and the necessity for its proper destruction.
Work with a reputable data destruction company to dispose of digital copies of personal information safely and permanently. Complete data destruction is an essential way to mitigate risk once information is no longer required. Using a data destruction company that can guarantee complete destruction of all digital and physical data ensures your customers’ sensitive information remains secure. Choose a company that can assure 100% auditability of eradicated data. Where possible, have data destroyed on-site to avoid the possible risks associated with transporting sensitive information.
As the current market leader in Australian data destruction, AVTEL Data Destruction uses a unique and portable milling process that guarantees complete security of eradicated data.