More and more attention has been put on to the subject of data & information security. Every business in Australia has small or large amounts of information stored on computers and servers that if breached could have a series of ramifications.
Under the Australian Privacy Act, business owners have certain responsibilities.
The Australian Business website defines the Privacy Act as “an Australian law which regulates the management, storing, access and correction of personal information about individuals.”
The type of information that is covered might include such things as:
- name
- signature
- address
- email address
- phone numbers
- date of birth
- bank account or credit card details
- even their comments or opinions
Generally speaking, if you turn over more than 3 million in a year then you have to comply with the Act. Certain industries, such as financial services will have to comply regardless of turnover.
One of the greatest threats that a business has when storing this type of information is its safe storage and subsequent handling.
If private information were to go missing you would become responsible for letting the person the information was regarding know what was lost, as well as a government agency. You may be liable for any loss to the individual incurred.
A data breach, where information is lost, can occur in a couple of different ways;
- a computer system is hacked in order to steal information you may hold
- a computer is infected by a virus that causes the loss or potential leakage of data
- an employee, intentionally or not, deletes or incorrectly makes public the wrong information
- and others
Protecting yourself against these risks is an important part of doing business in Australia (and a legal obligation).
You can do so by;
- carefully vet your staff. Make sure they are properly trained for the job they are going to do
- provide on-going training so that computer systems and processes are fully understood
- invest in enterprise-grade software to protect against viruses and intentional hacks
- hire a specialist who can audit your computer equipment and provide you with a solution to securing it better
- use only well-known providers for your cloud storage and software
- update software and operating systems frequently
- remove the credentials of former staff or those moving on to other roles quickly.
- keep hardware up to date
- remove anything identifying from information if it is not required
- don’t store any information you don’t need to – such as credit card numbers
- destroy any information you no longer require (or are required to keep under law)
- encrypt sensitive data so that even if it is stolen it can not be used
- limit access to your servers to a short list of known addresses
This is a long list, and there are certainly more items you could add to it, but the attention you put on this area is much more important than you might otherwise think.
We all take precautions to protect our physical premises and stock. Every company should have information and data security policy that everyone understands.
Here is another intresting article How to Deal with an Intruder
follow us on Facebook