• Contract Management
  • eSignature
  • Team Collaboration
  • Workflows
Platform Overview
Pricing
  • Platform Support
Join waitlist
Solutions
  • For your Industry
Features
  • Contract Management
  • eSignature
  • Team Collaboration
  • Workflows
Platform Overview
  • Contract Management
  • eSignature
  • Team Collaboration
  • Workflows
Platform Overview
Pricing
Resources
  • Platform Support
  • Our Customers
Join waitlist

7 Ways to Bolster Your Cyber Security (2022 Update)

In an earlier article, we introduced the Notifiable Data Breach (NDB) Scheme which provides a compulsory procedure for agencies and organisations (including small businesses) to follow in the event of a data breach. However, prevention is better than cure, and having tools in place to minimise a data breach from occurring will do your business a world of good. But where to start? Here are seven steps and strategies to prepare and boost your cyber security. In the meantime, it may also be wise to read OAIC’s resources as well as consult a privacy lawyer for professional advice.

1. Governance, Culture and Training

Insufficient interest or awareness of cyber-security among staff may lead to threats of data breaches being ignored and not properly attended to. Therefore, it is important to foster a privacy and security-conscious culture among your staff through appropriate training, resourcing and management focus, such as:

  • Compulsory induction training sessions on cyber-security for new staff.
  • Regular cyber-security training sessions for regular staff.
  • Appointing a body or officer(s) who oversees, enforces and also trains staff on the business’s cyber-security policy.

2. Internal Practices, Procedures and Systems

Whereas the previous step focused on the culture and awareness of cyber-security (‘soft’ strategy), this current step is about enforcing rules and policy (‘hard’ strategy’). In general, your cyber-security policy should cover or require:

  • Mandatory procedure (mirroring the NDB Scheme) on how to identify and report data breaches.
  • Procedures for oversight, accountability and lines of authority for decisions relating to personal information security.
  • Procedures for the storage of sensitive information at work and at home.
  • Minimum standards and rules relating to use of end-user mobile devices and ‘Bring Your Own Device’ (BYOD).

According to the APP code, the internal practices and procedures of your business must be documented, regularly reviewed and updated.

3. ICT Security

This refers to measures which protect both your hardware and software from misuse, interference, loss, unauthorised access, modification and disclosure. ICT security covers:

  • Software Security and Encryption: this includes your website and applications
  • Network Security: This includes firewalls, detection system, blocking unauthorised downloads and WiFi security
  • Whitelisting and Blacklisting: This involves controlling the content, application or entities that are allowed to run on or access a device or network
  • Testing: Regular testing will help you discover any security weakness or configuration reviews
  • Backing Up and Email Security: Obtaining physical hard copies or cloud-based storage as back-up

4. Access Security

This involves monitoring controls that protect your firm’s data from unauthorised access by hackers. Measures include:

  • Truster Insider Risk: This includes limiting disclosure of personal information to those staff necessary to enable your business to carry out its functions and activities.
  • Identity Management & Authentication: This helps to delineate between authorised and also unauthorised accessors.
  • Passwords & Pass-Phrases: Involves having minimum length and character requirements, regular password updates, and also shared or unique passwords for staff.

5. Physical Security

This covers steps which prevent unauthorised physical access to both your soft and hard copies of your business’s data. Measures could include:

  • Alarm systems (i.e. to control entry to workplace)
  • Location and lock security of file storage rooms
  • Camera systems (i.e. to detect unauthorised accessors)

6. Third Party Providers

If you use cloud service providers or other third parties to store your data, it is important that you understand their information handling practices (including terms and conditions) so as to ascertain any risks and protect yourself accordingly.

7. Destruction and Self-Identification

Where an entity holds personal information it no longer needs for a purpose that is permitted under the APPs, it must ensure that it takes reasonable steps to destroy or de-identify the personal information.

Therefore, you should consider establishing a procedure for the destruction of electronic (e.g. disk formatting) and physical data (e.g. shredding or burning). Whatever destruction method you use, the APP Code requires for the destroyed data to become ‘beyond use’ and ‘irretrievable’.

Conclusion

It is important that you establish or improve your cyber-security so that you can identify and respond effectively to future data breaches in line with the NDB Scheme. However, if you have adequate measures in place, you may be able to avoid any breaches occurring.

You may also like
Recent Articles

Get the latest news

By clicking on 'Sign up to our newsletter' you are agreeing to the Lawpath Terms & Conditions

Share:

You may also like

What is an Equitable Interest?

Having an equitable interest in a property may give the holder the right to acquire legal title. Find out what this means and when it can occur here.

What is a Bloodline Trust?

If you're interested in protecting your assets for your children, a descendant's trust is likely the best option. Our article breaks this down.
Is it a Legal Requirement For Businesses To Provide Receipts?

Is It A Legal Requirement For Businesses To Provide Receipts?

Have you ever wondered whether there is a legal requirement to provide a receipt to customers? Read along to find out when you need to.
Twitter Linkedin-in Facebook-f Youtube
Copyright 2023 Lawpath Operations NO. 2 Pty Ltd ABN 56 660 157 755. Lawpath is an online legal service that makes it faster and easier for businesses to access legal services solely based on their own preferences. Lawpath is not a law firm and does not provide legal advice. Information, documents and any other material provided by Lawpath is general in nature and not to be considered legal advice. You should always seek advice from a qualified professional when using (you can access 3rd party qualified professionals via selected products sold by Lawpath). Use of Lawpath and lawpath.com is subject to our Terms and Conditions and Privacy Policy.