Our 2018 Cybersecurity & NDB Event Takeaways
Two-Minute Takeaways from Maxsum’s Cybersecurity & Notifiable Data Breaches Events.
Proudly hosted by Maxsum Consulting, supported by SOPHOS.
Presented in conjunction across Victoria with AusIndustry (Bendigo & Mildura), Rankin&Co. Business Lawyers (Melbourne) and RobertsonHyetts Solicitors (Bendigo).
Business owners and managers came together at Maxsum’s invitation at events staged across Victoria in recent months to hear about today’s cyber threat landscape and find what Australia’s Notifiable Data Breaches (NDB) scheme now means for their data, security, reputation and business from now on.
The Notifiable Data Breaches Scheme, which includes mandatory data breach reporting by businesses to the Office of the Australian Information Commissioner, came into effect on February 22, 2018.
The new scheme applies to all Australian government agencies, businesses and not-for-profits with an annual turnover of $3 million or more, and some small business operators that are private-sector health service providers, trade in personal information, handle tax file number information, and hold or manage other particular types of personal information.
Today’s Cyberthreat Landscape
At Maxsum’s events, we were joined by Ben Verschaeren from industry leader in cyber-security SOPHOS who briefed the room on the threat landscape businesses face today with a particular focus on two of the main vectors for cyber-attack and data breach, Phishing and Ransomware.
Ben’s message centered around building awareness within your organisation of the level of sophistication of today’s attacks. He stressed the odds of suffering a data breach via cyber-attack is much greater than many businesses assume. In fact, he explained, based on the odds, many of the attendees in the room would have already been breached and not even know it!
Legal Snapshot of the NDB Scheme
The second section in our Get #NDBReady events has included a legal snapshot of the NDB Scheme. In Bendigo, RobertsonHyetts Solicitors provided an overview of the NDB Scheme’s legal framework. They provided some much need clarity around definitions under the scheme and how they apply in terms of what constitutes an “eligible data breach”, a breach that results in “serious harm”, and the mitigation of risk through “remedial action”. Outlining the steps businesses should take when they have reason to “suspect” they have suffered a data breach, they explained that organisations covered by the NDB Scheme need to carry out a three-stage assessment within 30 days of discovering a breach to determine whether an eligible data breach has occurred and needs to be reported.
In Melbourne, attendees heard from Rankin&Co. Business Lawyers about the importance of seeking both dedicated legal and technology advice in order to assess and understand what constitutes “an eligible data breach that results in serious harm” in the context of your industry vertical. They highlighted that the requirements under the legislation have been left deliberately broad so as to ensure businesses start to exercise best practice around their data security. Implementing proactive security processes that position businesses to be able to take sound remedial action backed by legal advice and in line with a data breach response plan may mitigate the need for reporting, and prevent reputation damage. They also stressed the need to educate your team, as data breaches are often the result of human error, or even disgruntled employees.
In the AusIndustry-sponsored sessions in Bendigo and Mildura, Maxsum’s Joe Ciancio expanded on the penalties and risks associated with suffering a data breach and the 6-step process businesses need to undertake to detect, contain, assess, remediate, report and review both known and suspected data breaches in organisations. Joe stressed the message that businesses cannot “go it alone” in dealing with the risks and obligations associated with the new data breach regulations and highlighted the need for businesses to seek expert legal advice in this area BEFORE the need arises to minimise risk to business and save time and resources in the assessment and compliance process.
At all events, the very timely advice to the room was for attendees to seek dedicated legal advice now at the inception of the scheme, to review the information management systems already in place, and update or develop a Data Breach Response Plan as a matter of priority.
What Got You Here, Won’t Get You There
Rounding out the presentations was Maxsum Managing Director Joe Ciancio, who spoke from a business technology perspective about what organisations will need to do to:
- protect their data, assets, systems and reputations
- comply with this new and other future compliance regime changes, and
- ensure concrete policies, plans and procedures are in place for Disaster Recovery and Data Breach Response.
The focus of Maxsum’s presentation was that “what got you here, won’t get you there“, signifying the change in the onus of responsibility from the traditional “service provider” model of the past to an essential four-way partnership today between security vendors, legal consultants, business technology partners and the business.
Access Resources Now!
For more guidance and resources, visit the Australian Government Office of the Australian Information Commissioner at www.oaic.gov.au.
Data Privacy and Process Deal-Breakers
Two things you can rely on post-holiday season in Oz – Hot-cross buns hitting the supermarket shelves on Jan 2, and a stream of articles and posts telling us what our business priorities need to be for the year ahead.
Do You Understand the Phishing Threat
It’s the cycle of routine distraction and reaction – a modern-day feature of the way we work and go about our day-to-day business – which actually makes us and our people the weakest link in even the most robust cybersecurity setup.
Cybersecurity – How exposed is your business…and your board?
The recent surge in cybersecurity related crime targeting and disabling businesses around the globe has shown legislators that top-down privacy and protection oversight is a non-negotiable.
Maxsum’s Notifiable Data Breach event was an initiative organised by Maxsum Consulting, and supported by SOPHOS, RobertsonHyetts Solicitors in Bendigo, Rankin&Co. Business Lawyers in Melbourne, and AusIndustry’s Entrepreneurs’ Program in Bendigo and Mildura.
Maxsum is committed to building engagement across boardrooms, business and technology at the strategic level to #buildtheecosystem – for our clients, our partners, ourselves, and our community.