Learn how to protect your businesses data and your new privacy obligations
- 43% of all cyber crimes are targeted at Small business.¹
- 60% of small businesses who experience a significant cyber breach go out of business within the following 6 months.2
Most practices hold confidential data and information on both their own operations and their customers. This may include customer’s bank or credit card details, personal contact details or even private information about your work with your customers.
As of the 22nd February 2018, it is now a legal requirement by the Australian Government for any health business or professional to report if any third party information has been accessed by unauthorised parties (data breach) within 30 days of the incident.
What is considered a data breach?
A data breach is any unauthorised access to, unauthorised release of, or loss of personal information that an employee or practice holds that is likely to result in serious harm to the individual/s affected.
Who do you need to contact?
If your practice or employees have experienced a data breach you need to contact the affected individual/s and notify the Australian Information Commissioner. There can be fines of up to $2.1 million if reports are not made.
How to notify a breach?
The notification to the Commissioner can be made using the Office of the Australian Information Commissioner’s (OAIC) Notifiable Data Breach form which can be found at: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme#how-to-notify
Cyber Security Checklist
With Cyber-attacks on the rise it is important to take preventative measures. Hackers are increasingly targeting small businesses as data security tends to be less advanced than larger businesses. The costs of a cyber-attack often outweigh the costs of preventative measures and this checklist can help you better protect your business:
- Ensure employees only have access to the information that they require to perform their work. Reducing access can prevent the risk of an ‘insider’ accidently or intentionally releasing information.
- Provide regular training and awareness information on the management of confidential data and cyber scams for new employees and current staff.
- Employees should be reminded to be on the lookout for suspicious emails or websites and not to provide personal or financial data. Avoid interacting with suspicious emails or websites as these can expose your computer to viruses.
- Have current antivirus software installed and consult your IT provider. Ensure that electronic information is always backed up and test that the backups work.
- Create complex computer passwords with a combination of words, numbers and symbols. Ensure each employee has unique passwords and that passwords are changed bi-monthly.
- Make sure all devices including, phone, tablet and computer have an auto lock when not in use and advise all staff to lock their computer when leaving their desk.
- The purchase of cyber insurance can help manage the financial loss of a cyber-attack. Learn more: aon.com.au/cybercover
- View common online cyber threats and more preventative measures at Stay Smart Online Small Business Guide. 3
For more information on cyber security or to take our cyber insurance click here or call 1800 805 191.
- Testimony of Dr. Jane LeClair, Chief Operating Officer, National Cybersecurity Institute at Excelsior College, before the U.S. House of Representatives Committee on Small Business (Apr. 22, 2015), available at docs.house.gov/meetings/SM/SM00/20150422/103276/HHRG-114-SM00-20150422-SD003-U4.pdf.