Story image

Data privacy regulations causing headaches for AU businesses

21 May 2018

Global and regulatory landscapes are tightening to ensure more data privacy in the face of increasing data sharing and cyber threats, and while many Australian businesses have prepared for the Notifiable Data Breaches scheme, fewer are prepared for GDPR.

Those are some of the findings from Webroot’s global report, Data Privacy and Regulation: The Worldwide Race to Comply. It surveyed 600 IT decision makers, of whom 200 were from Australia.

It found that 96% of Australian respondents feel confident that their fellow employees are equipped to comply with NDB and GDPR, however only 9% said they were actually ready to comply with GDPR.

“Organisations shouldn’t neglect training, and more importantly look to train ALL staff, not just IT. Many data breaches today come from insider threats – and often are caused by careless mistakes. IT and HR teams need to work together to make sure all employees are trained, and continue to be trained on compliance requirements as regulations evolve and as citizen’s demand for more privacy grows,” comments Webroot senior information security analyst Dan Slattery.

Twenty two percent of respondents also say they are not confident that their organisations could comply with rules requiring them to disclose all personal data collected on individuals within one month of request.

Interestingly, only 18% of UK respondents are confident they could provide information within one month of request – suggesting that they are even less sure about their abilities than those in Australia and the United States.

“Ongoing employee education is the best way to protect against many of the threats that companies are targeted with at the moment. If employees are able to correctly identify and report possible phishing or ransomware attacks and report them correctly, there will be less chance of a successful breach,” Slattery comments.

Advice for businesses:

  • Know your data. You must know what personal data your organisation has, where it’s stored, and in what systems. Regularly schedule audits and allocate resources for this work.
  • Delete. Make sure any data you do not need is deleted securely. There are legal requirements for maintaining certain types of data, but when data retention is not required, disposing of it helps reduce risk.
  • Communicate. With any process change, effective communication is essential. Proper internal communications with employees and external communications with suppliers will help make them aware of changes and give them time to amend their own processes.
  • Assess. When auditing personal data processes in relation GDPR and NDB, consider if a privacy impact assessment is required.
  • Comply. If there is a security breach within your organisation, follow the rules outlined by GDPR and NDB. Under these regulations, it’s essential to be transparent and inform affected individuals within the specified timeline.  
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
Infoblox appoints channels head for A/NZ
Kenneth Cartwright’s appointment extends Infoblox’s position in secure cloud-managed network services throughout the region.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.
Hackers increasingly ‘island hopping’ – so what does it mean?
Carbon Black's Rick McElroy discusses this new trend and what it means for the new age of cybercrime.
Trust without visibility is blind – Avi Networks
Enterprises are wanting to gain the trust of their customers, but are often found blindly defending themselves.