Is the government’s new data breach bill going to give your business a bad reputation?
FYI, this story is more than a year old
No one likes admitting when they’ve made a mistake. Especially if it’s a big one, like a leak that exposes customers’ private and personal information. But that’s just what businesses will have to do with the Government’s Breach Notification Bill passing through parliament earlier this year. The bill requires businesses to notify the Privacy Commissioner and affected customers as soon as they become aware of a ‘notifiable breach’ in data.
In many personal scenarios, admitting you’ve made a mistake results in a warm hug and a chat about how you can do things better next time. Unfortunately, the corporate world is a little less forgiving and can result in fines, loss of revenue and severe reputational damage.
Late last year the Red Cross landed headlines like ‘Red Cross data breach could have exposed donors to identify theft’ and ‘Phishers go after Red Cross data breach victims’ when it compromised 550,000 blood donor’s private details online. These headlines are forever immortalised online and with more businesses required to fess up and face the music we can only expect to read more.
It has never been more important for businesses to make sure their data and their customers’ data is fiercely protected. While most businesses make sure they have effective security infrastructure, it’s important not to cut corners in other areas, such as software.
Last year in Australia, the number of reported cases of unlicensed software operating in businesses steadily grew 105% year-on-year. And before you shrug your shoulders wondering what harm a little bootleg program could have on data being breached, an IDC Study found there is a connection between unlicensed software and cybercrime.
Many businesses don’t realise that by having your software properly licensed, it provides additional benefits alongside compliance:
Software comes with its own encryption, providing an extra level of security to your business data. As computers continue to increase in processing power, encryption is required to be ever evolving.
The current encryption of 128-bit AES would take today’s computers 10.79 quintillion years to crack, however, with quantum computing this would take less than six months. Software producers continually update and build encryption into their products ensuring their customers’ data is future-proofed.
Software constantly needs to be patched and notify you of urgent security updates. While patching is one of the last things on a business’s mind, it is one of the most important.
A recent report, Flexera Software’s 2016 software vulnerabilities, found there were 17,147 vulnerabilities across 2,136 products, of which 81% had patching available on the day of discovery. Unlicensed software doesn’t have automatic patching or built-in alerts, leaving users vulnerable to known flaws.
Licensed software also saves businesses time and money. Similar to patching, unlicensed software doesn’t provide users with the best and latest features, forcing the businesses to uninstall and reinstall the program every time they want to upgrade. Properly licensed software can quickly upgrade while the system is offline, saving the user time and the business money.
What this all means is that unlicensed programs could be the reason why you have to explain to your customers why their personal information has been stolen. It has become even more imperative that businesses ensure they are using licensed software.
Check that your software has a certificate of authenticity and invest in an effective Software Asset Management (SAM) tool to make sure all the moving parts of your business are safe and secure. And you can avoid damaging headlines that drag your business’ reputation through the mud.
Article by Gary Gan, Director of APAC Compliance at BSA.