Business Security

Over the past 10-15 years, the business world’s landscape has changed. Business needs to ensure that the data that they gather is now kept secure, whereas before the primary focus was on the profitability. Back then, all records weren’t stored on computers, and were stored in filing cabinets. Unfortunately, the digital technology enhancements have seen filing cabinets become less prevalent, and more and more data are saved on computers, servers and in the cloud. - Roger Smith

The Quote above poses a new problem for a business, as the data may contain elements of a client’s private dealings, their credit terms, payment methods and physical addresses.

This data can be used by a malicious targeted attack to hold a company or individual to ransom, giving birth to new technological events called ransomware attacks.

As a result, governments around the world have established basic care rules and laws to govern the use of data and, in the event of a breach of a client’s data, the steps a business must follow once a breach has been identified.

Breaches of data holding are very serious. The data that can be captured can and is used in many different forms of attack, ranging from Identity theft, to complete destruction of a reputation of a business or individual.

In Australia, laws (acts) impact a business in a breach. The first is the Privacy act (1988) - it is an Australian law which regulates the handling of personal information about individuals. Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. This was the precursor to the second, a more recent act called the Privacy Amendment (Notifiable Data Breaches) Act 2017, which changes to Privacy act to include data breach. In all cases of privacy and Data Breach, the second act is now the primary. How this effects a business, government department or individual is the concern.

The Simplification

  • An Eligible Data Breach happens if: (a) there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and (b) the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates. 
  • An entity must give a notification if: (a) it has reasonable grounds to believe that an eligible data breach has happened; or (b) it is directed to do so by the Commissioner.

What does this mean for a small or medium business?

If the data is not protected by the business to the best of your ability, using processes, procedures, or policies, staff training, correctly configured technology and systems, compliance and governance, a breach may occur that can ruin an individual’s trust in the company, another company’s loss of trust in your company, financial impact in the case of theft or defrauding by the attacker or the loss of trade secrets or intellectual property.

In some extreme cases, loss of data can lead to financial impacts and legal proceedings, dependent on the severity of the breach.

Additionally, data breach notification is mandatory as per the Act. If you neglect to mention to the affected parties or the Office of the Australian Information Commissioner, there may be government-imposed penalties that can impact your business. More information on the commissioner, their role and reporting a breach can be found at  

CareMIT can assist your business to become data retention compliant. Our consultants and technical advisors can work with your IT manager or act as your IT manager if you don’t have one.

Contact us for more information, or to organise an audit of your infrastructure.

© Copyright 2018 - All Rights Reserved | Unit 3, 116-118 Wollongong Street Fyshwick ACT 2609 | (02) 6257 7792