Not sure
where to start?
Give us a call or complete the form and we'll be in touch soon
October was Optus’ month.
The telco’s data breach was the dominant (and infamous) topic in the media – and for good reason. Right now, the sensitive data of almost 10 million Australians strays adrift in cyberspace – and on the hard drives of malicious cyber criminals.
The company languishes, customers attempt to consolidate their data, and investigations continue; as much as $5.5 million is being allocated to “investigate and respond to the Optus data breach” in this year’s federal budget.
Medibank – the private health insurance provider which covers 3.7 million people – joined the club just two weeks ago.
Names. Addresses. Phone numbers. Medicare card numbers. Hospital records. Diagnosis and procedure codes. All these credentials, stolen by cyber criminals.
Unlike the Optus situation, details of the events leading up to Medibank’s breach have come to light with greater transparency.
Disturbingly, an entity gained the login details of a member with high-level access to the organisation. They then masqueraded as the member, extracting the data meticulously.
When it comes to Cybersecurity, humans are the weakest link.
Businesses need to accept the inevitability of cyberattacks and reconsider the amount and types of data they collect and whether, for how long and where they store it.
Gone are the days where a username and password cut it; most websites we come across today recommend enabling two-factor authentication, at minimum. This considered, we should question if it is necessary for businesses to store their client’s most sensitive and intimate information within their databases. To echo the words of the attorney Attorney-General, Mark Dreyfus:
“Companies throughout Australia should stop regarding all of this personal data as an asset for them, they should actually think of it as a liability,” he said.
The concept of digital archives and record keeping was an attractive one until now. Perhaps, a return to filing cabinets and ‘classified’ safes should be on the cards for major corporations. Once a customer has been ID verified, what is the need to keep copies of their passport, medical records or address online? Where there is a genuine need to retain this personal information, shouldn't the storage of a physical photocopy be better and safer?
Layers of encryption, complex passwords and secure portals are insignificant when we refer back to lesson one – humans are the weakest link, as we know from the Medibank case – and it takes just one moment of complacency, a daydream, or a (well-put-together) phishing email for a staff member to give hackers access to both your staff and your clients' most sensitive data.
With the volatility of corporate cyberspace in mind, it is imperative that you protect your staff and organisation against potential harms.
GRC Solutions offer a suite of courses catering to the needs of organisations both across Australia and internationally. We are the experts in online compliance training, and offer:
Click here to view our suite of Privacy and Data Protection courses, including Cybersecurity - non-jurisdictional.
Our platform is designed to enable our users to efficiently create e-learning courses that are equipped with the latest technology that can provide full user insights based on the activity of the course learner.
Ensuring the integrity of sensitive health information
Compliance with the UN Act and its Regulations is crucial for individuals and entities in Singapore. Failure to comply may result in severe penalties, including fines and imprisonment.
The guidance is intended to provide a framework for financial institutions to establish and maintain effective anti-bribery and corruption (ABC) compliance programmes
Give us a call or complete the form and we'll be in touch soon