Blog

25 May 2018 was the date the EU’s General Data Protection Regulation (GDPR) went into effect. As of April, a Crowd Research report found that 60% of companies expected to miss the deadline. And nearly half said they were not knowledgeable enough about GDPR specifics. What about your company?

These key messages were included in the Office of the Australian Information Commissioner’s Privacy business resource 21 as of March:

• The European Union General Data Protection Regulation (the GDPR) contains new data protection requirements that will apply from 25 May 2018.
• Australian businesses of any size may need to comply if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU.
• There are also some notable differences, including certain rights of individuals (such as the ‘right to be forgotten’) which do not have an equivalent right under the Privacy Act.
• Australian businesses should determine whether they need to comply with the GDPR and if so, take steps now to ensure their personal data handling practices comply with the GDPR before commencement
• The GDPR and the Australian Privacy Act 1988 share many common requirements, including to:
  • implement a privacy by design approach to compliance
  • be able to demonstrate compliance with privacy principles and obligations
  • adopt transparent information handling practices.

As an Australian business, how do you know if you are required to be compliant? If you do business (online or with physical presence), gather data, or monitor behaviour of those in the EU, your company’s data processes are required to be GDPR compliant.

It’s important to understand that the GDPR applies to data gathering practices of businesses of ANY size. And, it applies whether or not the business is charging for goods or services. In other words, a free survey you send to a list in the EU falls under GDPR compliance requirements.

At Blutone Technologies, we’ve been working with clients to determine whether or not they are required to be GDPR-compliant – and, if they are, to make sure their systems are meeting all regulations. If you are wondering what to do about GDPR, give us a call and get the expert guidance you need.

While overall malware attacks are on the decline, ransomware is increasing and has become the largest malware threat.

What is ransomware? It’s a type of malicious software (malware) intended to block access to your computers and data until a ransom is paid to release it. It first appeared in 2013, and now makes up almost 40% of all malware attacks. Criminals are honing their activity to target the most critical business systems – and the ransom demands are increasing to reflect the importance of the targeted data.

The 2018 Verizon Data Breach Investigation Report looked at more than 53,000 security incidents from 67 global contributors. They found that 73% of all breaches were perpetrated by outsiders – but almost 30% involved internal conspirators. Almost 60% of victims are considered small businesses, but the fastest growing target is the healthcare industry. And, importantly, almost 70% of breaches took more than 6 months to be discovered.

How can you protect your systems and data? Here are some important steps you can take:

• Make sure your anti-malware software is up-to-date.
• Invest in a business grade router that offers Intrusion protection.
• Store back-ups at least daily, and in more than one location – off-site and on-site.
• Do background checks on prospective hires.
• Don’t run old versions of software, such as Windows XP.
• Don’t open email attachments you are not expecting – even if they appear to be from someone you know.
• If you don’t know who sent the email – don’t click on any links.
• Stay away from pirated movies, music and software, they are perfect places to hide malware.

Especially now with NDB and GDPR, the cost of a data breach is very high. Typically ransomware criminals do not perpetrate a data breach, because simply stopping you from reaching your own data wrecks enough havoc and earns enough “ransom.” It’s not worthwhile (and often they don’t have the capability) to try to use the data they are holding hostage.

If you want to be sure your business is safeguarded from ransomware and other types of malware, Blutone Technologies can work with you to ensure your systems are secure. Blutone Technologies makes it easy for you to safeguard your customer data – and your business. Contact us today to get started!

Here’s a recent article about “10 Alarming Cybersecurity Facts” I thought you might find useful – take a look and let me know your thoughts. (links to https://www.pcworld.idg.com.au/article/636083/10-alarming-cybersecurity-facts/ )

With ever-increasing security requirements, including Australia’s recent NDB (Notification of Data Breach) and the EU’s GDPR (General Data Protection Regulation), ensuring compliance is a business-critical function of your IT department. But compliance alone is not enough – you must be able to PROVE your company’s compliance, and that means consistent, clear reporting and competent data analysis.

Before we look more closely at what compliance really means, let’s review WHO is required to be compliant. First, if your company already has an obligation under APP 11 of the 1988 Privacy Act, it automatically is subject to NDB. These are typically government agencies and private sector and not-for-profit companies with an annual turnover of at least $3 million. “However, some businesses of any size are APP entities, including businesses that trade in personal information and organisations that provide a health service to, and hold health information about, individuals,” notes the Office of the Australian Information Commissioner.

If your company falls into one of these categories, are you certain your company is compliant – and can prove compliance? A recent IBM study showed that data breaches at Australian companies, for example, are not discovered for at least 6 months on average. That means your IT department must be able to look back historically to pinpoint the breach AND determine exactly which data that may have been released.

The same IBM study showed that 2017 detection and escalation costs continue to increase, reaching $1.19 million in 2017 compared to $1.10 million in 2016. Such costs include:

• Forensic and investigative activities
• Assessment and audit services
• Crisis team management
• Communications to executive management and boards of directors

Your first priority is data security itself – prevention is obviously the very best defense against a costly breach. Ensuring data security requires consistent internal assessment and audit … and the ability to demonstrate compliance and pass an external regulatory audit. And, it is this consistent assessment and auditing that will bring a data breach to light much more quickly.

Bottom line, your reporting must be accurate and your staff skilled in analysing the system processes data. Are you confident that you have what you need to ensure compliance? At Blutone Technologies, we specialize in creating secure environments and meeting the regulatory standards to which Australian companies must adhere, including not only NDB but GDPR and other regulations worldwide. Give us a call today.

Not sure if your business data is secure? Request your FREE Cyber Security Audit from Blutone Technologies today at https://www.blutonetech.com.au/freeaudit/. Let us know what you discover – if you have concerns, we’d be happy to help.