Blog

While overall malware attacks are on the decline, ransomware is increasing and has become the largest malware threat.

What is ransomware? It’s a type of malicious software (malware) intended to block access to your computers and data until a ransom is paid to release it. It first appeared in 2013, and now makes up almost 40% of all malware attacks. Criminals are honing their activity to target the most critical business systems – and the ransom demands are increasing to reflect the importance of the targeted data.

The 2018 Verizon Data Breach Investigation Report looked at more than 53,000 security incidents from 67 global contributors. They found that 73% of all breaches were perpetrated by outsiders – but almost 30% involved internal conspirators. Almost 60% of victims are considered small businesses, but the fastest growing target is the healthcare industry. And, importantly, almost 70% of breaches took more than 6 months to be discovered.

How can you protect your systems and data? Here are some important steps you can take:

• Make sure your anti-malware software is up-to-date.
• Invest in a business grade router that offers Intrusion protection.
• Store back-ups at least daily, and in more than one location – off-site and on-site.
• Do background checks on prospective hires.
• Don’t run old versions of software, such as Windows XP.
• Don’t open email attachments you are not expecting – even if they appear to be from someone you know.
• If you don’t know who sent the email – don’t click on any links.
• Stay away from pirated movies, music and software, they are perfect places to hide malware.

Especially now with NDB and GDPR, the cost of a data breach is very high. Typically ransomware criminals do not perpetrate a data breach, because simply stopping you from reaching your own data wrecks enough havoc and earns enough “ransom.” It’s not worthwhile (and often they don’t have the capability) to try to use the data they are holding hostage.

If you want to be sure your business is safeguarded from ransomware and other types of malware, Blutone Technologies can work with you to ensure your systems are secure. Blutone Technologies makes it easy for you to safeguard your customer data – and your business. Contact us today to get started!

Here’s a recent article about “10 Alarming Cybersecurity Facts” I thought you might find useful – take a look and let me know your thoughts. (links to https://www.pcworld.idg.com.au/article/636083/10-alarming-cybersecurity-facts/ )

With ever-increasing security requirements, including Australia’s recent NDB (Notification of Data Breach) and the EU’s GDPR (General Data Protection Regulation), ensuring compliance is a business-critical function of your IT department. But compliance alone is not enough – you must be able to PROVE your company’s compliance, and that means consistent, clear reporting and competent data analysis.

Before we look more closely at what compliance really means, let’s review WHO is required to be compliant. First, if your company already has an obligation under APP 11 of the 1988 Privacy Act, it automatically is subject to NDB. These are typically government agencies and private sector and not-for-profit companies with an annual turnover of at least $3 million. “However, some businesses of any size are APP entities, including businesses that trade in personal information and organisations that provide a health service to, and hold health information about, individuals,” notes the Office of the Australian Information Commissioner.

If your company falls into one of these categories, are you certain your company is compliant – and can prove compliance? A recent IBM study showed that data breaches at Australian companies, for example, are not discovered for at least 6 months on average. That means your IT department must be able to look back historically to pinpoint the breach AND determine exactly which data that may have been released.

The same IBM study showed that 2017 detection and escalation costs continue to increase, reaching $1.19 million in 2017 compared to $1.10 million in 2016. Such costs include:

• Forensic and investigative activities
• Assessment and audit services
• Crisis team management
• Communications to executive management and boards of directors

Your first priority is data security itself – prevention is obviously the very best defense against a costly breach. Ensuring data security requires consistent internal assessment and audit … and the ability to demonstrate compliance and pass an external regulatory audit. And, it is this consistent assessment and auditing that will bring a data breach to light much more quickly.

Bottom line, your reporting must be accurate and your staff skilled in analysing the system processes data. Are you confident that you have what you need to ensure compliance? At Blutone Technologies, we specialize in creating secure environments and meeting the regulatory standards to which Australian companies must adhere, including not only NDB but GDPR and other regulations worldwide. Give us a call today.

Not sure if your business data is secure? Request your FREE Cyber Security Audit from Blutone Technologies today at https://www.blutonetech.com.au/freeaudit/. Let us know what you discover – if you have concerns, we’d be happy to help.

NDB (Notifiable Data Breach) legislation went into effect on 22 February. Yet at the end of 2017, according to CSO.com.au, just 13% of companies had an NDB strategy in place – 60% had not even read the amendment!

So, what is NDB? Way back in 1988, Australia created the Privacy Act to ensure safe handling of personal, individual data. It includes 13 Australian Privacy Principles (APPs) covering the management, solicitation, and notification of usage for basic personal information. It further outlines the handling of sensitive personal data in the areas of taxes, credit reporting, medical information, and more.

In 2017, a Privacy Amendment was passed that outlines the identification and handling of an NDB – notifiable data breach. Businesses are required to quickly assess data breaches and determine the level of harm the breach might cause. The amendment specifies action that must be taken if a data breach is considered eligible.

An eligible breach requires notification not only of the Australian government but public notification of individuals whose data is at risk. That makes a data breach not just a regulatory and remediation issue, but a public relations and image management issue as well.

The best way to avoid dealing with these headaches is to avoid an eligible breach – and the best way to do that is to adopt encryption and security policies that protect your customers’ data. Blutone Technologies has been working with clients for months to secure their systems to safeguard the information they store. Get in touch today and find out how you can protect your business.

Several people have asked how to find more information about the NDB Privacy Amendment which went into effect on 22 February, so I wanted to share this link to the Office of the Australian Information Commissioner: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme Let me know if you’d like help interpreting and implementing the security your system needs to be NDB compliant.