You’ve probably heard that mandatory data breach reporting laws came into effect in Australia earlier this year. But you may not be aware that these laws don’t just affect large companies. Small and medium businesses could also face fines of up to $2.1 million if they fail to comply.
Every Canberra business should be familiar with the notifiable data breach scheme and seek advice about their legal obligations in the event that data ends up in the wrong hands. But did you know there are also steps you can take to reduce the risk of a breach occurring?
Cordelta senior executive Ken Hendrie shared his advice for SMEs looking to keep their data protected at a recent Meyer Vandenberg Corporate and Commercial Forum. Here are the key takeaways from his presentation.
1. Identify your most important data
Do you know which of your business’ critical assets – from client lists to systems and intellectual property – are most in need of protection?
It’s worth identifying your most important data so you can take steps to keep it safe. In fact, we recommend spending the most time, effort and resources on securing these assets. After all, if they aren’t adequately protected, you may no longer have a viable business.
To identify your most critical assets, view your business from an outsider’s perspective. Which information would others be most interested in? How easily could a third party access this data, and what would the consequences be? This approach can help you allocate appropriate resources to protect particular assets.
2. Consider storing data in the cloud
When it comes to data breaches, no business is immune. Small businesses can’t just fly under the radar. Despite their size, they are still at risk and should take reasonable steps to protect their data.
The problem is that many don’t have the resources to ensure that their data is secure, especially if it’s stored on-premise. In many cases, cloud servers do a better job of monitoring, isolating, encrypting and backing up data than what most small businesses can reasonably achieve in-house. They are cheaper than maintaining on-premise servers, and you can relax knowing that the cloud server host is working round-the-clock to keep data protected.
3. Whitelist trusted domain names and email addresses
In today’s danger-riddled online environment, it’s next to impossible to maintain a comprehensive blacklist of sites, emails and programs that can’t be trusted. Most small businesses don’t have the time to keep such a list up-to-date, and there’s no guarantee that every threat will be caught.
Instead, consider developing a whitelist of trusted email addresses and domain names that will not be blocked. This can assist in preventing spam and ensure that you only allow access to your servers from trusted sources.
4. Get a dedicated backup server
Ransomware is a type of malware that locks away files and systems until you pay to get it back. Some businesses pay the ransom to regain access, which can make them an easy target for future attacks (and there’s no guarantee that the attacker will provide the unlock key after payment is made). A more effective defence strategy is to maintain dedicated back up servers, so you can access business-critical information and data even in the event of a ransomware attack.
5. Educate yourself and your team about data security best practices
Employees are often referred to as the ‘weakest link’ in a business’ security toolkit. So while it’s easy to focus on systems and computer security, employees also need proper training and education in how to keep data safe.
Effective training will ensure that your employees understand their role and what they have to do to protect your business. An understanding of just how valuable this data is to your business goes hand in hand with employee education. It will go a long way to keeping your business secure.
There is no one-size-fits-all approach to security (and you should run from anything claiming otherwise). Anti-virus software and firewalls won’t protect against everything, especially from new technologies designed to defeat existing protections.
As threats to security and data grow more complex, businesses must be on constant guard against the next danger. This is especially true now that mandatory data breach reporting laws have come into force, with new, serious consequences for businesses that don’t comply.
If you need help securing your systems, contact Ken at Cordelta at firstname.lastname@example.org.
This is a sponsored article, though all opinions are the author’s own. For more information on paid content, see our sponsored content policy.