Don’t Gamble With Your Reputation – What The OAIC Report On Notifiable Data Breaches Tells Us
Want to see something truly shocking?
Click here to check out a map that shows you global cyber-attack threats in real time happening NOW.
There was a time when a person’s personal information was limited to name, address and date of birth (anything that could identify a person). In today’s complex world, there is so much more data that is being captured on people that means we can be identified in a multitude of ways, even facial and voice recognition or behavioural data.
Because of our rapidly changing world, the odds of a data breach are increasing exponentially; it is not a matter of if you have a data breach but when you will have a data breach.
NOTIFIABLE DATA BREACHES
The Notifiable Data Breaches (“NDB”) scheme came into effect on 22 February 2018 for businesses with more than $3m in turnover and health service providers, among others. Under the scheme there is a requirement to notify the regulator (the OAIC) of certain data breaches (see our earlier articles here and here for more details).
Regulators like the Office of the Australian Information Commissioner (the “OAIC”) are required to publish statistical reports telling us about what they have encountered in their role as watchdogs and educators. The OAIC has just released its Quarterly Statistical Report to 30 June 2018 for the NDB scheme and the results show the only sure thing when it comes to a data breach is that there are no winners.
So, what does the Report tell us and what can we learn from it, how can we adjust our playing style, so the odds are in our favour?
THE NUMBERS GAME
Let’s see where the cards fall….
- During the quarter ending 30 June, there were 242 Notifications to the OAIC. That’s 242 notifications where there has been a data breach that affected differing numbers of people BUT 51 of those breaches affected just 1 single Customer;
- 172 of those breaches affected between 2 and 5,000 Customers;
- The Health Sector had the highest number of data breaches (49) followed by the Finance Sector with 36.
THE NUMBERS DON’T LIE
What are the percentages….?
- 59% of breaches are due to malicious or criminal attacks;
- 36% are due to human error;
- 5% are due to system faults.
WHAT DO I NEED TO DO TO MINIMISE MY RISK?
How can I play my perfect hand….?
- Protect your personal information, don’t have passwords that are easy to remember but easy to duplicate (“1234” and “abcd” are notorious for their ease of duplication);
- Don’t send emails or texts with personal information to the wrong recipient;
- Don’t open any dodgy looking emails unless they have been cleared by your malware detecting software;
- Train yourself and your staff regularly on protection strategies especially new staff who may have old bad habits;
- Consider taking out cyber insurance;
- Have a Data Breach Response Plan so that you can act quickly in the event of a data breach.
SOME FINAL THOUGHTS
Don’t gamble with personal information.
Privacy is ultra-important, we trust those organisations that respect our personal information. A resulting lack of trust when a breach occurs translates into reputational damage and damage to the bottom line (Facebook is a perfect example).
If the global threat map above doesn’t get the message across about the world we live in, then maybe you should retire from the game of business and go “off grid”. For those of you who wish to keep playing with a stacked (in your favour) deck, you can find out more on mitigation strategies from the Australian Cyber Security Centre (ACSC).
Contact us now on (02) 8488 3389 to make sure the numbers fall in your favour.