If media reports have you worried about cybersecurity, fasten your seatbelts: as we roll into 2018, things are only going to get harder as new Notifiable Data Breach (NDB) legislation and European Union general data protection regulation (GDPR) legislation mean there’s nowhere for breached companies to hide.
In the midst of digital transformation and the new risks it brings, 2018 is the year everyone will have to get real about protecting their data. To protect yourself, make sure you – and your company’s executives – are disciplined in your security practices and proactively addressing these five key security threats:
- Believe in ransomware
In one recent survey (1) of managed IT service providers, 86 percent said they had a small-business client compromised by ransomware in the last 2 years. Ransomware authors netted an estimated $US301m ($A395m) in fiscal 2016-17 alone – yet just 38 percent of small businesses were “highly concerned” about ransomware. Get on the front foot by educating users about the dangers of clicking on suspicious emails. Tighten controls over user account privileges. Make sure you’re backing up crucial databases, servers and desktops regularly so you can recover quickly if you get hit. And talk to your board now about whether your corporate mission statement allows you to prepare a ransom that effectively funds organised crime (2). - Inventory your data
Many companies go months before they realise they have been hacked – and it’s often because they aren’t keeping track of who accesses their sensitive data and how it’s used. If you don’t know what data you have and where it is, you can’t protect it. Conduct a comprehensive audit of your core applications and their data, then figure out how to protect it – and what you would do if it were compromised. Protect your most important data using encryption, so that even if it gets stolen it’s unusable on the other end; one recent analysis (3) found that just 8 percent of stolen data was encrypted. - Get compliant
Once Notifiable Data Breach (NDB) legislation takes effect, you’ll be legally required to detect and respond to data breaches quickly. Given the furore when organisations like Uber (4), Yahoo (5) and Catch of the Day 6) took months or years to notify their customers of a breach, you’ll need to be ready to respond proactively. Get the tools and procedures in place to know when a breach happens, how to stop it, which customers are affected, and how to deal with fallout that can include customer attrition (7). - Get your mobiles under control
Mobile and cloud computing have broken conventional security models, which relied on keeping data protected inside a ‘walled garden’. Today’s networks flow data between devices, cloud services and/or company networks seamlessly – so you need to adjust your security strategies accordingly. There’s no point protecting data within your four walls but losing track of it once it walks out the door. - Train your staff
Time and time again, data breaches are traced back to inadvertent error or blatant negligence by employees. Try different ways (8) of ramping up your security training to make sure your employees understand the real dangers of phishing emails, business email compromise fraud (whaling), and other attacks. Teach users to think like hackers now, so they can outwit the real attackers later. If you can convert them from being a security liability into a security asset, you might just make it through 2018 unscathed.
1. www.datto.com/resources/ch-ransomware-survey-17
2. www.abc.net.au/news/2017-05-13/dont-pay-ransom-cyber-expert-warns-amid-ransomware-outbreak/8523758
3. www2.gemalto.com/data-security-confidence-index/
4. www.abc.net.au/news/2017-11-22/uber-data-breach-was-not-disclosed-ceo-says/9179168
5. www.abc.net.au/news/2017-10-04/yahoo-says-that-a-2013-breach-affected-all-3-billion/9013502
6. www.smartcompany.com.au/technology/online/why-did-it-take-catch-of-the-day-three-years-to-reveal-data-breach/
7. www.csoonline.com/article/3019283/data-breach/does-a-data-breach-really-affect-your-firm-s-reputation.html
8. https://www.itnews.com.au/news/why-australia-post-ransomwared-its-own-staff-454987
