Is your SME business compliant with compulsory Australian Cybersecurity Laws?
Have you heard about the Australian Federal Notifiable Data Breaches scheme? The NDB applies to all domestic businesses which hold sensitive consumer data.
As part of Centrix’s dedication to assisting small to medium sized businesses to grow successfully by effectively using digital and IT services, we have created a series of articles to help you familiarise yourself with technology topics you need to know.
In this blog, we outline the latest change in the Australian Government’s protection of personal information and how it impacts your business’ need for digital security.
What you need to know about the Notifiable Data Breaches Scheme
In February 2018, the Australian Federal NDB (Notifiable Data Breaches) scheme came into effect nationwide and applies to domestic businesses which hold sensitive consumer data.
Given the common practise of capturing and collecting customer information, this new initiative covers the majority of businesses, most of which may not even be aware of its existence or their obligations.
The Australian Government launched the NDB to increase the protection offered to individuals from their personal details being accessed without permission or leaked.
What is the NDB Scheme?
To summarise, the Australian NDB scheme introduces a compulsory requirement for all businesses to publicly notify everyone whose personal information is directly involved in a data breach which is likely to cause them serious harm. They must also notify the Australian Information Commissioner.
These notifications must make people aware, and also recommend what every person should do in response, to minimise their resulting risk.
How do you ensure your business is compliant?
Most organisations hold personal data on their internal networks, and if your business was to experience a cyber-attack or an accidental release of personal information, you are required to notify your entire database of affected customers immediately.
This means that, while you’re in the middle of addressing the issue, you must publicly contact those involved and suggest steps to help them protect themselves.
Given that most of these people are likely to be your customers, the potential fall out and costs involved with this remedy will be a real nightmare.
To be compliant, we suggest the following steps:
- Prevention is always better than cure, so update your cyber-security digital systems.
- Review your current information security procedures to ensure they are strong enough.
- Tighten and update the restrictions on staff access to certain data.
- Prepare a response plan in advance so that if the worst should happen, your business is ready.
- Conduct regular training to bring your staff up-to-speed with these new requirements as well as the importance of data protection.
Becoming compliant is an absolute must when it comes to the NDB scheme.
This is just one of the many relevant technology issues facing small to medium-sized businesses today, so it’s important that your organisation is familiar with the whole landscape to avoid any issues and continue on the path towards positive growth.
To find out more information, download our 2018 IT blueprint for your business.