Mandatory data breach notification scheme

Cybercrime and its potential impact on business operations is well understood today with reports about data breaches, malware attacks and email scams of all kinds making the the news almost daily.

Businesses with websites, and that’s just about every business, hold data and information about customers. This sensitive information is at serious risk of being accessed by cyber criminals following a malicious cyber attack that results in data breach.

The cost to Australian business of data breach is staggering, numbering in the tens of millions of dollars, as detailed in a 2017 report produced by the security division of IBM.

What was once mainly a problem for big business now encompasses small and medium businesses of every description with service providers at the top of the list of industries targeted.

Recent legislation means that it is now mandatory for any affected business to report a data breach to the government and its customers.

If a business suspects they have been subject to a data breach, they will be required to carry out an assessment within 30 days. If there are then reasonable grounds to believe a data breach has occurred, the business will need to notify the Australian Privacy and Information Commissioner, as well as all the affected individuals.

The government believes the new scheme will strengthen the protections afforded to everyone’s personal information, and will improve transparency in the way that the public and private sectors respond to serious data breaches. It will also give individuals the opportunity to take steps to minimise the damage that can result from unauthorised use of their personal information.

How to protect your business from the costs of data breach.

1. Businesses should take reasonable steps to make sure personal information about customers is held securely – including being equipped with a clear response plan in the event of a data breach.

2. Be sure to have sufficient cybercrime insurance to cover the cost to your business of any breach. Insurance can cover the cost of:

  • IT advice and services to ‘clean’ your IT system.
  • Loss of income due to interruption to your business.
  • Legal liability costs if an affected customer takes legal action

3. Call us for more information. An affordable, cyber insurance policy will free you to concentrate on running your business. The insurance will watch your back.

Contact City Rural Insurance Brokers to discuss how we can help protect your business from the costs associated with data breach.

cyber crime insurance

What is Ransomware?

Ransomware is a type of malicious software that makes your computer or its files unusable and demands a fee for access. But paying a ransom is no guarantee you will regain access to your files, and it could make you vulnerable to further attacks.

Australia finally has mandatory data breach notification

Australia will have a mandatory data breach notification scheme in place within the year after several aborted attempts, following the passage of legislation through the senate today.

The Labor and Liberal parties today united to pass the government’s Privacy Amendment (Notifiable Data Breaches) Bill 2016 into law. Learn what the rules mean for your organisation.

The passage came despite a last-ditch attempt by the Greens to make changes to the bill that would shorten the period in which an organisation must notify of a breach down from 30 days to three.

The party also attempted in vain to capture political parties and businesses with less than $3m turnover under the legislation.

Read the full article here

Australian Government My Guide helps minimise your personal online security risk: Alert Priority Moderate

An increase in online scams and frauds reported to authorities in the leadup to Christmas has reinforced the importance of safe online security practices.

The Australian Cybercrime Online Reporting Network (ACORN) received 2,608 reports of online scams and fraud from 1 December to 21 December 2016.

There were 1,415 reports to ACORN from 1 December 2015-1 January 2016 and 1,199 reports from 1 December 2014-1 January 2015.

So how can you protect yourself against frauds and scams? At Stay Smart Online, we recommend you download My Guide from our website. My Guide is a personal security guide that features tips and techniques to help you stay secure when working, socialising or just browsing online.

  • Issues covered in My Guide include:
    Being careful about posting to social media any photos or information about yourself, your friends or your family. You may be breaching your privacy and the privacy of those close to you. Unscrupulous people may take advantage of this information to undertake a range of unwanted activities, such as identity theft.
  • Using strong passphrases (a series of words that may be longer, easier to guess and harder to remember than traditional passwords) to protect your online accounts from people who want to steal your information.
  • Treating any unexpected message with caution. The message may be designed to trick you into giving out sensitive information such as your bank account details, credit card numbers and passwords/passphrases
  • Keeping to trusted websites so you minimise the risk of inadvertently infecting your phone or computer with malicious software such as ransomware (malicious software that locks your device and requires you pay a ransom to its distributors to be unlocked), spyware or viruses.
  • Protecting your online banking and other sensitive information by applying security updates (and using up-to-date security software on your device)
  • Applying the same rigour to securing your mobile device as you do your personal computer. Doing so minimises the risk of people gaining unwanted access to your phone or tablet and any sensitive information those devices hold.

My Guide also includes a list of organisations that you can report scams, cybercrimes and identity theft.

More information

For more information on staying safe online in 2017, visit the Stay Smart Online website.

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.

Would your business stand up to a Ransom attack?

Would your business stand up to a Ransom attack?

What Are They and How Do I Deal With Them?

CryptoLocker and CryptoWall are examples of ransomware, a trojan than locks up your files and threatens to destroy the key unless you pay a ransom to enable the files to be unlocked again. You are given only a limited time to hand over the ransom fee, otherwise your data will be forever inaccessible.

They have been around for a couple of years and are reported to have infected over a million PCs worldwide, involving 5 billion files, and collecting over $100 million in the process.

CryptoWall is the current manifestation of this malware, as the CryptoLocker servers were seized by US and foreign law enforcement officials last year and shut down.

The ransom amounts demanded are typically between US$500 and $1000.

How Do I Get Infected?

CryptoWall uses a variety of methods including spam emails with malicious links or attachments, attacks from infected sites, and through malware programs already running on compromised computers. Recently, innocent-looking advertisements have appeared on popular websites like The Guardian and Facebook that lead to malware being downloaded to a user’s PC.

The lesson here is obvious:

  • Never click on a link in an email unless you trust the sender;
  • Don’t visit sites of dubious reputation;
  • Don’t click on advertisements; and
  • Ensure your PC has up-to-date anti-virus software that constantly monitors your PC’s activities.

Phishing is a pernicious way of getting you to click a malicious link. Phishing refers to email that looks as if it’s from a reputable company, e.g. your bank or Paypal, and asks you to click a link for some purpose. Reputable sites don’t do this. Always open a browser and enter the address you normally use for that institution. If there are any messages, you will see them there.

You are strongly advised not to use a work PC for non-work related activities.

I’m Infected!

Should you find yourself staring at a screen like this, your files are locked, even those in cloud services such as Dropbox, OneDrive, and Google Drive. In fact, any storage that is connected directly to your PC or over the Internet is susceptible to ransomware.

As soon as the message appears, turn off the PC, as the virus may still be in the process of encrypting your files. Restart your PC in Safe Mode by pressing F8 on rebooting.

Recovering From Infection

The files can only be unlocked by acquiring the decryption key, and that means paying the ransom. Paying the ransom is not recommended. You should contact your IT Vendor immediately.

To recover from the infection your IT Vendor may need to restore your system from a backup copy. This is why regular backups are essential. All the files affected – at least the ones you can’t afford to lose – should have been saved to an offline storage medium, and be as up-to-date as possible.

Before restoring from a backup, your vendor needs to ensure that CryptoWall has been completely removed from the system by running a full system scan using your anti-virus and anti-malware software.