Thanks to the global online marketplace, businesses can find customers, manage workforces and accept payments more easily than ever before.
Australians are embracing the internet as a place to do business in record numbers and that’s great news, as long as everything works smoothly. Email, e-commerce and cloud storage platforms have become the foundation of day-to-day business activity, but they also create opportunities for infiltration and fraud. The problem that businesses face, trading online, is the risk of data breaches; valuable information falling into the wrong hands.
Criminals Want Your Data
When people transact with you, they share a lot of information through web portals, over the phone or at the point of sale; identification data; credit card details; and even personal documentation. All this data is a tempting prize for cybercriminals, and they are constantly at work trying to get hold of it so they can rip off your company and your customers.
In 2017 alone, MailGuard has detected thousands of criminal attacks designed to capture the valuable data held by Australian companies.
Because cybercrime is such a massive problem, the Australian Government is taking action to create greater accountability around online business networks. This year Parliament introduced new provisions to the Australian Privacy Act which will inaugurate the Notifiable Data Breaches scheme (NDB).
What is the NDB?
As of February 22, 2018, Australian companies that trade in personal information or collect customer data will be required to notify individuals if their personal information is compromised. If credit card records or other sensitive data is accidentally exposed or stolen by cybercriminals, companies will be obligated under the Privacy Act to make it known to their customers. If a company fails to fulfil their new obligations as specified in the NDB scheme, there is provision for legal and financial penalties under the new legislation.
NDB and GDPR
The new NDB rules will add extra weight to the EU’s GDPR regulations coming into effect next year. The GDPR rules provide harsh financial penalties for companies that allow personal information they are holding on behalf of their customers, to be hacked or stolen. The GDPR regime has authority over any company doing business with EU citizens, so its effects will be profound and far-reaching.
After February 2018, Australian companies forced to reveal data breaches under the Australian NDB scheme may find themselves being hit with a triple impact. On top of the devastating financial and reputational damage that usually follows a data breach, companies will face sanctions under the NDB, and a heavy fine from the EU as well.
Data Breaches More Costly Than Ever
The new EU data protection regulations create a punitive regime over cybersecurity not only in Europe but across the globe.
MailGuard CEO, Craig McDonald published an article this week talking about the new GDPR regulations and the shockwave they will send through the business community. Craig McDonald highlighted the case of the infamous 2015 Hilton data breach, in which hundreds of thousands of customer credit card records were exposed. The Hilton company was fined US$700k for the breach but under the incoming GDPR their penalty would be much greater:
“Imagine the different situation Hilton would be in had their data breach case happened after the introduction of the GDPR,” McDonald writes. “On top of their relatively insignificant US$700k fine from the NY Attorney General, Hilton would also potentially be facing a whopping US$420 million penalty from the EU… Under the new EU rules coming into effect next year, Hilton’s penalty would go from about US$2 for each exposed file to around US$1,200 each. That’s a big difference in anybody’s books... Whether you’re an international corporation or just a small business with EU customers, as of May next year that’s going to put you under the auspices of the GDPR, and its hefty fine schedule.”
With an enforcement regime like the EU’s GDPR on the horizon, Australian business needs to take data security very seriously. The introduction of our own stringent accountability laws - in the form of the NDB scheme - means that security breaches will be more costly for companies than ever.
The reputational harm that data breaches can cause should be motivation enough to implement the best security measures available, but if anyone needed extra motivation, the double whammy of the NDB and GDPR are it.
Take Action Now on NDB Compliance
The OAIC (Office of the Australian Information Commissioner) is the government body responsible for implementing the NDB scheme is Australia.
The OAIC is hosting a webinar - Preparing for the Notifiable Data Breaches scheme - on the 21 November. The webinar will be hosted by OAIC directors Annan Boag and Sophie Higgins, who are leading the development of NDB scheme resources. The webinar will explain the operation of the scheme and will include a Q&A session.
More information on the NDB webinar can be found on the OAIC website: www.oaic.gov.au
Data security is one of the most immediate and complex risk management challenges facing business leaders this century.
If you would like to talk about data-security solutions that will get you ahead of the curve on NDB scheme compliance, call MailGuard and speak with one of our consultants: 1300 30 44 30
One Click Can be Devastating
All criminals need to break into your business is a cleverly worded email; if they can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's cloud-based email and web filtering security.
Talk to an expert at MailGuard today - call 1300 30 44 30 or email firstname.lastname@example.org
Stay up-to-date on breaking scam news. Subscribe to MailGuard's free weekly updates by clicking on the button below: