This is a common response when talking with people about cyber security and potential exposures. If only high profile groups that have fallen to hacking and intrusion of networks had thought of such defences. This is no different to an athlete on drugs thinking they will never get caught because there is no these to find it YET.
In today’s society, we have so much more reliance on technology than ever, and heavier requirement of access of all information anywhere we want. For example, I am writing this article at the Barracks in Brisbane at a coffee shop.
In its Report 108, For Your Information: Australian Privacy Law and Practice, the Australian Law Reform Commission (ALRC) noted that, with advances in technology, entities were increasingly holding larger amounts of personal information in electronic form, raising the risk that a security breach around this information could result in others using the information for identity theft and identity fraud. A notification requirement on entities that suffer data breaches will allow individuals whose personal information has been compromised by a breach to take remedial steps to lessen the adverse impact that might arise from the breach.
With this new legislation I see the exposures to business is not at the thought of being hacked, that is a no brainer, but loss of technology.
Take your smartphone for example, If this is lost, and it can be deemed that it is reasonable to beleive that data could be at risk, then mandatory notification to those potentially affected is required (if your business is one of the many that this applies to).
It is no longer just the contacts in your phone at risk. We can now access emails, files, networks, and often everything that you can access on your work computer. This means by losing your phone, you could be required to contact every client, prospect and ex-client that you have on the books and advise what information could be at risk and what they need to do to safe guard themselves.
As I am sure you can imagine, the ramifications on your businesses reputation could be astronomical!
Just by someone losing their phone.
The legislation is clear in terminology around this, if it is reasonable to beleive that the data could be at risk, then action needs to be taken.
There are many cyber polices in the market, and huge variances between them. It is now incredibly important to make sure you have a policy that will protect you if something happens and is there to help your business get its reputation back on track.