Following a massive cyber incident and data breach affecting customers across Australia, how companies can improve their cyber security and safely handle their customers’ personal information to reduce risk for both themselves and their customers Understanding what you can do is more important than ever.
Data collection and storage
A good starting point is to review your business data collection and storage processes to ensure that you are following best practices. This includes collecting only relevant personal information from our customers. Store personal information for the minimum amount of time necessary. Ensure procedures are in place for safe and timely disposal.
This first action is a major step in minimizing the risk of harm to both your business and your customers from a cybersecurity breach.
7 steps to further minimize risk
- Consider engaging experts to identify cyber vulnerabilities and ways to mitigate risk.
- Evaluate the security of third-party systems that your business uses. Remember that their security practices impact your business.
- Evaluate the security of your data storage system and upgrade if necessary. All customer, client, tenant and employee data must be stored with maximum security.
- Require strong and complex passwords for all user accounts.
- Ensure privacy obligations and cyber security are part of annual training for relevant employees.
- Familiarize yourself with Australian privacy laws, ensure that business practices are followed, and understand your reporting obligations if your personal information is compromised.
- Finally, we tell our customers, clients, tenants, and employees that we are doing this important work because the security of their personal information is an urgent priority.
What should I do in the event of a cyber incident?
If your business suffers from a cyber incident or identity theft, Identity Support NSW makes it easy for you to access support.
Preparing for a cyber incident is important, but prevention is better than cure. PI (Personal Information) should be treated like digital asbestos. It must be handled with care, surrounded according to proper processes and procedures, and disposed of responsibly.
Watch a video inspired by a real customer in NSW who is a victim of identity theft and see how Identity Support NSW can help you (embedded video).
https://www.nsw.gov.au/protecting-your-business-and-customers-from-cyber-theft Protect your business and customers from cyber theft