Who cares about the Notifiable Data Breaches amendment?

Tom Allan
Director, Basis Networks
Tom Allan
Director, Basis Networks

Who cares about the Notifiable Data Breaches amendment?

There are a lot of articles and posts out there discussing the
Notifiable Data Breaches (NDB) amendment to the Privacy Act 1988, which comes
into effect on 22nd February.

If you are not sure what this is, it can be summarised as:

If your company is subject to the
privacy act and you have an eligible data breach, then you must notify the Office of the Australian Information
Commissioner (OAIC), and any potentially affected individuals, or
face a fine of up to $1.8m.”

Full details of the amendment are available here.

But the legislation is only part of the story.

A growing level of attention from the media to data privacy and
particularly any major breach, an increasing reliance on collecting and
manipulating useful data to remain competitive in the digital age, and the
barrage of news telling us that rapidly evolving cyber-attacks are not just
likely, but inevitably going to hit your business, are changing the way we look
at cyber security. 

The Challenge                                                                          

Cyber threat prevention,
detection, and response, is critical to protecting organisations digital
assets, including personal data. This hasn’t changed. But the rapid adoption of
multi-cloud enterprise networks, distribution of applications across
environments, hyper-connectivity of workforces, and the proliferation of
Internet-connected things has broken the traditional approach to securing our
businesses. As a result, operations, compliance, and the identification of
breaches is much more challenging and complex than it used to be.

But it
doesn’t have to be. 

Enhanced Security. Simplified Operations.

We need to view security
from a strategic perspective and avoid the temptation to bolt another tool or
security product onto increasingly hard to manage and disparate systems in the
hope that it will help us to stay ahead of cyber threats.

Enhanced Security

Through the development and
implementation of a holistic and intelligent security architecture we can now
provide exceptional levels of cyber security relevant to the nature of an
organisations data criticality, while also enabling businesses to benefit from
digital transformation activities. 

A consistent architecture consider
the multitude of ways in which data traverses the enterprise, across on-premise
and cloud environments, from physical or virtual hosts, and it provides a comprehensive
means of enforcing granular levels of control regardless of where that data
sits or who is consuming it. Importantly, it will also provide a method to gain
visibility into your network, the operation of security controls, and threat
management.

Simplified Operations 

The challenge of
implementing an effective cyber security framework for a modern-day business
can seem complex and daunting. But when we simplify the security architecture
to provide consistent visibility and control across the enterprise we also reduce
the overhead of ongoing management by centralising and streamlining day to day
processes. This allows us to look at intelligent ways to automate security
operations activities, including change management, policy assessment,
vulnerability scanning, compliance reporting, risk analysis, log collection,
threat detection, event response, and more.

Back to the Notifiable Data Breaches Amendment 

To comply with the Notifiable
Data Breaches amendment, you will need to be able to detect, and report on any
notifiable data breach after it has happened.

But, do you know if you currently store personal information, and if so,
where it is stored, and how it is transmitted throughout your business?

If a breach occurred, would
you know? 

And, more importantly, how
do you stop them from happening in the first place? 

While the amendment is an important consideration, we recommend your
business undertakes a review and remediation of cyber security that aligns with
your business goals and is not just aimed at meeting your minimum obligations.
Security should be an enabler to your business, allowing you to deliver
valuable digital services to your customers, confidently, and quickly. And this
can only be done through the consistent application of a modern security
framework that is tailored to your needs.

Recommended Approach 

  1. Determine how you collect and store personal data that is impacted by
    the Notifiable Data Breaches amendment.
  2. Review the criticality of your data, and how it is used within your
    organisation, so that security can be applied appropriately to the relevant areas.
  3. Understand your current cyber security posture. Perform an assessment to
    discover how secure you are in relation to your data.
  4. Assess your organisational capability to maintain a high degree of cyber
    security prevention, detection, and response.
  5. Uplift your security architecture to match your business objectives and
    compliance obligations and reduce your operational overhead.
  6. Investigate what security activities can be automated, in particular
    look into your ability to automate the detection of any breach.
  7. If you have a managed security service, ensure it complies with the
    provisions of the amendment, and review roles and responsibilities regarding
    how to deal with a breach should it occur.

Basis Networks

Basis Networks are industry
leaders in the delivery of intelligent connectivity, cyber security, and
network intelligence solutions for Australia’s businesses.

Our highly effective
approach to helping our customers deliver on their digital business initiatives
has resulted in being recognised by CRN as the fourth fastest growing IT
company in Australia, and the 24th fastest growing company in Australia by the
Australian Financial Review, for the 2017 financial year.

For a no obligation, initial consultation, contact us at sales@basisnetworks.com.au