The Australian Notifiable Data Breach (NDB) scheme, which took effect on February 22, 2018, dramatically increases the penalties for failing to properly protect users’ personal data. The maximum fines that can be leveraged against an organisation could be as much as $1.8 million dollars.
The NDB scheme introduced an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner (Commissioner) must also be notified of eligible data breaches.
The NDB scheme applies to agencies and organisations that the Privacy Act requires to take steps to secure certain categories of personal information. This includes Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others.
Adherence to the NDB regulations requires state-of-the-art technology for comprehensive data protection—and, in particular, advanced threat prevention and detection—to minimise the possibility of a data breach. According to the non-profit Centre for Internet Security (CIS), most successful attacks exploit poor cyber hygiene. In addition to the CIS recommendations, businesses affected by NDB need to make sure they have the right technologies in place to protect their environments and detect and mitigate data breaches quickly and effectively, which starts with getting the right security architecture in place.
How can you address key data protection requirements of NDB?
To effectively protect your systems your organisation requires security architecture that is tightly integrated and that includes state-of-the-art systems providing six key capabilities:
- Next Generation Firewalls. The first line of defense against intrusions targeting personally identifiable information (PII) is a Next Generation Firewall (NGFW)
- Endpoint Security. If firewalls are the first line of defense, endpoint security solutions need to be the second barrier
- Email Gateway Security. Email security is crucial; a recent report found that two-thirds of malware was installed this way
- Web Application Security. Hackers may use sophisticated techniques, such as SQL injection, cross-site scripting, buffer overflows, and cookie poisoning, to turn web applications into an access gateway. Protecting PII against these threats requires a multilayered approach to web application security
- Comprehensive Management and Reporting. In 2016, cyber attackers who successfully entered a corporate network had on average,107 days to wreak havoc before the intrusion was detected. Reducing the length of time an intruder can explore the network limits their opportunity to initiate a data breach
- Secure Access Layer. The number and types of devices connecting to corporate networks continue to grow exponentially. Further, users want fast Wi-Fi, but organisations must also secure wireless access to their networks in order to minimise the chance of an intrusion and subsequent data breach
If a company discovers or suspects an eligible data breach which meets the NDB scheme, it has 30 days to conduct an assessment, unless the personal data breach is unlikely to result in ‘serious harm’ to the individuals affected. This means that within the 30 day window a company must notify as soon as practical once you hold the belief an eligible data breach has occurred.
Now is not the time to panic. Now is the time for every company that touches personal data of Australian Citizens to re-evaluate its IT security infrastructure.
Are the technologies state of the art?
Does the network include sophisticated data-protection?
Has the data-breach response plan been documented and tested?
re all the IT security solutions communicating in a way that optimally protects data and provides network-wide visibility?
If you have answered Yes to these questions are well on your way to being prepared for the inevitable. If you answered no then Scope Logic can help you.
Scope Logic are Security Leaders who can assist your business manage the evolving world of system security, complete the following survey to go into a competition to win a System Health Check, Consultation and Vulnerability Assessment Program valued at over $3,500.00.