{"id":43280,"date":"2023-03-24T14:44:18","date_gmt":"2023-03-24T04:44:18","guid":{"rendered":"https:\/\/www.geeks2u.com.au\/?p=43280"},"modified":"2023-10-25T10:46:29","modified_gmt":"2023-10-25T00:46:29","slug":"data-breaches-what-to-do-if-your-business-suffers-a-data-leak","status":"publish","type":"post","link":"https:\/\/www.geeks2u.com.au\/geekspeak\/data-breaches-what-to-do-if-your-business-suffers-a-data-leak\/","title":{"rendered":"Data Breaches: What to do if your business suffers a data leak\u00a0"},"content":{"rendered":"\n

Data breaches have been in the news a lot lately, with large-profile breaches hitting Optus <\/a>and Medibank <\/a>of particular concern to many Australian consumers. <\/p>\n\n\n\n

But are they just a concern for really big enterprises on the scale of an Optus or a Medibank? 
The simple answer is no.<\/strong>

The value of the data in those breaches was large because of their scale, but they could have occurred to any business that has to collect data. If you have customer addresses (email or real world) or banking details on file, you\u2019re collecting data \u2013 and that means nearly every business will have a risk of some sort. <\/p>\n\n\n\n

The reality is that personal data has value, and if you need to collect that data for any reason, you need to be aware of the potential for a data breach from your business, and what you should do if the worst happens. <\/p>\n\n\n\n

\n
\n
\n \"What\n <\/div>\n
\n

What is a data breach?\u00a0<\/h2>\n
\n

In the online context, a data breach occurs when any data that\u2019s meant to be inherently private, and especially data that can be used to identify individuals is accessed by anyone who doesn\u2019t have the right to access or distribute that information.\u00a0 That could include your business financial records, customer databases, or any other information that could be used for identity theft, blackmail or other illegal purposes.\u00a0<\/p>\n <\/div>\n
\n <\/div>\n <\/div>\n<\/div>\n\n\n\n

How do data breaches happen?<\/strong> <\/h2>\n\n\n\n

Typically they\u2019re the result of a weak link in your business security. That could be the use of unpatched or insecure software that connects online in some way, or social engineering tricking you or your employees into giving access to cyber criminals. <\/p>\n\n\n\n

These attacks can come in a variety of forms, from fake emails informing employees that their email or financial access is about to be withdrawn unless they log in, leading to fake websites that grab their login information, or software that probes at the security layers around your business to try to exploit known or emerging software weaknesses. <\/p>\n\n\n\n

What are my obligations if a data breach happens?<\/strong> <\/h2>\n\n\n\n

There\u2019s a line here between your legal obligations, and what you really ought to do.  <\/p>\n\n\n\n

I should preface this by saying that I\u2019m not a lawyer and this does not constitute legal advice; the issues here are complex and if you\u2019re concerned it\u2019s well worth seeking out the advice of a legal professional for your particular circumstances. <\/p>\n\n\n\n

In broad terms, however, under the current Australian Privacy Act<\/a>, which dates from 1988, if your business turnover is under $3 million per year, in many cases you\u2019re classed as a small business, and your obligations are a little different to larger businesses.<\/p>\n\n\n\n

If your turnover does exceed $3 million however and a breach occurs, you need to work within the notifiable data breaches scheme<\/a> to inform both individuals involved and the OAIC (Office of the Australian Information Commissioner) about the breach.<\/p>\n\n\n\n

Those obligations also currently apply to specific business sectors; if your business is in private sector health care, specific financial services (especially providing credit), if you work as a contractor for the Australian government or if you have some form of residential tenancy database, you\u2019re also covered by the current version of the privacy act. <\/p>\n\n\n\n

If you\u2019re unsure, the OAIC has a small business checklist here <\/a>that can run you through whether your business may be currently obliged under the Privacy Act.<\/p>\n\n\n\n

However, it\u2019s worth noting that at the time of writing this article there are large scale proposed reforms<\/a> to the privacy act being mooted that could see all businesses, no matter their scale become covered by the privacy act. The logical endpoint of those changes is that it\u2019s highly likely even small businesses will become obliged to report data breaches.<\/p>\n\n\n\n

\n
\n
\n \"\"\n <\/div>\n
\n

<\/h2>\n
\n

As it stands, the OAIC can still investigate customer complaints about privacy breaches from small businesses; it\u2019s just that the adherence to all parts of the privacy act may not apply to a smaller business. <\/p>\n

Frankly, while a data breach isn\u2019t something that you actively invite, it\u2019s a good preventative measure to have a data breach plan in place, as well as to generally notify affected individuals so they can prepare and protect themselves in the most suitable manner. <\/p>\n <\/div>\n
\n <\/div>\n <\/div>\n<\/div>\n\n\n\n

What should I do if my business is hit by a data breach?<\/strong> <\/h2>\n\n\n\n

The key thing to do is not delay, because acting promptly can save significant difficulty down the track. <\/p>\n\n\n\n

    \n
  1. If a data breach has occurred, the first thing you should do is try to get a scope for what data has been stolen. This allows you to plan for your next steps, and get as complete a picture as possible as to the implications of the breach. It\u2019s a different matter, for example, if somebody\u2019s email address leaks than if a scan of their driver\u2019s licence does, for example, even though neither are desirable. Document everything that you do and everything you discover. <\/li>\n\n\n\n
  2. Next up, as quickly as possible, plug the data leak, whether that\u2019s a matter of upgrading systems, changing system passwords, educating staff about phishing or replacing hardware that has unfixable or un-patchable security holes.\u00a0\u00a0While the original cybercriminals may have grabbed some data, there\u2019s no telling whether others may come sniffing, so locking the digital front door of your business down tight may prevent future headaches.\u00a0Not sure how to plug the leak? Don’t hesitate and call Geeks2U<\/a> who can send an expert technician to help fix any security issues hackers are abusing.<\/em><\/li>\n\n\n\n
  3. Then comes the issue of notifying the OAIC and individuals as required, as well as a more forensic investigation of what\u2019s happened and why. This becomes more complex if your business operates outside Australian jurisdictions, as other privacy obligations may come into play. <\/li>\n<\/ol>\n\n\n\n

    Liability around breaches varies \u2013 and is somewhat outside the scope of this article \u2013 but the costs can be considerable. Being able to show that while a breach has occurred that you followed best practice to either lock down data or rapidly inform affected individuals may lead to more positive outcomes than if you do little or nothing around a data breach. <\/p>\n\n\n\n

    If you\u2019ve not been subject to a data breach, you have time right now to consider these steps and whether there are weak links in your network security, business practices or data-keeping ways and come up with a data breach plan to cover how you\u2019d react if the worst happens.\u00a0 <\/p>\n\n\n\n

    \n
    \n

    Geeks2U can help protect your business from cybercrime<\/h2>\n

    Our Digital Security Check service will help to protect your valuable data and minimize security risks now. We find your digital security flaws before the hackers do. Don’t risk your business’ reputation and book today.<\/p>\n

    \n \n \n \n \n <\/use>\n <\/svg>\n Call us <\/span>\n <\/a>\n \n \n \n \n \n \n \n \n \n \n \n <\/use>\n <\/svg>\n Book online <\/span>\n <\/a>\n \n \n <\/div>\n <\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

    Data breaches have been in the news a lot lately, with large-profile breaches hitting Optus and Medibank of particular concern to many Australian consumers.  But…<\/p>\n","protected":false},"author":5,"featured_media":43293,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-43280","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.geeks2u.com.au\/wp-json\/wp\/v2\/posts\/43280","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.geeks2u.com.au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.geeks2u.com.au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.geeks2u.com.au\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.geeks2u.com.au\/wp-json\/wp\/v2\/comments?post=43280"}],"version-history":[{"count":28,"href":"https:\/\/www.geeks2u.com.au\/wp-json\/wp\/v2\/posts\/43280\/revisions"}],"predecessor-version":[{"id":44987,"href":"https:\/\/www.geeks2u.com.au\/wp-json\/wp\/v2\/posts\/43280\/revisions\/44987"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.geeks2u.com.au\/wp-json\/wp\/v2\/media\/43293"}],"wp:attachment":[{"href":"https:\/\/www.geeks2u.com.au\/wp-json\/wp\/v2\/media?parent=43280"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.geeks2u.com.au\/wp-json\/wp\/v2\/categories?post=43280"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.geeks2u.com.au\/wp-json\/wp\/v2\/tags?post=43280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}