Welcome to MDBN

Almost every business has some form of online interaction with clients, buyers or subscribers. This interaction creates and uses data, which if accessed by malicious elements, can create enormous problems for the business.

This is called data breach and let us understand it better. Data used and stored by companies can include personal information such as credit card numbers, healthcare histories, as well as corporate information, such as customer lists, manufacturing processes and software source code.

  • If anyone who is not specifically authorized, gains access to this data, the concerned company is said to have suffered a data breach.
  • If a data breach results in identity theft and/or a violation of government or industry compliance mandates, the offending organization may face fines or other civil litigation.

Data Breach:

causes, examples and consequences

A data breach may be caused by malicious action (by an external or insider party), human error,
or a failure in information handling or security systems.

Loss or Theft

loss or theft of physical devices (such as laptops and storage devices) or paper records that contain personal information.

Unauthorized access

Unauthorized access to personal information by an employee.

Inadvertent

inadvertent disclosure of personal information due to ‘human error’, for example an email sent to the wrong person.

Disclosure

Disclosure of an individual’s personal information to a scammer, as a result of inadequate identity verification procedures.

Consequences of a Data Breach

Data breaches can cause significant harm in multiple ways. A single breach in 2017 alone impacted nearly 50,000 Australians working at government agencies.

Individuals whose personal information is involved in a data breach may be at risk of serious harm, whether that is harm to their physical or mental well-being, financial loss, or damage to their reputation.

Examples of Harm Include:

  • Financial fraud including unauthorised credit card transactions or credit fraud.
  • Identity theft causing financial loss or emotional and psychological harm.
  • Family Violence / Physical harm or intimidation.
  • A data breach can also negatively impact an entity’s reputation for privacy protection, and as a result undercut an entity’s commercial interests.

What is Mandatory
Data Breach
Notification and How
it Applies to
Businesses

Mandatory Data Breach Notification (MDBN) became a law in Australia on 22 February 2018. This is a high-impact development requiring businesses to notify individuals and the Commissioner about data breaches that are likely to cause serious harm.

Does MDBN apply to you?

Subject to some exceptions, the mandatory notification provisions will apply to private sector entities subject to the Privacy Act 1988 (Cth).

The OAIC states that this applies to:

  • Australian government agencies
  • Businesses with an annual turnover of $3 million (AUD) or more
  • Credit reporting bodies
  • Health service providers
  • Tax file number (TFN) recipients

In other words, it applies to a large number of companies, and there’s a good chance that it applies to you. If you’re still unsure, you can call us for more information.

Potential
Penalties

Failure to comply with the MDBN comes with some stiff penalties. Organisations can face fines up to $1.8 million (AUD), and individuals can face fines up to
$260,000 (AUD)

What can you do as a business for protection from data breach?

This is where we come in. At CS Professionals, we specialise in helping businesses upgrade their IT security set up to thwart and security threat posed by a hacker or a virus.
Our services include a complete appraisal of your current IT security. Answers to these key questions will help us customise the most suitable suite of security measures for your business.

  • Who has access to your data?
  • What security procedures are currently implemented to protect it?
  • How do you secure the perimeter: web application firewalls, intrusion detection, and prevention systems, etc.?
  • Do you test your internal and external systems using known attacker tools and methodologies?
  • How comprehensive is our cyber incident response plan? How often is it tested?
  • What role do your employees play in our security efforts?

Based on the results of our appraisal, we can suggest and implement a range of solutions including:

  • Identify risks and vulnerabilities
  • Craft and implement an encryption policy
  • Deploy intrusion detection and prevention
  • Deploy active counter measures
  • Apply comprehensive patching
  • Deploy DPLD (data leak prevention and detection) techniques

DID you Know?

  • Small businesses in Australia is the target of 43% of all cyber crime.
  • 60% of small businesses who experience a significant cyber breach go out of business in the following 6 months.
  • 22% of small businesses that were breached by ransomware attacks in 2017 were so affected that they could not continue operating
  • 87% of SME’s believe their business is safe from cyberattacks because they use anti-virus software
  • Cybercrime costs the Australia economy more than $1Bn annually
  • 41% of peoples globally cannot identify a phishing e-mail
  • 30% of phishing e-mails are opened, with 12% clicking on infected links or attachments