old man emu Posted May 3, 2018 Posted May 3, 2018 For once I am being fair dinkum with you and not joking, so please heed what I say. I have been asked to alert anyone I know who has a business with an ABN, and the business holds personal identification details of any person on an electronic device that has a connection to the Internet of the Notifiable Data Breach Scheme. Be aware that from February 2018, the Notifiable Data Breach Scheme came into effect. This scheme requires a business to notify the Office of the Australian Information Commissioner (OAIC) if there is evidence of an unauthorised access; disclosure, or loss of personal information as a result of a breach of the business' cyber security. Penalties for non-compliance with the NDB Scheme carry very high fines - in the hundreds of thousands for individuals, and millions for organization. My source has asked me to encourage all of you to bring this matter to the attention of business owners whose businesses hold the personal data (identification or financial) of any person. Business owners should contact an qualified IT professional to review the business' cyber security. My source is in the process of preparing a document which will provide and introduction to the NDBS. I hope to be able to provide it to anyone interested in a few days. Thanks for you time. Old Man Emu
spacesailor Posted May 3, 2018 Posted May 3, 2018 You mean like: The CBA loosing all the customers details. spacesailor
old man emu Posted May 4, 2018 Author Posted May 4, 2018 Yes, the matter involving the CBA is what happens. The CBA was lucky to avoid legal action because the incident happened before the current law came into effect in February 2018. However, the bank should have been aware that the law had been passed and that it was coming into effect. While it did not have a legal responsibility to act, one could argue that it had a moral duty to act. However, the combination of "financial institution" and "moral duty" is an oxymoron. Yes, the most common entry point for malware is via employees' email accounts. A low-cost defence a company can employ is to educate staff on the dangers of opening suspicious emails. If an email does not relate directly to an employee's job, then it should be deleted. That means no opening of emails with "spam" titles, and no forwarding on jokes, funny pictures etc. Attempts to gain entry to a company's database often begin with a phishing attack. https://www.incapsula.com/web-application-security/phishing-attack-scam.html
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now