In the first quarter of 2019 over two hundred data breaches were reported* under the Notifiable Data Breaches scheme. Of those, over 95% were the result of human error or malicious attack and resulted in the loss of critical information such as personal, financial and health records. These breaches can have significant impact such as brand image, legal implications and heavy fines.
Protecting information in a business is about understanding people, process and technology. It’s essential that a business understand how their data is managed, who interacts with it and how it is protected. We’ve helped numerous businesses of all sizes assess their information security posture and achieve compliance where necessary.
Important Information Security Considerations
Cyber security should be a primary concern for business holding personal information.
Employees must be aware of best practices and have processes in place to prevent data breaches.
What is ISO 27001 Compliance? ISO 27001 is an international standard for defining an Information Security Management System (ISMS). There are multiple specifications in the ISO 27001 standard that define how a business can manage people, processes and technology to an internationally accepted standard. In order to implement an ISMS within the guidelines of ISO 27001 a business will be required to assess and understand their own management of data, the parties they share data with, their risks and how to treat risks.
For any business dealing with sensitive data, or wants to demonstrate a serious commitment to information security, an ISO 27001 implementation project is essential. Following from that, and ISO 27001 audit can be conducted, which can lead to an official certification of compliance.
If trading with businesses internationally an ISO 27001 project can be essential, as international business partners may require this before entering a business agreement. Conducting an ISO 27001 project will minimise the risk of data breaches, lessen the impact and potentially avoid litigation or fines.
What is PCI Compliance? PCI stands for Payment Card Industry. It is a self-regulating body set up by the major credit card brands to create a set of standards, or requirements, for handling credit card data. When a business fulfils all the requirements it can submit the necessary information to their bank and they will be recognised as “PCI compliant”.
Why is PCI Compliance important? If your business is not PCI compliant and you are a victim of a data breach you can face heavy fines, be restricted from trading until you are compliant or even have your merchant account suspended completely. This doesn’t necessarily only affect online presence, such as your web site, it can affect your over-the-counter transactions too.
We’ve helped many businesses achieve compliance and helped other web development agencies get their own clients compliant, so we’re confident we can get you on the right track with compliance.
Penetration Testing & Ethical Hacking
Knowing that your systems and network are secure is essential to understanding your vulnerabilities and achieving a secure digital landscape. We provide penetration testing and ethical hacking services to find vulnerabilities and secure systems.
When systems have been compromised it’s necessary for someone to investigate the situation, find the root cause and set the strategies in place to move forward to setting up a secure environment. We provide the services to take server images, investigate system logs and report on the source of the breach. It will lead to an understanding of where a vulnerability occurred and how to prevent it in the future.
The February, 2018 roll-out of the Australian Notifiable Data Breaches (NDB) legislation is making big changes to the Privacy Act.
The new data breach notification laws impose mandatory investigation and notification requirements on various businesses. Ensure you know what steps need to be taken in response to a data breach.
The rate of cybercrime in Australia had doubled in the past 12 months, with more and more companies detecting security incidents within their organisations.
Cyber crime costs the Australian economy roughly $1 billion dollars a year.
Strong cyber security is essential to allow individuals and businesses to take advantage of the economic possibilities of the digital world.