How Australian organisations can suffer data breach consequences under GDPR
Europe’s General Data Protection Regulation (GDPR) will soon be implemented, making it important that Australian firms create strategies to prevent cybercrime.
This is due to the stringent security and reporting requirements of the GDP compared to Australia’s new notifiable data breach (NDB).
“The financial and reputational fallout of a data breach has always had the potential to be significant,” stated Steve Hunter, Chief Technology Officer of Asia Pacific at ForeScout.
“However, with the advent of NDB and GDPR schemes, it becomes even more certain that businesses will suffer tremendously if they’re not fully protected and prepared. With potential fines of up to four per cent of global revenue, companies could potentially lose an entire year’s worth of profits because of a single breach.”
“Connected printers, wearable devices, smart TVs and other personal devices that connect to the company’s network are all possible entry points for hackers. Businesses therefore need to ensure that no device has network access unless it’s properly identified, secured and managed. This process needs to be as automatic as practical and should include ensuring devices are patched and up to date where possible.”
“While the potential financial and reputational impact of a security breach could be massive, it’s important for businesses to stay calm and prepare for the new legislation. This includes hardening security to make the organisation a less attractive target for malicious actors, but also building and testing the response and communication plans for when the organisation is penetrated. “
“It’s also important to remember that, while the NDB and GDPR schemes may seem punitive, they actually exist to protect individuals. As such, organisations that can be seen to comply wholeheartedly with the new legislation may enhance their reputation in the eyes of their customers. Putting the right security measures in place now means the chance of suffering an NDB is lessened. If legislation is what it takes to make companies more security-aware and take appropriate action to improve their security, then that’s not necessarily a bad thing.”