Why Australian businesses must step up data and IoT security

By Wavelink

The need to comply with data breach legislation means Australian companies must be aware of their obligations and must ensure their own networks are fully compliant, along with the devices and applications of contractors, third parties, and guests that plug into the network.

Internet of Things (IoT) devices pose a particular risk and must be explicitly secured.

Eligible Australian businesses must now report notifiable data breaches (NDB) to the Office of the Australian Information Commissioner (OAIC). The OAIC’s first published quarterly report found 63 breach notifications were received in the first six weeks alone.

With the introduction of Europe’s General Data Protection Regulation (GDPR) in May and other countries, including New Zealand, expected to introduce similar legislation, organisations need to comply with more regulations than ever.

For example, GDPR affects companies in any country that does business with customers in Europe, which means many Australian companies could be subject to the legislation and some might not even know it.

See also:

Hugo Hutchinson, Wavelink’s national business development manager for Fortinet, said: “Businesses can no longer remain stagnant and fail to act on security and compliance. Organisations of all sizes must ensure they’re in line with the new legislation changes and perform due diligence to ensure their networks are protected. Security breaches affect a company’s reputation and may result in significant consequences, with the cost and ramifications following a security breach potentially far more than the cost of initial investment in adequate protection measures.

“Organisations must also realise the value of the data they possess. Contractors, third parties, and guests plugging into the company’s Wi-Fi network must be limited to accessing only the data they require. Everyone, including third parties, must comply with company security policies and practices.”

The Internet of Things (IoT), which includes wearable technology, voice-activated devices, and smart appliances, present organisations with an additional level of concern. They don’t tend to come with built-in security and can present a backdoor for cybercriminals to access company networks either to take over the device itself or as part of a larger attack.

Hutchinson added: “Schools and hospitals are subject to NDB requirements and they tend to be prolific users of IoT devices, as well as having hundreds of users, including guests, accessing their networks. These organisations must operate an appropriate security and compliance system otherwise they may held liable for any breaches that may occur.”

Share

Featured Articles

Nine must-attend sustainability events for business leaders

From London to Abu Dhabi, Singapore to San Diego, these sustainability-focused events are designed to help business leaders action their ESG goals

Daniel Weise of BCG on new supply chain and procurement book

Daniel Weise, global leader of Boston Consulting Group’s procurement business line, on the timely publication of his new book, Profit From The Source

Attract and retain talent with flexible working and benefits

From office shut-downs and extra days off, to shorter weeks and work-from-anywhere policies, flexibility is the work perk must-have for summer – and beyond

Nurturing the next generation of women leaders in Africa

Leadership & Strategy

5 Mins With: Cybersecurity expert Ariel Parnes of Mitiga

Technology

People Moves: Pine Labs, Deutsche Bank, McKinsey, Fortinet

Leadership & Strategy