“Organisations across Australia don’t really understand the risks, or what is required and they are not implementing technology or procedures to reduce the risk,” said Security In Depth chief executive Michael Connory.
Australian businesses are “completely unprepared” for cyber attacks or data breaches, with reported incidents increasing by more than 700 per cent since February last year, costing the nation $7.8 billion, a report has revealed.
Data Hacking: It is not If, It is When…….
This list is the number of reported data breaches from January to June in 2019. Over 42 businesses reported major breaches to the OAIC this year to June.
- Australian Catholic University
- Revenue NSW
- Australian National University
- Princess Polly
- CCH software
- WPA3 Dragonfly
- Australia Post
- Bank of Queensland
- Melbourne Hospital
- Coffee Meets Bagel
- Toyota Australia
- LandMark White
- Department of Parliamentary Services
- Global Hacking Scare
- Collection #1
- Fisheries Queensland
- First National Real Estate
- Department of Planning and Environment, NSW Major Projects
- Victorian Government
- Marriott Hotel Group / Starwood
- Early Warning Network
- Big W
- Hawthorn Football Club
- Nova Entertainment
- My Health Records
- Victorian Public Servants
What PDSS has to offer.
PDSS is a business management consulting company that specialises in IT security gaps and risks in your business.
We tailor documentation and install Information Security Management Systems to achieve compliance and certification to ISO 27001, written specifically for the Valuations industry.
PDSS builds the ISMS to be compliant with ISO 27001 incorporating controls for CPS 234, the APPs and GDPR, as required by the banks and Core Logic.
The framework remains elastic and manageable to future requirements.
PDSS has a proven track record of installing ISO 27001 with the required bank compliance requirements and successfully having the system certified.
An effective ISO 27001 information security management system (ISMS) provides a management framework of policies and procedures that will keep your information secure, regardless of the format.
The flexibility of the framework allows other standards and contractual requirements to be easily integrated into the controls making only one system to follow in your business.
it was troubling that among almost 2000 companies – in sectors including finance, health, education, government, manufacturing, technology, professional services and retail – almost 40 per cent did not provide any cyber awareness training to staff.Security In Depth chief executive Michael Connory.
Further, more than 70 per cent of all data breaches at Australian businesses were caused by human error.
Why SMEs need data security.
It is not just about meeting contractual requirements, it is about business survival.
Across the board, small businesses tend to have easier security to crack than their larger counterparts. This has been true for almost as long as the internet has been available, but hackers have historically tended to focus on the bigger targets due to the ratio of effort and risk to reward.
While larger businesses have been hardening their defences, smaller businesses have had a tendency to believe that they are beneath the radar of hackers. This happens with troubling frequency even when that particular business has suffered a data breach in the past.
I have an IT Provider
Most businesses outsource their IT services as this is a cost effective, provides expertise, and access to resources like a help desk.
Of course, outsourcing also has its disadvantages.
For instance, trusting a third-party provider for all of your company’s IT needs can create serious security issues.
Outsourcing is not a panacea, if your business is having trouble managing technology on its own, it’s likely that an IT outsourcing provider will be bound by the same constraints that make in-house management difficult — poor system construction, inefficient communication, and lack of scalability. These problems are not something an outsourcing company will be able to fix overnight.
You cannot rely on your provider knowing what your specific requirements or contractual obligations are in relation to data security.
What is you back up schedule?
Does your telephony go though your firewall?
Has a back up image been restored to make sure it works? How long it will take?
How are old computers and the disk drives disposed of?
How do you manage who has access to your data?
PDSS can bridge that gap by installing ISMS procedures and putting management and oversight of your provided IT systems back under your control.