According to Australian Government’s Cyber Security Review , cybercrime is costing the Australian economy around $1 billion annually in direct costs alone. Some analysts say that data breaches could cost Australian businesses about $8 trillion over the next five years, largely because of higher levels of connectivity without a proportionate level of investment in security.
The ATO or Australian Taxation Office works with the Attorney-General’s Department, the Department of Human Services, the Australian Competition & Consumer Commission (ACCC), the Australian Securities & Investments Commission (ASIC) as well as other government regulatory agencies & departments for combating the growing threat of identity theft as well as cybercrime.
A few months back, the government implemented the NDBs or Notifiable Data Breach Scheme, administered by the Office of the Australian Information Commissioner. This scheme applies to all agencies & organisations responsible for keeping personal information secure under the Privacy Act. It introduced an obligation to notify individuals when their personal information is involved in a data breach that’s likely to result in serious harm. Also, they need to report the OAIC of those data breaches.
In their first quarterly report that was published on 11 April 2018, the Office of the Australian Information Commissioner said that they had received 63 breach notifications in 6 weeks since launch. In this period, human error was the reason of 51 percent of eligible data breaches reported to the OAIC.
This suggests that although security solutions are important in order to ensure data security, it is better not rely on them alone. Effective cyber security requires organizations to have sound employee training, procedures as well as policies. Also these elements should be considered in the context of ‘digital supply chains’ within the business, because often business data is shared with third parties.
So how can you prevent becoming a victim of cybercrime?
The Australian Taxation Office has developed cyber security tips in consultation with the Cyber Security Working Group – comprised of tax practitioner industry groups as well as other industry partners in order to help prevent businesses from becoming cyber crime victims.
Simple steps such as ensuring passwords are strong & secure as well as not leaving any information unattended are highly important. Adding an extra layer of security on accounts with multi-factor authentication is also essential.
System access needs to be removed from former employees. Also, it is highly important to secure private Wi-Fi networks as well as be careful while using public Wi-Fi networks. And it is better to avoid making transactions while using public or complimentary Wi-Fi,as this may put your information at risk.
In addition to these, ensure that all your business devices have the latest security updates installed as well as don’t forget to run weekly anti-malware scans. Also, it is essential to make offline backups of all your important data on a regular basis as this will not only help you in the event of a disk failure but will also help you minimise the impact of Ransomware. And never click on links in email, download programs, open unsolicited emails & attachments, or use external hard drives from any unfamiliar sources, as these may contain malware and therefore can infect your computers.
And if your business has a social media presence, you should be very careful with the information you make available using these platforms. You should keep any personally identifying information private as well as be aware of who you are exactly interacting with because scammers may take these publicly available information & then use it to impersonate people within your business. For instance, scammers may send scam mails for tricking staffs into providing vital information or even releasing funds. Also, you should monitor business accounts like digital portals, bank accounts as well as social media on a regular basis for unusual activity or transactions that look suspicious.
What would you do if you have already been a victim of cybercrime?
Lost or compromised data can be very difficult & expensive to recover. If you think that you have become a victim of cyber crime, you should act quickly as well as seek support as early as possible for reducing the impact on your business.
- If the breach involves tax or superannuation data, please contact the Australian Taxation Office as early as possible so that they can apply measures for protecting your business, clients as well as staffs where necessary
- Inform impacted clients as well as staffs of the breach immediately
- Contact your software provider immediately if you think that the breach have originated in one of their service offerings
- Consider which information was accessed and then take steps for safeguarding this where necessary.
- Take immediate steps to secure all the vital information in your business by making sure that all security software & controls are up-to-date
- Review systems access as well as remove it for your former employees who no longer need it
- Follow security best practice for minimizing the risk in your business & reinforce these practices with your employees.
Although large government agencies like the Australian Taxation Office play a significant role in keeping Australia’s data safe & secure, it is not possible for them to do it alone. It is everyone’s responsibility to create a cyber safe Australia.