How much of a risk are you prepared to take ?

 

What is the Privacy risk threshold of your business ?
What is your personal threshold ?

 

Whether your business needs to comply with Privacy regulations or not, you have a responsibility to your clients and employees to protect their personal information. They expect your business to act as a trusted custodian of their personal information.

Take a few minutes to read on and reflect on how much you are willing to risk…..

What is your risk threshold ?

Here are a few questions you need to ask yourself about your business practices, and the level of risk you are prepared to endure. It’s not a comprehensive list but will hopefully help.

 

  1. Does your business need to comply with any Privacy regulations?

You must be compliant with the Regulatory environment you are operating in. In some cases, this may extend outside Australia to other jurisdictions such as the European GDPR.

However, even though your business may not be required to comply, you have a moral obligation to protect your clients personal information. They expect it !!!

They may not necessarily think about it beforehand, but they definitely will when a breach occurs. In their eyes, it will not be an excuse that your business doesn’t need to comply with a regulation.

Clients will look elsewhere if they do not trust your business.

 

  1. Do you know where your businesses personal information is ?

To protect it, you must know what information you have, where it is located, is it secure and who has access to it.

Furthermore, the same applies to your information being transmitted to and from various devices and systems.

It’s vital to create a register of one of your most critical assets and keep it current.

Do not forget to include mobile phones, USB drives, personal Email accounts, personal laptops, etc.

 

  1. Have all reasonable steps been taken to ensure there is an appropriate level of protection of your businesses personal information ?

A Privacy Policy is not enough. It needs to be backed up by procedures and practices that are well understood and adhered to by all staff and contractors.

Regular IT and Office security audits is a must.

 

  1. Are you confident the 3rd parties, who handle your businesses personal information, have taken all reasonable steps to protect it ?

Stringent due diligence must be conducted on all 3rd parties. It is your responsibility to ensure they are aware and meet their Privacy obligations.

A 2018 survey in Australia, found 67% of business owners are not confident.

Is it any wonder there is a growing lack of confidence within the community ?

 

  1. Is your staff and contractors fully aware of their responsibilities in handling personal information ?

A sustainable Education and Awareness program will go a long way to reducing human error.

Whether it is new or long-term employees, everyone needs to be constantly reminded of their responsibilities. The best thing about this initiative, it’s totally up to you how effective you want it to be. It’s in your hands.

Human errors are tracking at 35% of all breaches reported to the OAIC since the introduction of the mandatory Notifiable Data Breach scheme in February 2018. This percentage does not include Email phishing which would bring human errors up to around 60%.

 

  1. Do you feel confident your business will not have a data breach ?

No business should ever be completely confident (no matter the size). However, you need to feel good that you have taken all reasonable steps within your capacity.

The below numbers from recent surveys in Australia, should be ring alarm bells for every SMB :

    • 9.5 days (average) between a breach occurring and misuse of credentials. It takes 90 days to detect the breach. By then, the horse has already bolted. In fact, it’s already well past the finish line.
    • 53% of businesses have multiple breaches
    • 43% of cyber-attacks are SMBs. They are easier targets and provide least resistance. Out of those 22% are now closed.

 

  1. Does your business have procedures to handle a Data Breach ?

A brand can be destroyed in a moment with a badly handled breach.

It’s critical to have a Data Breach Response (DBR) plan to provide a structured process in very stressful times.

 

  1. If you have a Data Breach, will your business survive ?

Breaches not only impact your business but your lifestyle, family, clients and employees.

 

Do you have any concerns ? 

How much of a risk are you prepared to take ?

 

If you have even the slightest concern, please contact Privacy Proactive for a no-obligation free consultation about your current situation and we can prepare your business.