Protecting customer personal information and minimising risk is often put on the back-burner – until it happens to you.
A recent example reflects this sentiment. I conducted a Current State Analysis; Risk Assessment and provided recommendations for a client (an SME). It was a busy time of year for the client and they didn’t implement the recommendations straight away.
In the mean-time a breach occurred with a customer’s personal information being sent to the wrong recipient.
Management were unsure of the action to take! It’s challenging to determine when notification is appropriate (to notify or not?). Sometimes, notifying individuals can cause undue stress or harm. For example, notifying individuals about a data breach that poses very little or no risk of harm can cause unnecessary anxiety. In my client’s situation it also didn’t help that they had limited information about the privacy breach.
After a quick ‘on-site’ consult, I implemented the Data Breach Response (DBR) Plan specifically tailored for the client. The plan was executed enabling management to have all the information in-front of them to make an informed decision about the breach. All within sixty minutes!
Not implementing the recommendations to manage and minimise privacy breaches within their business cost management almost a week to be informed about the breach. A lot can happen within one week and breaches that may initially seem immaterial may be significant when their full implications are assessed.
My client realised how ill-equipped their staff were about the importance of handling secure information correctly and what procedures to take in the event of a breach occurring.
Timing and appropriate action can make or break the reputation of a business and ultimately their customers/sales!
I’m a small business owner and understand that the small and medium business environment is very dynamic! Maintaining your customers and growing sales are challenging, not to mention the costs associated with sourcing and training new staff and abiding by regulations.
It’s a passion of mine to help small and medium businesses protect their greatest asset; their customers and their businesses reputation. I’m providing my 35 years of corporate experience, primarily in compliance and risk management in a cost-effective way for SME’s here at Privacy Proactive.
What are the chances of this happening to me?
- Approximately 8 times more breaches are being reported since February 2018 when the Notifiable Data Breaches scheme was introduced
- The Healthcare sector followed by the Finance sector are making most reports of breaches
- Malicious attacks account for 60% of breach reports with most due to humans (ie: Stolen usernames and passwords) How secure is your data and how competent are your staff in managing it?
- Human errors account for 35% with most common error being emails sent containing personal information to the wrong recipient
- In 2017, 43% of all cyber attacks in Australia targeted SMEs. Of which, 22% are now closed. SMEs are extremely vulnerably to business interruptions.