A Privacy breach hits right at the heart of your clients’ trust

It has a detrimental impact on your business and can result in business closure.

Without client trust in your business (your brand), you not only lose sales, you gain negative brand advocates that can turn potential clients away from your business as well. (Bad news travels fast)!

Client trust is so vital in today’s digital environment where client expectations are increasing, competition is fierce, and clients have a ‘public voice’. Even for small and medium size businesses, it is a brand differentiator (your businesses reputation and values) that could make or break your business. You only have to look at the recent scandals around Facebook or the Australian Banks to see this happening.

The good news is that the degree of negative impact on your business from a privacy breach is in your hands. With a well-prepared ‘Data Breach Response’ (DBR) plan.

If a privacy breach is handled well, it can possibly restore and even enhance your brand’s reputation. It illustrates to your clients that your business genuinely cares about them and their needs.

 

Statistics of privacy breaches and the negative impact on businesses:

During 2017 in Australia, 43% of cyber-attacks targeted small businesses. Out of those, 22% have closed*. The common thread for many of the closures was poor preparation and handling of the breach resulting in loss of trust, and ultimately clients.

*Australian Small Business and Family Enterprise Ombudsman Cyber Security Guide – 2018

 

It is important to remember that time matters!

Regardless of the time, effort and investment you have made in building client trust, a delayed response, decision and action post breach – is a poorly handled breach. It will significantly increase negative impacts on your business, its reputation, resulting in loss of client loyalty and sales.

 

KEY TIPS – for developing and sustaining a Data Breach Response (DBR) plan:

  • Develop the plan with Privacy Experts (leverage accessible information from trusted resources) and with your key staff (leverage internal knowledge, to gain commitment)
  • Conduct on-going reviews of the plan (at least annually or when significant changes take place internally or externally)
  • Conduct regular staff training for those who handle personal information (plus include training in Staff Induction programs)
  • Conduct a mock drill at least once every two years.

 

KEY BENEFITS – your business can gain with a well-prepared DBR plan:

  • A clear and structured process during stressful times of a breach
  • Quickly brings the right people together to respond effectively (such as IT, legal, etc)
  • Documented findings and outcomes of the breach situation (know what’s happened and the potential consequences)
  • Effective reports available for management to understand and make an informed decision
  • Minimise likelihood of a re-occurrence of the breach by documented recommendations to upgrade policies and practices
  • Documented evidence of the assessment being conducted to validate effective handling of a breach.

 

A SMART CHOICE – to minimise negative impact of a breach on your business, speak with the experts at Privacy Proactive. We can help you:

  1. Implement a tailored Data Breach Response (DBR) plan aligned with your business needs
  2. Provide you with support during a privacy breach
  3. Ensure regulatory changes are built into your DBR plan immediately
  4. Review your DBR plan annually
  5. Provide DBR training annually to make sure everyone in your business understands their responsibilities.

How do you protect your business’s greatest asset – your clients’ information?

Your business mindset best be ‘when’ not ‘if’ a privacy breach will occur!

Our working environments have become more digital, mobile and with higher risks that expose our daily business operations. Not all businesses conduct business online however they are all still at risk.

Small to Medium businesses are often a prime target for online hackers and scammers as they typically have lower budgets and less resources they can invest into their security.

Cyber-crime amongst a number of things can include deceptive conduct like theft of critical business information (including your clients’ details) or hacking a business to obtain a client’s details or access to a supplier’s network.

Statistics of small to medium-sized business and cyber-crime incidents in Australia reveal how vulnerable they are*:

  • Cyber-crime cost to businesses in Australia is rising exponentially, costing an estimated $1 billion each year.
  • Cyber-crime is rated by SMEs as the 5th biggest risk to their business however SMEs with a turnover of approximately two million or more, almost 60% stated they did not feel well-informed about the risks of cyber-crime to their business.
  • 93% said they would like a tool. There is a need for risk-management tools for SME owner-operators to protect their businesses from cyber-crime.
  • Only one in five SMEs purchased insurance to protect them from cyber-crime.

*NSW Small Business Commissioner in May 2017

Your client information is an asset worth protecting because it can make or break your business.

There are plenty of hackers out there working on new ways to access your business information, so take steps to protect what’s yours now. Your clients entrust their personal information with you in order to do business with you. Any event of personal information being jeopardised (hacked, unauthorised access or accidentally providing client details to the wrong recipient) can do irreparable damage to your business’ reputation and in some cases close it down permanently.

Whether or not your business must comply with Privacy Regulations, your clients expect you to protect their personal information. By treating their data with the utmost level of care you have a great opportunity to gain a competitive advantage and increase the level of trust in your brand.

Having a robust and sustainable Privacy Program will prepare your business and help:

  1. minimise the likelihood of a privacy breach, and
  2. minimise the damage of a privacy breach
  3. Instil trust in your potential clients so they want to do business with you
  4. Maintain loyalty of existing clients

Clients are becoming more reluctant to share information due to lack of trust in businesses protecting their data.

A survey conducted in 2018 of over 500 Australian SMEs confirms this trend:

  • 46% of SMEs responded – their clients are increasingly opting-out of data collection and sharing information, and
  • 49% of SMEs responded – client’s data is becoming increasingly critical for their day-to-day operations, and 60% to deliver more personalised services to ultimately grow their business.

You can narrow this gap by proactively maintaining your business’s diligence as a trusted custodian of your client’s information and minimise the risk of a breach.

If you would like to know more, Privacy Proactive is your ally in protecting your greatest asset – your clients’ information. Contact Us

A story that could happen to you…..

Protecting customer personal information and minimising risk is often put on the back-burner – until it happens to you.

A recent example reflects this sentiment. I conducted a Current State Analysis; Risk Assessment and provided recommendations for a client (an SME). It was a busy time of year for the client and they didn’t implement the recommendations straight away.

In the mean-time a breach occurred with a customer’s personal information being sent to the wrong recipient.

Management were unsure of the action to take! It’s challenging to determine when notification is appropriate (to notify or not?). Sometimes, notifying individuals can cause undue stress or harm. For example, notifying individuals about a data breach that poses very little or no risk of harm can cause unnecessary anxiety. In my client’s situation it also didn’t help that the client had limited information about the privacy breach.

After a quick ‘on-site’ consult, I implemented the Data Breach Response (DBR) Plan specifically tailored for the client. The plan was executed enabling management to have all the information in-front of them to make an informed decision about the breach.  All within sixty minutes!

Not implementing the recommendations to manage and minimise privacy breaches within their business cost management almost a week to be informed about the breach. A lot can happen within one week and breaches that may initially seem immaterial may be significant when their full implications are assessed.

My client realised how ill-equipped their staff were about the importance of handling secure information correctly and what procedures to take in the event of a breach occurring.

Timing and appropriate action can make or break the reputation of a business and ultimately their customers/sales!

I’m a small business owner and understand that the small and medium business environment is very dynamic! Maintaining your customers and growing sales are challenging, not to mention the costs associated with sourcing and training new staff and abiding by regulations.

It’s a passion of mine to help small and medium businesses protect their greatest asset; their customers and their businesses reputation. I’m providing my 35 years of corporate experience in risk management and minimisation in a cost-effective way for SME’s here at Privacy Proactive.

What are the chances of this happening to me?

  1. Approximately 8 times more breaches are being reported since February 2018 when the Notifiable Data Breaches scheme was introduced
  2. The Healthcare sector followed by the Finance sector are making most reports of breaches
  3. Malicious attacks account for 60% of breach reports with most due to humans (ie: Stolen usernames and passwords) How secure is your data and how competent are your staff in managing it?
  4. Human errors account for 35% with most common error being emails sent containing personal information to the wrong recipient
  5. In 2017, 43% of all cyber attacks in Australia targeted SMEs. Of which, 22% are now closed. Many due to loss of customers trust and ultimately their business.

Will your business survive a Privacy breach ?

A privacy breach will have an impact on your business. It’s a given.

The degree of the impact is in your hands.

The handling of the breach will have a lasting impact on customer trust.

To the point, it can destroy your brand. However, if handled well, it can possibly restore and even enhance your brand’s reputation.

Having a well-prepared Data Breach Notification (DBN) plan will go a long way to minimising the damage of a breach when it occurs.

A few key tips to developing and sustaining a DBN Plan :

  • develop the plan with Privacy experts (leverage what’s already out there) and with your key staff (leverage internal knowledge and gain buy-in)
  • conduct on-going reviews of the plan (at least annually or when significant changes take place internally or externally)
  • conduct regular training of all staff who handled personal information and include in Staff Induction program
  • conduct a mock drill at least every 2 years.

A well-prepared DBN plan delivers to your business :

  • a structured process during stressful times of a breach
    documented findings and outcomes
  • better understanding of the situation for management to make an informed decision
  • documented recommendations to upgrade policies and practices to minimise likelihood of a re-occurrence of the breach
  • documented evidence of the assessment being conducted

Privacy Breaches – human errors will occur – be proactive and minimise

I’ve sent information to the wrong person and more than likely many people reading this would have a similar experience. We are after all human !!

As business owners (not matter what size), we can minimise the likelihood of human errors occurring

 

Your business needs to at least :

  1. Review your Privacy policies and procedures. Upgrade as needed. Ensure your staff are following them.
  2. Implement an on-going Education and Awareness program for new and existing staff. Your staff must understand their responsibilities when handling personal information.
  3. Review your IT Security and Office Security controls. Upgrade as needed. Look for opportunities where technology can minimise your staff causing a breach.
  4. Implement a Data Breach Notification Plan to minimise damage when a breach occurs. Your staff must understand their responsibilities when a breach occurs.

A robust and sustainable Privacy Program will go a long way to achieving the above and more.

Implementing a Privacy Program can give comfort and build trust of your clients and employees.

If you would like to know more about implementing a cost-effective and tailored Privacy Program, please contact me at Privacy Proactive.

Poorly handled breach has significant impact on Cathay Pacific

After over five months of being aware of a major breach (impacting approximately 9.4 million customers), Cathay Pacific finally reports it to authorities.

Significant backlash from HK authorities, other Regulators outside HK (including EU, Australia) and most importantly customers, will have a long lasting impact on trust and reputation of the company.

BEING PREPARED as best as possible with a well planned and well understood Data Breach Notification Plan is paramount to minimising damage when a breach occurs.

 

Read more…..

 

 

Why Australian small businesses need to prepare for a Privacy Data Breach – it’s not a matter of ‘if’, it’s a matter of ‘when

Recently, several large organisations have reluctantly grab the headlines due to Privacy data breaches.

However, small business owners need to be aware, these breaches are not only occurring at the top end of town.

Some interesting facts :

Since the introduction of the Mandatory Notifiable Data Breach Scheme in Australia in February 2018,

  • The number of breaches reported is trending at over eight times greater than before
  • Of those breaches, 23% impacted one individual, 48% involved less than 10 individuals, and 67% were less than 100.

In Australia during 2017,

  • 43% of all cyber attacks were directed at small businesses
  • Even more disturbing, 22% of those businesses have closed down.

Unfortunately, many small businesses face an uphill battle to spend sufficient time to build up and sustain privacy policies and practices to meet their obligations. With the introduction of the mandatory notification scheme, this has become a greater climb.

Privacy Proactive helps businesses manage and protect their Privacy risks by preparing them as best as possible.

We provide very cost-effective solutions to enable businesses to meet their obligations. Our approach allows management and staff more time to focus on core business activities.

Why your small business should consider Privacy Proactive

  1. These days, with greater visibility of privacy breaches, there is a far greater expectation from the community for businesses to protect personal information.
  2. GDPR’s impact on countries outside the EU will be more than simply needing to comply. The rising community expectations will demand governments to strengthen their privacy laws. Countries such as South Korea, Japan and Brazil are already considering going down this path. It is very likely more will follow, including Australia.
  3. Small businesses need to be proactive. It will minimise (never eliminate) the possibility of a breach and the impact on your business, your clients and employees, and potentially your lifestyle.
  4. With sustainable privacy policies and practices in place, it provides an opportunity for your business to get ahead of the game and gain a competitive edge.
  5. Your business will be judged not so much on whether you have a breach but how prepared you are for a breach.

If you would like to know more about how Privacy Proactive could help your business, please contact me.

 

 

More Centrelink bungle sees private documents accidentally shared with Melbourne stranger

Human error is playing a significant part in Privacy Data Breaches in Australia.

Since the introduction of the Mandatory Notifiable Data Breach Scheme on 22/2/18, 51% of breaches reported have been due to human error.

 

How to minimise these ?

On-going training will start to build awareness and move towards ingraining the correct ‘habits’ into staff. It takes time and effort but a well developed training plan is moving in the right direction.

 

Read more….

http://www.abc.net.au/news/2018-06-25/centrelink-data-breach-sees-personal-documents-given-to-stranger/9906998

Another 200 dodgy Facebook apps discovered in fallout from Cambridge Analytica data scandal

YOUR Facebook profile may have been raided by another 200 apps that misused or even sold your personal information, the social media giant revealed in the ongoing fallout from its largest data scandal to date.

Facebook discovered the potentially dodgy applications as part of an “investigation and audit” designed to unearth apps like the personality test that harvested information from users and sold it to political data firm Cambridge Analytica.

Data such as phone numbers, private messages, and religious views, taken from as many as 87 million Facebook users and more than 311,000 in Australia, was allegedly used to influence voters in the 2016 US election.

Read More……

https://www.dailytelegraph.com.au/technology/another-200-dodgy-facebook-apps-discovered-in-fallout-from-cambridge-analytica-data-scandal/news-story/6acbc7cdd2c42ca113114cdddfbd841b

 

Does Commonwealth Bank’s massive data loss put you at risk?

AFTER it emerged that Commonwealth Bank lost customer statements linked to 20 million accounts, the institution has spent the night assuring people they are not at risk.

The bank has admitted it lost financial statements spanning 15 years in 2016, after the story was uncovered by Buzzfeed News.

But the bank says the lost data did not include customers’ passwords or PINs and there was no evidence the information had been compromised.

However, customers have vented their fury at the bank for not informing them of the data breach at all.

When the data stored on tape drives was lost by a subcontractor in 2016, CBA launched an investigation to find out what happened, but the documents were never found.

One theory suggested by a forensic team from accounting firm KPMG was that the tapes might have fallen off the back of a truck taking the data to be destroyed.

But the data was never located — either on the road or on the dark web — and it was decided that had most probably been disposed of as planned.

However, one Western Australian farmer living with bone cancer claims he was the victim of identity theft after his CBA documents were found in a gutter in Victoria.

Commonwealth Bank lost bank statements linked to 20 million accounts in 2016, but chose not to tell customers. Picture: AAP Image/Brendan Esposito

Commonwealth Bank lost bank statements linked to 20 million accounts in 2016, but chose not to tell customers. Picture: AAP Image/Brendan EspositoSource:AAP

‘IT AFFECTED OUR CREDIT RATING’

Barry Lakeman said he ended up in debt after criminals used his identity to borrow money and buy goods and services.

He approached Geoff Shannon from Unhappy Banking, who told news.com.au he had been dealing with the Lakemans’ “many loans and credit issues” resulting from the fraud ever since.

Mr Lakeman said CBA told him in 2014 that his statements had been found in a gutter in Victoria, a state he and his wife hadn’t visited for three years. He said the bank suggested his wife must have taken the statements there and left them behind.

Police then called Mr Lakeman in August last year to say they had found his gun licence — only the membership number was wrong, the 59-year-old told The Conversation.

“It was a forgery,” he told Sydney University Adjunct Associate Professor Michael West, who wrote about the issue in September. “The number at the top of the card was different from the number on my card.”

And there have been other incidents too, Mr Lakeman claimed. “In 2015, a company in Victoria rang me and said, ‘We have finished the canvas for your caravan’ … I don’t even own a caravan.”

Northam Police began investigating the identity theft with the help of Mr Shannon, who took the case to the bank-funded Financial Ombudsman Service set up to handle customer complaints.

But Mr Lakeman still doesn’t know what really happened, telling Prof West: “It really hurt us because when we tried to move and buy a house there was a black mark against us. It affected our credit rating.”

View Full Article

http://www.news.com.au/finance/business/banking/does-commonwealth-banks-massive-data-loss-put-you-at-risk/news-story/0d74b286f29ed651fe6a6de2d469fa60