Most businesses must now report data breaches

Posted by Michael Trimblett on 9 May 2018

Protecting your business data is no longer just common sense

The chances are that if you experience any form of data breach, then not only is your company's information at risk but you are also at risk of breaching the privacy act. It's often assumed that data breach only means being hacked by a sophisticated gang from a rogue nation trying to influence votes or steal national secrets; It is more often associated with the wrongful acquisition of personal information that is residing in the databases of small to medium-sized businesses.

From February 22nd this year, the federal government has amended the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988.  It now includes mandatory reporting if your business:

  • Turns over more than $3M per year or;
  • Is a credit reporting body or;
  • Is a health service provider or;
  • Is a Tax File Number recipient.

You might be surprised at what constitutes an eligible data breach and how a breach could occur. An eligible Breach refers to the unauthorised access, loss, or disclosure of personal information that could cause serious harm to the individual whose personal information was involved in the data breach.

"Serious harm" in this context, may include physical, psychological, emotional, financial or reputational harm.  This affects any business who holds personal information about their clients such as medical records or credit card details.

Examples of data breaches can be in the form of:

  • Lost or stolen laptops or other mobile electronic devices.
  • Database breaches from hacking.
  • Physical access by an individual to unsecured document recycling.
  • Unauthorised access to personal records by an employee.

Data security is an on-going issue for all businesses and this change to the privacy act has added another dimension to the responsibility of most businesses.

To notify of a data breach, visit the Office of the Australian Information Commissioner's (OAIC) website and fill in the "Notifiable Data Breach Form".  If a business fails to disclose a data breach on more than two occasions, the OAIC can seek a penalty of up to $21M.

Digital information loss is by far the hardest to protect against as hacking attempts can take place from anywhere at any time.  Simply clicking on the wrong email or visiting a compromised website can lead to your customer's data being leaked.

If you would like to discuss your computer and network security or if you would like to know more, please contact Loyal I.T. Solutions on 02-43370700 or email Michael Trimblett

LOYAL I.T.- We specialise in I.T. solutions for your business; providing software, hardware, networks, configurations, consulting and support for 15 years from our base on the Central Coast.

 

Posted in: News Services Security IT Consulting Networking Security  

Merry Christmas and Happy New Year!

Posted by Michael Trimblett on 20 December 2017

Loyal I.T. Solutions will be closed from midday December 22nd through to 8:30am on Monday January 8th.  We will have select members of our team available for emergencies between these two dates.  Should you require emergency assistance during that time, please contact our office on 02 4337 0700 for instructions.

We thank all of our clients for your continued support during 2017.  Wishing you and your families a very Merry Christmas and all the best for 2018.

Posted in: Misc  

Email and passwords leaked - how to check yours.

Posted by Michael Trimblett on 31 August 2017
Email and passwords leaked - how to check yours.

It's happened again.  Yahoo reports there has been a huge data leak of the email addresses and passwords of 771 million people.  I did not escape the breach, nor did many of the email addresses we use at Loyal I.T.

Currently, it is unknown where the breach occurred, but it is important for everyone who has been breached, to update your password to something new and most importantly, something strong.  Strong passwords are generally over 8 characters long, contain a capital letter, a number and a symbol.

To check to see if your email address and password have been compromised, visit https://haveibeenpwned.com/ and enter your email address.  If you have been pwned (the internet's cute way of saying "owned") then it is suggested to change the password for that email account and for any accounts you use that email address to log in to.

With any luck you won't see:

mtpwned

If you need assistance with updating your passwords, please contact us on 02 4337 0700.

Posted in: Security  

The "A Team" take on CeBIT

Posted by Naomi McCahon on 5 June 2017
The "A Team" take on CeBIT

Michael T & Naomi piled into Brendan's car on a Tuesday morning recently, ready to take on the "big smoke" Darling Harbour, Sydney to attend the annual I.T. trade show CeBIT.

For Michael & Brendan, this was not their first time however, for Naomi it was. Naomi was busy questioning the guys on the drive down about all things I.T. in the hope to get her "geek on".

We arrive & it is on! There were multiple speakers, stands galore & geeks (I mean, I.T. like people) everywhere!

Our first stop was the speaker who discussed "IoT" meaning "Internet of Things". This was actually really interesting speech, in short, the Internet of Things refers to the growing network of connected objects that are able to collect and exchange data using embedded sensors. Cars, lights, refrigerators, watches and other appliances can all be connected to the IoT.

Some applications are:
- Smart homes ie Lights that can be dimmed, T.V systems that can be programmed, air conditioners that can be switched on etc all from your mobile phone. 
- Wearables ie Smart Watches like the Fitbit and Apple Watch
- Connected Car ie streaming music from the internet in your car

The speaker also touched on how the cost of I.T. infrastructure has reduced dramatically over the years, one key point he made was back in the day, it would cost approx. $10k for 1 TB of data storage in the Cloud, now it costs around $100.00 for 1 TB of data storage in the Cloud.

After this talk, and being wowed with an I.T. overload, we needed to top up our energy reserves with an impromptu yummy lunch on the Harbour edge, where we spared a thought for our colleagues who were holding the fort in our absence..

Recharged and ready to go, we were straight back into the trade show, where we were dazzled by the robotic dog.

CeBitRobots

 

Got to play with Lego.

CeBitLego

 

We tried to win a cute, fluffy evil Watchguard Ransombear but, we completely bombed out.

RansomBear

Got to sit in a driverless Pod car that is going to become the way we travel in cities in the near future.

CeBitPodCar

and we had an amazing (lifelike) drawing of the "A Team" done on the Smart Kapp board by newspaper cartoonist, Peter Byrne.

AteamDrawingCeBitATeamPeterByrne

This whiteboard could live stream the image to a nearby TV screen and when done, the image emailed in PDF format to selected email addresses.  Amazing technology.

All in all, we had a great day learning all about the IoT, or as Microsoft like to say "IoYT - Internet of Your Things".

Posted in: Team News Misc IT  

WannaCry ransomware attack

Posted by Michael Trimblett on 18 May 2017

As you may be aware, the tech news headlines over the past week have been dominated by the new strain of ransomware called "WannaCry".  This ransomware leverages a bug in Microsoft Windows computers which encrypts all of your data then requests payment in Bitcoin.  Those of you who have been following this blog over the years would recognise the modus operandi of this ransomware being very similar to that of the original Cryptolocker ransomware.  There is nothing technically different about this ransomware however, the method of infection and the amount of Bitcoin requested differ from the original Cryptolocker ransomware.

Ransomware usually infects a computer when a user opens a phishing email which then infects that computer with WannaCry.  Once installed, WannaCry uses the EternalBlue exploit developed by the U.S. National Security Agency (NSA) to spread through local networks and remote hosts, that have not been updated with the most recent security updates, to directly infect any exposed systems.  The infected computer then displays a message which demands a ransom for the decryption of your data.  What's different about WannaCry is that it demands only $300US worth of Bitcoin (which doubles after 3 days if not actioned).  This is considerably less than previous ransomware products which can easily demand 4-5 times that amount of Bitcoin.

A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack in May, but the affected organisations had not yet applied it.

For those of you on Loyal I.T.'s Managed Services, the installation of these patches has been performed automatically and as a result, those PC's and servers that are managed, are not vulnerable to this attack.  Loyal I.T.'s recommended antivirus product, Vipre Antivirus, detects and quarantines WannaCry before it can encrypt any data.

As we follow Microsoft's Best Practices, all PC's and servers we setup have Windows Updates configured and activated.  However, if you would like Loyal I.T. to confirm the patches have been applied to your systems, please contact us on 02 4337 0700 or email help@loyalit.com.au to log a ticket.
Posted in: News Windows Networking Security  

Latest News

The End is Nigh for Microsoft's Windows 7 Operating System

Feb 06 2019
  Support for Windows 7 will cease in January 2020; are you prepared? As the...

Email contact

help@loyalit.com.au

for enquiries or log a job.

As you know we have rolled out today the first of our Articles to our accountants database. I just wanted to thank you for your assistance in setting the database up.

Also, I thought I would let you know that Josh did a great job today in sorting out my problems with Quickscibe. He was very tenac...

Kathy Matri
Read All
Bookmark SiteTell a FriendPrint