CEO Update: Data Security
Data security is front of mind for all of us at the moment, and for good reason. More or less, unprecedented hacks of some of corporate Australia’s biggest names (Medibank, Optus) have resulted in millions of customers personal information, as well as highly sensitive medical information, being compromised and leaked to the dark web. At best, it’s left us all feeling a lot less secure in the digital world, and at worst highly distressed and/or affected by follow on scams and malicious use of the leaked data.
It is a stark and confronting reminder to businesses of all shapes and sizes, of just how important it is to ensure both our customer and internal data security postures are fit for purpose for the current days threats.
These risks and threats are also completely agnostic to business size. We have seen through the media the high profile large end of corporate Australia being affected, but even the smallest of businesses can come undone as well. My Physio that I see on a semi regular basis had their customer data compromised some 18-24 months ago. The hack resulted in access to their customer data being completely removed, and in a similar vein to Medibank, they were held to ransom for return of access to the data. My Physio was faced with the agonising choice of paying a ransom (in crypto) or effectively never being able to access their customer data again, and this was a potentially existential question for a small practice service provider. As we all know, it is the devil’s own choice, but the point to make here is that it matters not what size of business we run or participate in, we’re all at risk.
Policy makers are racing to catch up to recent events, and there are some significant changes coming down the line in very short order, that we all need to be aware of. Firstly, penalties will be hugely increased, potentially as soon as year end, and secondly the data security and privacy laws of the land as a whole, will have a major overhaul next year. This will have significant implications for all business leaders and contributors.
Given the importance and now also urgency of this space for all businesses, in this subsequent series of posts, I will seek to unpack some of the key insights, observations, debates and events we are seeing. Key topics for comment will be:
- Legislation changes in Australia.
- Understanding our data - where and what is it?
- Data security certifications and improving security.
- Supplier analysis.
- Handling data breach and ransom demands. Should we or shouldn’t we?
At Known, we take our data security incredibly seriously. We have invested heavily in our data security posture for many years prior to recent events. We’ve adopted industry best practice as structured by the various globally recognised Data Security certification and assurance programs. We are currently certified for ISO27001, SOC2 Type II, and HIPPA. Having a strong security posture is not just important internally, it is equally critical to ensure that suppliers with whom you share key customer data, have a strong and robust security posture. If you would like to talk with one of our team on how we can help your business boost supplier security in the messaging space, please reach out to us on email@example.com