Small businesses earning more than $3 million have been urged to prepare for the new data breach reporting laws that come into effect February 22nd 2018.
If customer or staff member information has been breached, small businesses must report to the Office of the Australian Information Commissioner (OAIC) and notify any individuals affected.
Failure to do so could attract penalties up to $360,000 for individuals and $1.8 million for organisations.
For more information on how to respond to a data breach, visit the OAIC website.
“Small businesses are particularly vulnerable to sophisticated cybercriminals as they often lack the time and resources to properly investigate and understand this very real threat, says Australian Small Business and Family Enterprise Ombudsman (ASBFEO) Kate Carnell.
Recent data shows Australian businesses aren’t fully prepared for these strict new regulations.
“Small businesses [must] understand what the new laws mean to them," Ms Carnell says.
"Yet I’ve read this morning a new study reporting 44% of Australian businesses are not fully prepared."
“Another report by Telstra last year found 33% of small businesses don’t take proactive measures to protect against cyber breaches.”
Founder of cyber security company Geek IT, Jon Paior, says while these new regulations are important, lack of action from many small businesses is due to not realising they have been breached.
“There’s a thing called a data infiltration monitor, which is a specialist tool to track whether information has been breached – most small businesses don’t have this tool.”
Mr Paior also says most small businesses will need to increase their IT budget by 30% to ensure they’re fully protected.
He recommends five small steps businesses can take to be prepared:
- Get advice from your IT provider, or commercial lawyer about how these new laws will affect your business.
- Speak to an insurance broker to find out whether your business is insured against cybercrime.
- Start using cloud systems as much as possible, as security is less likely to be breached in this space.
- Put two-factor authentication on everything, from emails to accounting systems.
- Stay educated and make sure your staff understand your business's cybersecurity protocol. For example, don’t open suspicious emails, and don’t download unknown attachments.
To find out more about small business cybersecurity, visit the ASBFEO’s Cyber Security Best Practice Guide.