Keeping your business safe
Many businesses collect and sometimes retain large amounts of their customers’ personal information and associated documents. This is current standard practice, but it can expose both businesses and their customers to unnecessary privacy risks. In the wake of major cyber incidents and data breaches affecting customers across Australia, it’s more important than ever to reduce any risks to businesses and the public by improving cyber security and secure handling of customers’ personal information.
Easy steps to reduce your cyber security risk
Cyber incidents leading to the theft of personal information are becoming increasingly common, with millions of Australians affected by data breaches last year. While identity theft may seem trivial, it can have long lasting consequences. The burden of fixing the damage caused by identity crime often falls squarely on the victim.
How can I minimise my business’ cyber security risk?
As a business, you can begin protecting yourself and your customers by reviewing your business processes and ensuring you only collect required personal information, that you store this information for no longer than the minimum time required and that you implement procedures for its secure disposal as soon as possible.
By only collecting required personal information and safely disposing of excess personal information/proof of identity documents as soon as possible, you minimise the damage a potential cyber incident could cause - ensuring that in the event personal information is stolen, you and your customers are protected.
As a business, further steps you can take to protect your customers’ personal information include:
- Conducting an end-to-end review of your data security practices and systems. Consider engaging an expert, to identify cyber vulnerabilities and ways of reducing risks. This investment will pay off in the future.
- Assess the security of any third-party systems that your agency uses. Remember, their security practices will affect your business.
- Evaluate the security of your data storage systems and upgrade them if necessary. All customer, client, tenant, and employee data should be stored with maximum security.
- Mandate strong, complex passwords for all user accounts.
- Ensure privacy obligations and cyber security is part of the annual training plan for all employees in your business.
- Familiarise yourself with Australian privacy law, ensure your business practices comply and you know your reporting obligations if personal information you hold is compromised.
- Take the opportunity to inform your customers, clients, tenants, and employees that you’re doing this important work because it’s an urgent priority.
What do I do if a cyber incident occurs?
If a business or individual in NSW finds themselves the victim of a cyber incident or identity theft, ID Support NSW makes it easier to access help.
Prevention is better than a cure
While it’s important to be prepared for a cyber incident, prevention is better than a cure. Personal information needs to be treated like digital asbestos – handled with care, surrounded by the right processes and procedures, and disposed of responsibly.
If you believe your customer data has been compromised, or need advice regarding collecting and storing customer data, submit an online enquiry to ID Support NSW or call us on 1800 001 040 from Monday to Friday between 9.00 am and 5.00 pm.