Protecting your business and customers from cyber theft
These days, it’s common for organisations to collect and retain large amounts of their customers’ personal information. While this is standard practice, it can expose both businesses and their customers to unnecessary cyber security risks.
In the wake of major cyber incidents and data breaches affecting customers across Australia, it’s more important than ever for businesses to understand how they can improve cyber security and secure handling of customers’ personal information, reducing risks for both themselves and their customers.
About data collection and storage
An important starting point is to review your businesses data collection and storage processes to ensure you are following best practice. This includes ensuring you only collect relevant personal information from your customers; only storing personal information for the minimum time required; and making sure you implement procedures for its secure and timely disposal.
This initial action is a major step in helping to minimise the risk of harm to both your business and customers from cyber security breaches.
7 steps you can take to further minimise your risk
- Consider engaging an expert to identify cyber vulnerabilities and ways of reducing risks.
- Assess the security of any third-party systems that your business uses. Remember, their security practices will affect your business.
- Evaluate the security of your data storage systems and upgrade if necessary. All customer, client, tenant, and employee data should be stored with maximum security.
- Mandate strong, complex passwords for all user accounts.
- Ensure privacy obligations and cyber security are part of annual training for relevant employees.
- Familiarise yourself with Australian privacy law, ensure your business practices comply and that you know your reporting obligations if personal information is compromised.
- Finally, inform your customers, clients, tenants, and employees that you’re doing this important work as the security of their personal information is an urgent priority.
What do I do if a cyber incident occurs?
If your business falls prey to a cyber incident or identity theft, ID Support NSW makes it easier to access help.
While it’s important to be prepared for a cyber incident, prevention is better than a cure. PI (Personal Information) needs to be treated like digital asbestos – handled with care, surrounded by the right processes and procedures, and disposed of responsibly.
Watch our video inspired by real NSW customers who have been victims of identity theft, and see how ID Support NSW can help (embed video).