Why choose alltasksIT

Notifiable Data Breach (NDB) Scheme

Can you afford to ignore the NDB?

Earlier this week the governments new Notifiable Data Breach Scheme was launched. Failure to comply with the NDB scheme could lead towards individuals being fined up to $360,000 and organisations up to $1.8m.

A data breach happens when personal information is accessed or released without authorisation, or is lost.

More guidance about the NDB scheme can be found on the OAIC website.

How IT Can Help Stop Against Data Breaches

Prevention is the best cure. Speak to our experts at alltasksIT to help assess your IT infrastructure and help prevent data breaches from happening. We can work with you to assess your most sensitive data and make sure its secure.

The Basics

By far the most effective way to stop data breaches is to provide staff with security awareness training. Training topics will range from the basics of a good password to help identify non-legitimate emails. In-depth user training can reduce incidents by 90%. alltasksIT partner with leading security organisations that provide online training courses that are tried and tested by us for your staff members.

Set a password policy with a minimum character limit, restrictions of certain words and a password renewal policy to force new passwords every 30 – 90 days.
Keep on top of your administration. Inform alltasksIT when a staff member leaves so their account can be disabled and archived off when they leave the organisation.
If you’re a managed services customer this will already be covered. alltasksIT manage and maintain your devices and security infrastructure to make sure it’s always up to date to protect against the latest threats.

Taking It Further

DLP policies prevent accidental sharing of data such as sharing of credit cards, Tax file numbers and more. This is done by restricting this information from being sent out via email or being shared.

Staff members authenticate themselves twice to login – Typically a person will type in their password then will have to provide a second factor of authentication by a code sent by SMS, a phone call or pin generated by an app. This stops a person from hijacking your account and accessing sensitive information.
Remotely wipe company information from mobile devices when an employee leaves or a device is lost or stolen. You can also impose policies such as app restriction, password policies and more on company owned devices.

Sensitive Client Information

If you are storing sensitive information inside your network that will break the privacy act if leaked we recommend further measures are needed. Some of these can include:

Encrypt data on laptop and mobile devices. This stops data breaches if a device is lost or stolen.

Encrypt emails so they can only be read by the intended recipient. You can also stop emails from being forwarded or printed with encryption policies
Track incidents such as multiple failed sign in attempts, sign ins from overseas, unauthorised data access attempts and abnormally large data downloads.
With Microsoft Azure Information Protection you can automatically classify and label your data at the time of creation. This helps combat accidental or intentional data leaking. When a file or email is classified as sensitive, protection policies can then be applied to sensitive data (encryption + authentication + use rights) and stop it from being sent outside of your organisation. This also works great in situations like accidental sending of sales figures or client records.

Reporting On A Data Breach

Learn what to do and when

If a data breach does occur security analytics tools will need to be in place before the breach happens. These tools capture log events and network flow data in near real time and apply advanced analytics to reveal security offenses. Speak to our experts at alltasksIT about the range of security analytics and reporting tools we manage and support.

For all enquiries regarding how best to protect yourself from fines imposed by the NDB Scheme, contact our expert Kevin Carne by emailing [email protected]