How to protect your data

Friday, 08 July 2016


    Safeguarding sensitive member and client information needs to be a priority for organisations as data breaches become more commonplace and harder to prevent.

    Organisations hold data that is valuable, and vulnerable, to high-end cyber criminals, disgruntled staff, and competitors, says Nigel Phair, Director of the Centre for Internet Safety at the University of Canberra.

    Information that identifies individuals is most at risk.

    Stealing names is not much of a threat, but when combined with a date of birth, address or Medicare information, names become extremely valuable, says Phair.

    The size of the organisation also doesn't exclude a company from cyber risks. Identity theft is rife and even a tiny not-for-profit has data that is valuable, he says.

    Personal data from not-for-profit organisations has the same value as big companies, but it may not be as well protected.

    The most common errors that leave organisations vulnerable to attack by hackers are:

    1. Not maintaining software

      Many organisations don't install security patches immediately, leaving their databases vulnerable to attack. Phair recommends installing updates and security patches, and ensuring antivirus software is up to date. Some organisations are still using Windows XP. Microsoft is not supporting it and there will be no more security updates. This means these organisations are unprotected and must change to a new operating system, he says.

    2. Careless passwords and system access

      The first thing hackers go for is system privileges, says Phair. System privileges give people permission to view and modify computer files or databases. System administrators must not use default passwords and should regularly change them.

    3. Disgruntled insiders

      Organisations should consider encrypting data to reduce the chance of theft by an insider. Disgruntled staff members or contractors who feel they haven't been paid enough may steal or maliciously alter data for money or revenge, says Phair.

    4. Lack of staff training

      Staff need to understand what information is important to the organisation and the risks if it is compromised, he says. It all comes down to risk management. Make sure staff use strong and unique passwords that are changed every 90 days.

    5. Be alert for phishing

      Phishing refers to a specially crafted email from an attacker that looks legitimate and attempts to trick you into divulging information. Be suspicious of links or attachments delivered via email that you didn't ask for, says Phair.

    In other words...

    • Big or small, all organisations need to protect their data frrom hackers.
    • Keep software up to date and ensure passwords are strong and changed regularly.
    • Encrypt data to reduce risk of insider attack and train staff appropriately.

    Latest news

    This is of of your complimentary pieces of content

    This is exclusive content.

    You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.