Close
Public-sector organisations hold millions of private records, from financial information to medical records. Whether it’s a hospital, local council or government agency, robust data security is vital for these vulnerable organisations
The problem is that cybercrime is now mainstream. No longer the domain of disaffected geeks trying to impress each other with their hacking prowess, today cybercrime involves organised crime. In particular, criminals have been targeting patient records to lodge false health-insurance claims. Someone’s medical identity can be bought on the internet for just over $1000.
When Telstra released its Cyber Security Report late last year, it showed that 41 per cent of organisations surveyed had experienced a major cyber-security incident in the past three years, and only 43 per cent of organisations considered themselves well prepared to respond to a cyber-incident.
Security: A job that’s never done
Even for organisations following best practice, cyber safety and security is a journey not a destination, with IT departments regularly reviewing external risk factors and adjusting their policies.
While some companies run regular exercises to simulate a security breach and test the response, few organisations test their controls and systems through engaging ‘white hat’ hackers.
So what can large organisations in the public sector do to ensure their cyber safety and protect their data? While it’s important not to be complacent, the physical hardware and software, like firewalls and antivirus systems, that organisations use are typically good quality and up to date. Similarly, patches for operating systems and applications are usually up to date, although there can be a time lag for these as IT tests a patch before rolling it out across their business.
People: The weakest link
The real root of most security risks is the organisation’s people. Employee-purchased smartphones, tablets and notebook PCs are all vulnerable entry points. Hackers are constantly trying to persuade people to click on links that open malicious attachments or take them to websites with malicious code.
Indeed, the Telstra report found that 45 per cent of internet security incidents were the result of staff clicking on malicious attachments or links within emails.
Given that the workforce has been living with viruses and malware since the late 1990s, it’s surprising that users haven’t got it by now. James Turner, IBRS IT security industry analyst, believes that organisations aren’t taking the human factor seriously. Turner argues that security-awareness campaigns have to be a sustained attempt at behaviour modification, to the point where it permeates the organisation and becomes part of “the way we do things around here”.
Leadership is key
This is not necessarily an easy thing to do. Nevertheless, organisational leadership, from line managers to the C-suite, need to be involved. Turner argues that executives need to accept and commit to changes in their own behaviour and lead by example.
Measurable outcomes
Another key element of a successful security-awareness campaign, Turner says, is to be clear on the desired outcome, setting measurable monthly, quarterly and yearly targets. “Some of these areas include the number of malware outbreaks, the number of calls to the helpdesk reporting phishing attempts (an increase is good as it shows awareness) and a reduction in users sharing credentials.”
Staff engagement
However, Turner believes that all of these measures are meaningless if staff engagement is low. “Before running a security-awareness campaign, IT needs to collaborate with the HR department and understand what the engagement level of staff is within the organisation. Because if engagement is low, you need to fix that before you can tackle security awareness.”
For forward-thinking legal firms alternative legal services (ALT) an exciting opportunity to shape the future. Is ALT the next step for your practice?
Canon’s uniFLOW print management software can connect with major practice management software
Law firms can make errors when considering their printing and document management
Managing your information security is a complex business. Like any device connected to your network, your printers could be jeopardising your information security if not implemented and managed carefully.
Confidentiality is essential in the legal profession and the stakes are high for your clients and your professional reputation. Canon’s iR-ADV Gen III Series III multifunction devices are designed to boost efficiency and are packed with security features to minimise the risk of cyber-attack.
How to settle on the right practice management software for your business
If you lead an established, market-leading firm, you face a dilemma.
AI has shifted from being experimental technology to the mainstream. Here are six areas where AI is impacting the legal industry right now.
In this digital world, data management is a significant responsibility and a data breach is an equally significant risk. Should things go wrong, businesses must take steps to minimise the impact. With the changes to the Privacy Act coming into effect this week, Andrew Giles, Head of Public Relations and Communications for Canon Australia, shares insights on how to preserve trust and maintain strong customer relationships.
If you're on the Internet, you face security risks. You can no longer afford to assume that your business won't be a target because you're not big enough. Here are some big business takeaways that can substantially benefit your business' security.
Have a spare $2.82 million? That’s how much you can expect to pay, on average, if your organisation falls victim to a data breach in Australia.
