Change brings opportunity: how data breach notification laws can create relevance for resellers

14 Mar 2018

Over five million data records are stolen across the world each day. And Australian businesses are increasingly vulnerable as the frequency and sophistication of these attacks continues to rise.

Just last year, one of the nation’s biggest data breaches resulted in the exposure of sensitive information pertaining to almost 50,000 workers and 5,000 public servants.

The consequences of a breach can be catastrophic, both financially and in terms of reputational damage. So, it’s no surprise that affected organisations are often reluctant to disclose such incidents. However, under Australia’s new data laws, all businesses with an annual turnover of more than $3 million are now required to notify affected clients, as well as the Privacy Commissioner, in the event of a hack. It’s a serious consideration for any business and creates a window of opportunity for resellers to position and deliver solutions into new and existing clients.

Channel sellers are constantly seeking ways to remain relevant in the eyes of prospects and customers and partners armed with even this basic information can work to become a trusted advisor during this time of change – highlighting risk, assessing and solutioning technology to deliver the outcome of robust breach protection. Indeed, many already are.

The Privacy Amendment (Notifiable Data Breaches) Act 2017 came into effect on Thursday, 22 February, 2018, and applies to any data breach with the potential to bring serious harm to those concerned. This includes economic, financial, physical, psychological, emotional and reputational harm. The new law is not retrospective and pertains only to breaches that occur after the implementation date.

The notification to the Privacy Commissioner must include the affected organisation’s name and contact information, a description of the breach, a description of the data that may have been compromised, and any recommended actions to be undertaken in response to the attack.

It’s a surprise that a change this significant has gone under the radar for so many businesses. But that presents opportunity for savvy resellers to engage with their customers and introduce modern security platforms that can prevent companies getting into trouble.

The Notifiable Data Breach scheme aims to improve Australia’s information security laws, and applies to any business, government agency or organisation that must normally abide by the Privacy Act 1988. Parties impacted by a breach must be notified in a timely manner, unless the breach is remediated swiftly enough to avoid serious harm. Failure to comply can result in fines of up to $360,000 for individuals or $1.8 million for businesses, meaning a single offence could financially cripple an affected company.

Alarmingly, a recent study found that 49% of Australian small and medium businesses with an annual turnover of over $3 million were unprepared for the new laws. The HP Australia IT Security Study, which surveyed 528 SMBs across various sectors, also discovered that 57% of SMBs had not undertaken any IT security risk assessment in the prior 12 months.

Given this lack of preparedness, there would appear to be ample opportunity for technology service providers to initiate a conversation with SMBs around appropriate solutions to address potential security threats.

Alex Su, a Security Pre-Sales Engineer at Arrow ECS ANZ noted “It’s a surprise that a change this significant has gone under the radar for so many businesses. But that presents opportunity for savvy resellers to engage with their customers and introduce modern security platforms that can prevent companies getting into trouble.”

Although it’s the responsibility of every organisation to ensure their client data is properly protected, many businesses simply lack the resources or expertise to implement a robust suite of security policies. This opens the door to experienced IT service providers who can review current practices and recommend appropriate procedures and technologies to properly safeguard customer information.

“There are technologies and services out there that can mitigate risk in a simpler manner than many expect” said Su. “Security check-ups, environmental assessments and leading technologies can combine to identify shortfalls and position resolutions in a matter of days. We deliver them to the Australian channel every other day.”

Some areas in which Australian businesses may require assistance include password policies, learning how to identify phishing attempts, establishing policies for information sharing via email and social media, penetration testing, malware removal, firewalls and physical site security.

Data retention policies should be examined, and sensitive information should be deleted when no longer required. In many cases, it may be unnecessary to store or even collect such information, thereby eliminating the risk of a breach. And since 80% of data breaches are related to employee negligence, priority must also be given to staff education and cyber-security training.

Security technology vendors like Check Point offer a diverse portfolio of cyber-security solutions across network, cloud and mobile infrastructure, delivering exceptional protection against a wide range of threats. Check Point Infinity is the first platform that combines unified threat intelligence with open interfaces, providing pre-emptive threat prevention and blocking sophisticated attacks before they occur.

To find out more about how you can assess your customers environment against threats, vulnerability and the security platform of the future, learn more about Arrow’s Check Point security assessments.