Story image

Is the government’s new data breach bill going to give your business a bad reputation?

15 May 2017

No one likes admitting when they’ve made a mistake. Especially if it’s a big one, like a leak that exposes customers’ private and personal information. But that’s just what businesses will have to do with the Government’s Breach Notification Bill passing through parliament earlier this year.  The bill requires businesses to notify the Privacy Commissioner and affected customers as soon as they  become aware of a ‘notifiable breach’ in data. 

In many personal scenarios, admitting you’ve made a mistake results in a warm hug and a chat about how you can do things better next time. Unfortunately, the corporate world is a little less forgiving and can result in fines, loss of revenue and severe reputational damage.

Late last year the Red Cross landed headlines like ‘Red Cross data breach could have exposed donors to identify theft’ and ‘Phishers go after Red Cross data breach victims’ when it compromised 550,000 blood donor’s private details online. These headlines are forever immortalised online and with more businesses required to fess up and face the music we can only expect to read more. 

It has never been more important for businesses to make sure their data and their customers’ data is fiercely protected. While most businesses make sure they have effective security infrastructure,  it’s important not to cut corners in other areas, such as software.

Last year in Australia, the number of reported cases of unlicensed software operating in businesses  steadily grew 105% year-on-year. And before you shrug your shoulders wondering what harm a little bootleg program could have on data being breached, an IDC Study found there is a connection between unlicensed software and cybercrime. 

Many businesses don’t realise that by having your software properly licensed, it provides additional benefits alongside compliance: 

Software comes with its own encryption, providing an extra level of security to your business data. As computers continue to increase in processing power, encryption is required to be ever evolving.

The current encryption of 128-bit AES would take today’s computers 10.79 quintillion years to crack, however, with quantum computing this would take less than six months. Software producers continually update and build encryption into their products ensuring their customers’ data is future-proofed. 

Software constantly needs to be patched and notify you of urgent security updates. While patching is one of the last things on a business’s mind, it is one of the most important.

A recent report, Flexera Software’s 2016 software vulnerabilities,  found there were 17,147 vulnerabilities across 2,136 products, of which 81% had patching available on the day of discovery. Unlicensed software doesn’t have automatic patching or built-in alerts, leaving users vulnerable to known flaws.

Licensed software also saves businesses time and money. Similar to patching, unlicensed software doesn’t provide users with the best and latest features, forcing the businesses to uninstall and reinstall the program every time they want to upgrade. Properly licensed software can quickly upgrade while the system is offline, saving the user time and the business money.

What this all means is that unlicensed programs could be the reason why you have to explain to your customers why their personal information has been stolen. It has become even more imperative that businesses ensure they are using licensed software.

 Check that your software has a certificate of authenticity and invest in an effective Software Asset Management (SAM) tool to make sure all the moving parts of your business are safe and secure. And you can avoid damaging headlines that drag your business’ reputation through the mud.  

Article by Gary Gan, Director of APAC Compliance at BSA.

GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
Why AI will be procurement’s greatest ally
"AI can help identify emerging suppliers, technologies and products in specific categories."
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
Data#3 to exclusively provide MS licences to WA Government
The technology services provider has won two contracts with the Western Australia Government, becoming its sole Microsoft licence provider.
Why cash is no longer king in Australia
Australia is leading the way in APAC for granting credit on B2B transactions.