Cyber leak is timely reminder to boost online security in 2022
The attack has implications for the thousands of SA businesses including SMEs that rely on government work.
They need to ensure they have the proper protections in place to guard against the loss of not only the personal details of employees but also critical commercially valuable information. Failure to do so will mean they lose contracts.
Government is increasingly wanting to see how a business protects and then monitors its systems to detect and respond to any breaches.
A business must comply with mandatory cyber security requirements and in turn have in place appropriate contracts and processes to ensure that their suppliers, sub-contractors and service providers also meet these information security requirements.
In December, the Commonwealth released an inaugural Australian Data Strategy and Action Plan, which aligns with its existing Cyber Security Strategy.
These deal with protections required for the secure use of data across both the private and public sectors into an increasingly cyber future.
Businesses will have to demonstrate their critical infrastructure and data protection systems as well as their crisis response plan in the event of an attack.
A business will need to know when it must notify a privacy breach to those whose data has been stolen and the Australian Information Commissioner.
Increasing concern about the prevalence of ransomware attacks coupled with data theft has prompted the introduction of new legislation that will legally oblige businesses to report ransomware payments and attacks to the Australian Cyber Security Centre.
In November, new Commonwealth legislation was passed that will require businesses in an expanded list of ‘critical’ industries to report serious cyber security incidents to the Australian Signals Directorate.
These ‘critical’ industries include communications, data storage, food and transport.
The Directorate will also be able to provide emergency assistance where a business does not have in place the right measures to deal with the attack.
Recent cyberattacks have seen increased government regulation in relation to:
- data breach response and reporting;
- mandatory reporting of ransomware attacks;
- broadening of critical infrastructure data protection requirements, and;
- introduction of additional and increased penalties and rights of compensation against non-compliant companies and their directors and officers.
It is important for all businesses to devote the necessary time and resources now to understanding and managing their data protection risks through legal documentation and IT protections to avoid serious commercial, reputational damage and legal liability.
Paul Dugan is a Principal at DMAW Lawyers in Adelaide.
Comments are closed.