As data breaches increasingly impact Australian businesses and their customers, it’s crucial for businesses to improve their data security practices and ensure their customers’ personal data is handled appropriately.
The latest Annual Cyber Threat Report found that cybercrime reports have increased compared to data from the previous year, with one report now received every 6 minutes. During the 2022-23 financial year, the cost of cybercrime to businesses increased by 14%. Per cybercrime report, small businesses experienced an average financial loss of $46,000, while cybercrime cost medium businesses an average of $97,200.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has launched a new publication on Securing Customer Personal Data for Small and Medium Businesses.
In the new publication, small to medium businesses and organisations can access principle-based guidance to ensure they apply strong data security, collection and usage practices.
ASD’s ACSC recommends implementing 10 steps to secure customer personal data:
- Create a register of personal data
- Limit personal data collected
- Delete unused personal data
- Consolidate personal data repositories
- Control access to personal data
- Encrypt personal data
- Backup personal data
- Log and monitor access to personal data
- Implement secure ‘Bring Your Own Device’ practices
- Report data breaches involving personal data.
Data breaches impact more than the customers whose personal data has been compromised or stolen.
A breach of customer personal data can disrupt business activity and damage the reputation of an organisation.
ASD’s ACSC is committed to keeping Australian businesses secure online, and is the Australian Government’s trusted voice and leading authority for cyber security advice and assistance.
The publication is not exhaustive and should be used in conjunction with guidance on personal information from the Office of the Australian Information Commissioner (OAIC).