cybe ybersecurity protect ct y you our busi sine ness
play

Cybe yberSecurity Protect ct Y You our Busi sine ness What t - PowerPoint PPT Presentation

Cybe yberSecurity Protect ct Y You our Busi sine ness What t You Ne Need t to o Kn Know @CLICK!DigitalExpo #CLICK2017 #IncredibleCLICK #OnyxOnlineLaw #legal #business #cybersecurity w w w. O . O ny x O n l i l i n e L a L aw. c .


  1. Cybe yberSecurity Protect ct Y You our Busi sine ness What t You Ne Need t to o Kn Know @CLICK!DigitalExpo #CLICK2017 #IncredibleCLICK #OnyxOnlineLaw #legal #business #cybersecurity w w w. O . O ny x O n l i l i n e L a L aw. c . c o m w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  2. This is for you if - • You want a simple explanation of your cybersecurity risks • You want some easy steps to protect your business • You’d like to understand your real legal obligations w w w . O n y x O n l i w w w . O n y x O n l i l i n e L a l i n e L a L a w . c L a w . c . c o m . c o m o m o m

  3. Who Am I & Why LISTEN T To Me? Me? Worked with over 1000 clients to protect • their businesses Insider understanding on business needs • after over 8 years in house Over 18 years experience, working with • online business since 2010 Practical, solution focused, easy to talk to • Author of international bestseller “Cover • Your Arse Online” LLB, LLM, GradDip LP, GAICD • w w w . O n y x O n l i w w w . O n y x O n l i l i n e L a l i n e L a L a w . c L a w . c . c o m . c o m o m o m

  4. Who Am I & Why LISTEN T To Me? Me? Worked with over 1000 clients to protect • their businesses Insider understanding on business needs • after over 8 years in house Over 18 years experience, working with • online business since 2010 Practical, solution focused, easy to talk to • Author of international bestseller “Cover Your • Arse Online” LLB, LLM, GradDip LP, GAICD • w w w . O n y x O n l i w w w . O n y x O n l i l i n e L a l i n e L a L a w . c L a w . c . c o m . c o m o m o m

  5. Disclaimer This is general legal information only. If you have very specific questions, consider getting legal advice appropriate to your circumstances. Don’t advise others, refer them for legal advice. w w w . O n y x O n l i w w w . O n y x O n l i l i n e L a l i n e L a L a w . c L a w . c . c o m . c o m o m o m

  6. What we’re covering 1. Risk Management in the age of cyber- attacks 2. Mandatory Data Breach laws and how they apply to you 3. Why not knowing is no excuse w w w . O n y x O n l i w w w . O n y x O n l i l i n e L a l i n e L a L a w . c L a w . c . c o m . c o m o m o m

  7. Ris isk Manag nagement nt

  8. Risk management? 1. Identify a potential problem for your business 2. Work out what you can do to solve the problem or to reduce the chance of it happening, or the impact if it does happen 3. Revisit every 6 – 12 months to check w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  9. What is cyber risk? • The risk of – financial loss or data destruction – reputational damage – business disruption = lost productivity – systems failure through technology w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  10. What is cyber risk? Commo mmon m method Commo mmon r risk sk • phishing email • Hacking – attachments • Malware • spear phishing email • randsomware (WannaCry, • waterhole attack Petya) – Websites • trojan (steals credentials) • back door • payments diverted w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  11. The cost… Ransomware first appeared in 1989 In 2015 victims paid out $24 million to hackers In 2016 it was estimated at $1 bil billio ion The overall annual cost of global cybercrime was thought to be $3 trillion in 2015 and this is expected to double to $6 trillion a year by 2021. www.ZDNet.com w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  12. What is cyber security? What What w we u e use - What w we p protec ect - • technology • devices • techniques • networks • processes • programs • practices • data w w w . O n y x O n l i w w w . O n y x O n l i l i n e L a l i n e L a L a w . c L a w . c . c o m . c o m o m o m

  13. What is cyber security? What What w we u e use - What w we p protec ect - • technology • devices What does that mean for you? • techniques • networks • processes • programs • practices • data w w w . O n y x O n l i w w w . O n y x O n l i l i n e L a l i n e L a L a w . c L a w . c . c o m . c o m o m o m

  14. Devices • strong password protection • use antivirus and security software • keep software updates current • monitor software and applications used • back-up daily to an independent location • apply remote deletion of data from devices w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  15. Networks • appoint a responsible person • keep a current inventory of all devices • monitor software and applications used • keep all software up to date • segment the network • back-up all data, daily • store back-ups securely, offsite w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  16. Programs • map all programs used • back-up program files and license keys • keep operating systems, applications and data up to date • don’t use counterfeit copies • complete a threat analysis w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  17. Data • use data encryption • use trusted storage providers • back-up daily to an independent location • test that back-up reinstatement works • keep software updates current • don’t accept payment instructions via email w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  18. Assessment of risk • know who is responsible and for what? • threat analysis • penetration testing • quality of back-ups • monitoring program • remove affected machines from networks w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  19. Mandat andatory Data ta Breach ach Laws

  20. 22 February 2018

  21. Do the Law apply to you? • business, organisations (including sole trader), and government agencies already covered by the Privacy Act • small business >$3m annual turnover • provide a health service or hold health information w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  22. Do the Law apply to you? • collect personal information for sale/benefit – conference organiser who shares attendee information with exhibitors – business that collates online or offline information to create databases for sale – research organisation surveying people for eligibility for government rebates w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  23. Notifiable breach Personal information • personal data is lost, accessed or disclosed – tablet left on plane – hacked system eg. Ashley Madison – phone number on whiteboard on tv broadcast – job applicant CV left on reception desk w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  24. Notifiable breach • the breach is likely to result in serious harm to any person who’s data has been lost or accessed • Serious harm – physical, psychological, emotional, economic, financial or reputational harm w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  25. If there is a breach - • Notify individuals at risk of harm • Notify the Office of the Australian Information Commissioner www.oaic.gov.au • www.privacy.gov.au w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  26. If there is a breach - Notice within 30 days • identify your business • describe the data breach • explain what information is involved • let people know what steps to take to protect themselves w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  27. Need more? www.onyxonlinelaw.com Legal Articles • Mandatory Data Breach Notification Laws Australia – FAQs w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  28. No Not Knowing i is s NO NO EX EXCUSE

  29. Ignorance of the law is no excuse in any country. If it were, the laws would lose their effect, because it can always be pretended. Thomas Jefferson

  30. Tech Neutral • Data breach laws are technology neutral. • Just because you still operate with a largely paper based system does not mean that this law will not apply. • Most filing cabinets can be unlocked with a paperclip. w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  31. Penalties • direction for compliance / undertaking • public apology • compensation for individuals • Commissioner has 6 years to seek civil penalties – fines <$360,000 for individuals – fines <$1.8m for organisations w w w . O n y x O n l i l i n e L a L a w . c . c o m o m

  32. What we’ve covered 1. Risk Management in the age of cyber- attacks 2. Mandatory Data Breach laws and how they apply to you 3. Why not knowing is no excuse w w w . O n y x O n l i w w w . O n y x O n l i l i n e L a l i n e L a L a w . c L a w . c . c o m . c o m o m o m

  33. Do you need help?

  34. Action Steps Connect @OnyxOnlineLaw on social media to receive a cybersecurity for small business checklist w w w . O n y x O n l i w w w . O n y x O n l i l i n e L a l i n e L a L a w . c L a w . c . c o m . c o m o m o m

  35. Action Steps advice@onyxonlinelaw.com www.onyxonlinelaw.com www.lawforwebsites.info w w w . O n y x O n l i w w w . O n y x O n l i l i n e L a l i n e L a L a w . c L a w . c . c o m . c o m o m o m

  36. Questions w w w . O n y x O n l i w w w . O n y x O n l i l i n e L a l i n e L a L a w . c L a w . c . c o m . c o m o m o m

Recommend


More recommend