Cybe yberSecurity Protect ct Y You our Busi sine ness What t - - PowerPoint PPT Presentation

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Cybe yberSecurity Protect ct Y You

• ur Busi

sine ness What t You Ne Need t to

• Kn

Know

@CLICK!DigitalExpo #CLICK2017 #IncredibleCLICK #OnyxOnlineLaw #legal #business #cybersecurity

w w w. O . O ny x O n l i l i n e L a L aw. c . c o m

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

This is for you if -

• You want a simple explanation of your

cybersecurity risks

• You want some easy steps to protect your

business

• You’d like to understand your real legal
• bligations

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Who Am I & Why

LISTEN T To Me? Me?

• Worked with over 1000 clients to protect

their businesses

• Insider understanding on business needs

after over 8 years in house

• Over 18 years experience, working with
• nline business since 2010
• Practical, solution focused, easy to talk to
• Author of international bestseller “Cover

Your Arse Online”

• LLB, LLM, GradDip LP, GAICD

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Who Am I & Why

LISTEN T To Me? Me?

• Worked with over 1000 clients to protect

their businesses

• Insider understanding on business needs

after over 8 years in house

• Over 18 years experience, working with
• nline business since 2010
• Practical, solution focused, easy to talk to
• Author of international bestseller “Cover Your

Arse Online”

• LLB, LLM, GradDip LP, GAICD

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Disclaimer

This is general legal information only. If you have very specific questions, consider getting legal advice appropriate to your circumstances. Don’t advise others, refer them for legal advice.

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

What we’re covering

• 1. Risk Management in the age of cyber-

attacks

• 2. Mandatory Data Breach laws and how they

apply to you

• 3. Why not knowing is no excuse

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Ris isk Manag nagement nt

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Risk management?

• 1. Identify a potential problem for your

business

• 2. Work out what you can do to solve the

problem or to reduce the chance of it happening, or the impact if it does happen

• 3. Revisit every 6 – 12 months to check

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

What is cyber risk?

• The risk of

– financial loss or data destruction – reputational damage – business disruption = lost productivity – systems failure through technology

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

What is cyber risk?

Commo mmon m method

• phishing email

– attachments

• spear phishing email
• waterhole attack

– Websites

• back door

Commo mmon r risk sk

• Hacking
• Malware
• randsomware (WannaCry,

Petya)

• trojan (steals credentials)
• payments diverted

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

The cost…

Ransomware first appeared in 1989 In 2015 victims paid out $24 million to hackers In 2016 it was estimated at $1 bil billio ion The overall annual cost of global cybercrime was thought to be $3 trillion in 2015 and this is expected to double to $6 trillion a year by 2021.

www.ZDNet.com

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

What is cyber security?

What What w we u e use -

• technology
• techniques
• processes
• practices

What w we p protec ect -

• devices
• networks
• programs
• data

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

What is cyber security?

What What w we u e use -

• technology
• techniques
• processes
• practices

What w we p protec ect -

• devices
• networks
• programs
• data

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

What does that mean for you?

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Devices

• strong password protection
• use antivirus and security software
• keep software updates current
• monitor software and applications used
• back-up daily to an independent location
• apply remote deletion of data from devices

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Networks

• appoint a responsible person
• keep a current inventory of all devices
• monitor software and applications used
• keep all software up to date
• segment the network
• back-up all data, daily
• store back-ups securely, offsite

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Programs

• map all programs used
• back-up program files and license keys
• keep operating systems, applications and

data up to date

• don’t use counterfeit copies
• complete a threat analysis

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Data

• use data encryption
• use trusted storage providers
• back-up daily to an independent location
• test that back-up reinstatement works
• keep software updates current
• don’t accept payment instructions via email

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Assessment of risk

• know who is responsible and for what?
• threat analysis
• penetration testing
• quality of back-ups
• monitoring program
• remove affected machines from networks

Mandat andatory Data ta Breach ach Laws

22 February 2018

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Do the Law apply to you?

• business, organisations (including sole

trader), and government agencies already covered by the Privacy Act

• small business >$3m annual turnover
• provide a health service or hold health

information

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Do the Law apply to you?

• collect personal information for sale/benefit

– conference organiser who shares attendee information with exhibitors – business that collates online or offline information to create databases for sale – research organisation surveying people for eligibility for government rebates

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Notifiable breach

Personal information

• personal data is lost, accessed or disclosed

– tablet left on plane – hacked system eg. Ashley Madison – phone number on whiteboard on tv broadcast – job applicant CV left on reception desk

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Notifiable breach

• the breach is likely to result in serious harm

to any person who’s data has been lost or accessed

• Serious harm

– physical, psychological, emotional, economic, financial or reputational harm

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

If there is a breach -

• Notify individuals at risk of harm
• Notify the Office of the Australian

Information Commissioner www.oaic.gov.au

• www.privacy.gov.au

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

If there is a breach -

Notice within 30 days

• identify your business
• describe the data breach
• explain what information is involved
• let people know what steps to take to protect

themselves

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Need more?

www.onyxonlinelaw.com Legal Articles

• Mandatory Data Breach Notification Laws

Australia – FAQs

No Not Knowing i is s NO NO EX EXCUSE

Ignorance of the law is no excuse in any country. If it were, the laws would lose their effect, because it can always be pretended.

Thomas Jefferson

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Tech Neutral

• Data breach laws are technology neutral.
• Just because you still operate with a largely

paper based system does not mean that this law will not apply.

• Most filing cabinets can be unlocked with a

paperclip.

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Penalties

• direction for compliance / undertaking
• public apology
• compensation for individuals
• Commissioner has 6 years to seek civil

penalties

– fines <$360,000 for individuals – fines <$1.8m for organisations

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

What we’ve covered

• 1. Risk Management in the age of cyber-

attacks

• 2. Mandatory Data Breach laws and how they

apply to you

• 3. Why not knowing is no excuse

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Do you need help?

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Action Steps

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Connect @OnyxOnlineLaw on social media to receive a cybersecurity for small business checklist

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Action Steps

advice@onyxonlinelaw.com www.onyxonlinelaw.com www.lawforwebsites.info

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m

Questions

w w w . O n y x O n l i l i n e L a L a w . c . c o m

• m