Riley highlighted key statistics arising from the Australian Cyber Security Centre (ACSC) Small Business Survey published in July 2020. Most startling was the following:
- the ACSC receives, on average, one report of cybercrime every 10 minutes (approximately 164 reports per day); and
- the estimated loss to cybercrime in Australia is $300 million per year.
The full findings of the survey can be accessed here: https://www.cyber.gov.au/acsc/small-and-medium-businesses/small-business-survey-results
He then examined common forms of cyberattacks, including:
- phishing scams, where scammers pose as a legitimate institution and lure their targets (whether by phone, email, or text message) into providing sensitive information; and
- malware, such as viruses, worms, ransomware, spyware and Trojan Horses, which are designed to attack and cause damage to a computer server or network.
Given the frequency with which cyberattacks occur and the amount of personal and sensitive information workplaces hold, employers have several ethical and risk-management obligations in protecting the privacy of their consumers, clients, and staff and managing their electronic data.
Anna discussed the 13 Privacy Principles set out in the Privacy Act 1988 (Cth), which guide companies on how to protect the personal data of consumers and staff. Additionally, HR personnel must notify the Office of the Australian Information Commissioner if there is unauthorised access to, unauthorised disclosure, or loss of personal information held by the organisation which is likely to result in serious harm to any of the individuals to whom the data relates.
Anna and Riley emphasised that the risks posed by cyberattacks can be mitigated by workplaces informing themselves of the common characteristics of cybercrime and providing appropriate training to employees as to the role they play in avoiding such attacks. Companies would be wise to protect their computers and networks against potential threats through the use of antivirus software processes. The ACSC’s “Essential Eight” strategies to mitigate cybersecurity incidents were also explored as ways for organisations to protect their systems against adversaries.
For more information about what you can do to keep consumer and employee data safe from cyberattacks, the ACSC has developed a guide to help small businesses protect themselves from common cybersecurity incidents. This guide can be accessed through the following link: https://www.cyber.gov.au/acsc/small-and-medium-businesses/acsc-small-business-guide
To discuss privacy concerns and your organisation’s obligations, contact the Business and Corporate Group at BAL Lawyers.
Our next HR Breakfast Club will be held on Friday 20 November 2020. Gabrielle Sullivan will be presenting on How casual can we be? We look forward to seeing you then.