Reading time: 7 minutes

COVID-19 has changed the way we work and do business. Unfortunately, scammers are taking advantage of the pandemic to exploit businesses and consumers across Australia. In a time where we are working more remotely than ever and using technology to connect, it is important to ensure your business is protected against cyber threats. Cyber security is about protecting your business’ technology and information from accidental or illegal access, corruption, theft or damage. Cyber security breaches also pose a threat to our customer data and could result in a data breach under the Privacy Act. Additionally, a cyber threat or incident can cause many issues for businesses, including: 

  • financial loss;
  • business or reputational loss; 
  • time notifying relevant authorities of the incident; and
  • time to get your systems up and running again. 

There may be no foolproof solution. However, there are many things your business and staff can do to ensure these risks are minimised as much as possible. This article explains what they are. 

Why Is It So Important? 

There are many significant issues that can be caused as a result of a cyber attack, including: 

  • financial loss from theft of money; 
  • information or distribution to businesses; and 
  • business reputational loss. 

Data breaches are another major risk associated with cyber attacks. They are especially risky where your business holds the personal information and data of your customers and this data is compromised in a cyber attack. 

Data Breaches

Criminal attacks are the main cause of many data breaches. This can have significant consequences for businesses that are considered APP companies. An APP entity is a business that:

  • has an annual turnover of $3 million or more; or 
  • is a subsidiary of a holding company that has a $3 million or more turnover. 

Some businesses with a lower turnover may also qualify, such as businesses that provide a health service and hold health information. Therefore, it is important to check with a lawyer if your business would be considered an APP entity for the purposes of the Privacy Act. If your business is considered an APP entity, you will need to comply with the Notifiable Data Breaches (NDB) scheme.

A notifiable data breach is when your business: 

  • loses personal information (which could include losing a laptop); 
  • discloses personal information to an unauthorised person; or 
  • has an unauthorised third party access the information (for example, if your database is hacked). 

If your business believes that an eligible data breach has occurred, you must notify all individuals affected by the breach as soon as possible. You must also notify the Australian Information Commissioner (OAIC). Your notifications must include certain specifics, and it can be a timely and costly procedure. 

Depending on the type of breach and the business’ compliance with reporting requirements under the Privacy Act, penalties can reach up to $2.1 million dollars for a body corporate and from $105,000 to $420,000 for any other entity. 

If your business is an APP entity, it is important to have a data breach response plan in place. This will allow you to respond efficiently and effectively to a data breach.

What Can Your Business Do to Minimise a Risk of a Cyber Threat During the Pandemic?

Invest in Cyber Security 

Cyber security is crucial for any organisation, and investing in cyber security can help reduce the risk of a cyber attack. Cyber security experts can advise you on the best forms of security for your business to ensure you have protection for your business. You may need to update your software or invest in better IT infrastructure to ensure you have the best chance of not having a cyber attack against your business. An example is ensuring your emailing tool has a system to flag and filter out spam emails your staff may receive.

Cyber insurance is another investment that you can make to help minimise the impacts of a cyber attack or data breach. Cyber insurance can provide mechanisms to control, contain and coordinate responses to cyber scams. It may help protect or minimise the aftereffects of a cyber attack by covering certain costs for your business. 

Train and Educate Staff

During the pandemic, your staff may be working remotely and commuting to different locations. It is an important time to educate your staff on these cyber risks to help them manage these issues. 

Employees are constantly interacting with multiple company systems within your business. Therefore, it is important to train them adequately on how to use each of these. These systems range from emails, software or systems even to social media pages such as Linkedin. 

Password Security 

Educate your staff on the importance of password security. Passwords are the first line of protection to keep sensitive and personal information safe. They also make it more difficult for hackers. Show your staff how to set strong passwords for any of their devices, emails or work systems. Strong passwords should incorporate a combination of:

  • letters;
  • numbers; and
  • symbols.

Emails 

Train staff to identify spam emails and ensure they know not to click on any links that may look suspicious. You should let your staff know what they need to do or who to contact (for example, your internal IT team) should they get a suspicious email or at least before clicking on any links. 

Ensure that you update and repeat your training regularly as a refresher to staff. Further, you should let staff know of the latest scams or issues that have arisen in the public so they understand the importance of the training. It is also important to ensure you are training any new staff that come on board. 

Acceptable Use Policies

Your IT acceptable use policy should clearly set out what you expect of your staff when they interact with company systems. The content of the policy will vary depending on your industry and business practices, but some key features include:

  • how staff should respond to suspicious emails they have received;
  • restricting the type of software that an employee may download without permission;
  • setting out what employees must do if they think a data breach has occurred;
  • notifying employees of how you are monitoring them;
  • regulating how an employee must conduct themselves on both personal and company social media channels;
  • the types of websites they can visit; and 
  • what is acceptable for them to download.

When a new employee or contractor commences work with your business, it is crucial to clearly set out the guidelines they need to follow and the expectations on them when using your IT systems. This will reduce the risk of employees inadvertently causing harm because they were unaware of the correct approach.

You can also clearly set out the consequences of breaching your IT acceptable use policy. These consequences might include termination or disciplinary action.

Key Takeaways 

With the shift to remote working likely to extend beyond the pandemic, cyber security will be an ongoing risk associated with operating your business. It is important to ensure you have the best protection possible against a cyber threat. Ensure you have:

  • appropriate cyber security protection;
  • updated IT systems;
  • staff that are trained and understand how to spot a cyber threat; and
  • IT acceptable use policies; and
  • systems to provide guidance to staff members on how to behave and the consequences if they do not.

If you would like to discuss these issues or wish to incorporate an IT acceptable use policy, contact LegalVision’s data, IT and privacy lawyers on 1300 544 755 or fill out the form on this page.

Frequently Asked Questions

What is a notifiable data breach?

A notifiable data breach is when your business loses personal information, discloses personal information to an unauthorised person or has an unauthorised third party access the information.

What is an APP company?

An APP entity is a business that has an annual turnover of $3 million or more or is a subsidiary of a holding company that has a $3 million or more turnover.

Webinars

Redundancies and Restructuring: Understanding Your Employer Obligations

Thursday 7 July | 11:00 - 11:45am

Online
If you plan on making a role redundant, it is crucial that you understand your employer obligations. Our free webinar will explain.
Register Now

How to Sponsor Foreign Workers For Your Tech Business

Wednesday 13 July | 11:00 - 11:45am

Online
Need web3 talent for your tech business? Consider sponsoring workers from overseas. Join our free webinar to learn more.
Register Now

Advertising 101: Social Media, Influencers and the Law

Thursday 21 July | 11:00 - 11:45am

Online
Learn how to promote your business on social media without breaking the law. Register for our free webinar today.
Register Now

Structuring for Certainty in Uncertain Times

Tuesday 26 July | 12:00 - 12:45pm

Online
Learn how to structure to weather storm and ensure you can take advantage of the “green shoots” opportunities arising on the other side of a recession.
Register Now

Playing for the Prize: How to Run Trade Promotions

Thursday 28 July | 11:00 - 11:45am

Online
Running a promotion with a prize? Your business has specific trade promotion obligations. Join our free webinar to learn more.
Register Now

Web3 Essentials: Understanding SAFT Agreements

Tuesday 2 August | 11:00 - 11:45am

Online
Learn how SAFT Agreements can help your Web3 business when raising capital. Register today for our free webinar.
Register Now

Understanding Your Annual Franchise Update Obligations

Wednesday 3 August | 11:00 - 11:45am

Online
Franchisors must meet annual reporting obligations each October. Understand your legal requirements by registering for our free webinar today.
Register Now

Legal Essentials for Product Manufacturers

Thursday 11 August | 11:00 - 11:45am

Online
As a product manufacturer, do you know your legal obligations if there is a product recall? Join our free webinar to learn more.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards