Can you remember a time when data breaches were happening with such frequency?

The cybersecurity challenge in Australia has reached unprecedented levels lately. From telcos to health insurers to government departments, massive hacks are happening to organisations where you would expect firewall defences to be near impenetrable. 

As hackers discover new ways to get around defences in an increasingly digitised world, now is not the time for complacency. The reality is that as more and more businesses shift online, new chinks in the armour are appearing for hackers to take full advantage of. 

In fact, according to the Australian Cyber Security Centre, Australian businesses suffered combined total losses of $33 billion from cybercrime last year alone. Reports also show that phishing attempts have risen 600% and similarly, cloud-based attacks have increased 630%. 

So, it’s obvious we’re now facing a new kind of clear and present danger — but what steps should you take to best protect your data?

Keep calm and carry on complying

If data is king, compliance deserves its own throne too.

The digital landscape can feel a little opaque and nebulous when it comes to understanding how to cover your compliance bases. And now that sensitive information is being transferred to the cloud, security and compliance gains another layer of complexity. IT teams are now expected to meet both internal and external compliance requirements while working within the new realities of a geographically dispersed workforce.

In Australia, all activities to do with the handling and storage of personal and sensitive data is governed by The federal Privacy Act 1988 (Cth).

So, who needs to comply with the Privacy Act?

The Act imposes obligations on ‘APP (Australian Privacy Principle) Entities’. Broadly speaking, an APP Entity is an agency or an organisation, which includes an individual, body corporate, partnership, unincorporated association, or trust. It excludes small businesses with a turnover of less than $3 million, registered political parties, and state or territory authorities. 

The Australian Privacy Principles are too long and detailed to cover in this article, but it’s definitely recommended reading if you are one of the APP Entities obligated to comply with the Act. 

New threats mean new laws

In the wake of recent high-profile data breaches in Australia recently, the Federal Government has been compelled to introduce tough new legislation to sufficiently deter attacks while encouraging greater levels of compliance across industries.

The Attorney General recently made the call in the face of these increasing cybersecurity threats to increase penalties. Under the proposed bill, the penalty will increase to whichever is the greater of an AU$50 million fine; three times the value of any benefit obtained through the misuse of information; or 30% of a company’s adjusted turnover in the relevant period.

Sounds like they mean business, then. 

Thankfully, there are processes and platforms that make compliance easier. 

Backing in best practice

Salesforce has built a reputation for its security tools that help establish extra levels of trust, compliance, and governance with your business-critical apps.  

While it’s true that the Salesforce ecosystem is a very secure place, security must be a shared responsibility. Many organisations are of the mindset that Salesforce is a set and forget kind of deal — but that’s a fraught assumption.

There’s a higher level of accountability that comes along with handling sensitive data — especially when customers put so much trust in you, so organisations still need to implement, configure and develop secure ways to prevent security and privacy vulnerabilities.

Here’s some top line data best practice from Salesforce to consider within your own organisation:

• Think about who owns the security policy in your organisation. 
• Authentication is powerful when it comes to data security — what are your authentication processes like?
• Does multi-factor authentication exist within your organisation?
• What does your data storage and backup solutions and processes look like?
• Who is in control or covered by your permission sets?
• Encryption is key — is your sensitive data safely encrypted?
• Event Monitoring allows you to see who is accessing critical business data, when, and from where.

A secure solution

Salesforce seemingly has a solution for almost any business problem, and when it comes to data security, it’s no different. 

Salesforce Shield takes compliance and data protection to a new level. The platform contains a trio of security tools including Shield Platform Encryption, Event Monitoring, and Field Audit Trail.

In a nutshell, it’s cutting-edge encryption software to build trusted and secure cloud apps with speed and security that many businesses rely on to provide the security their data needs. 

However, much the same as mentioned above, there is no such thing as a set and forget solution. Careful planning, execution, maintenance and ongoing vigilance is key to securing your data assets

At the end of the day, data is one of your business’ most valuable assets. And when so much hinges on an asset as valuable as this, it makes complete sense to pull out all the stops to safeguard it. 

There’s so much more to cover when it comes to data protection. So, if you want to find out more, we’re always up for a chat. Talk to Cloudwerx about organising a security audit for your business today. 

https://www.salesforce.com/au/blog/2022/02/infographic-data-cybersecurity.html