Data security has become such a problem in Australia that the government recently passed the Privacy Amendment Bill 2016 into law. This new law requires organisations to report data breaches and lost data to the Privacy Commissioner and to notify customers of the problem as soon as they become aware of it.

Fines for failing to notify customers and the Privacy Commissioner are large: up to $360,000 for individuals and $1.8 million for organisations. Even without fines, however, the failure or inability to respond to data breaches can have serious ramifications for your business. 

You may be surprised to find that some common office habits can quickly turn into data security problems. Here are ten ways your company data could be in danger:

1. Using Company Email for Personal Use

If you or your employees use your company email address to sign up for promotions, competitions or register for events, you could be making your company email system vulnerable to hacks. Not all websites are secured, so it’s best to encourage your employees (and yourself) to use company email exclusively for work-related purposes.

2. Weak Passwords

Passwords are your company’s first line of defense against hackers. Therefore, an information security management system that outlines effective password policies can help to secure your company data. Avoid common passwords (qwerty, 123456, etc.), and require that passwords contain upper and lowercase letters as well as numbers. Two-step verification is also recommended where possible.

3. Leaving Documents on the Printer

We often think of data leaks as simply a digital problem, but hard copies can be leaked as well. Don’t allow sensitive paperwork to be left out on the printers, on desks, or any other place where people could walk by and pick it up. A reported 29% of Australian SMEs have no information security policies, like clean desk policies, in place.

4. Being Casual with Removable Media

Devices like USB sticks, digital cameras, removable hard drives, and even smartphones can pose major data security risks. Implement an information security management system compliant with ISO 27001 to control the risks associated with removable media.

5. Including Too Much Information in Automatic Replies

It’s nice to be able to effortlessly disseminate important information to your colleagues and clients through the use of automatic replies, but be careful. Avoid including information about your holiday or business trip, your travel plans, or anything else you wouldn’t want becoming common knowledge.

6. Failing to Destroy Before Disposal

Deleting files or reformatting your hard drive does not always erase data. In many cases, you’ll need to use software designed to permanently wipe the drive if you want the data to disappear for good. Also, when you dispose of sensitive paper documents, cross-shred it before throwing it away.

7. Keeping Too Much Data

If you’re keeping old archives that contain sensitive data, consider going through it and getting rid of anything you no longer need. The less information you have on hand, the less likely it will fall into the wrong hands.

8. Interacting with Questionable Websites

What makes a website questionable? If a website is unsecured or offers illegal streaming, it could pose a risk to your company data. Train your employees on how to recognise questionable websites.

9. Ignoring Security Updates

When you’re in the middle of an important task, it’s annoying to have a security update pop up on your laptop or other devices. Don’t forget to install security updates, however. Many of these updates take care of holes in the security of the software and respond to risks as they emerge.

10. Failing to Use an Information Security Management System

One of the best things you can do to secure your company’s data is to implement an information security management system to combat potential threats and to remedy any problem areas. Compliance with ISO 27001 will help your company to do just that. ISO 27001 is the international standard for information security management systems, and will help you to combat security breaches in the future.

To learn more about how your company can become ISO 27001 certified, reach out to us at Compliance Council.