McCullough Robertson wrote an interesting piece on data breaches, “Data breach notification laws a step closer to reality – is your business cyber-ready?

Some highlights:
– “Cyber-breaches garner huge media attention and are ever-present. Just two recent reminders are Australia’s recent online Census site crash, and DropBox admitting that 68 million of their user accounts may have been compromised.”

– …there is an “added layer of reputational, legal and financial risk that comes from having to report on any compromises to your data. So, now is a good time for businesses of all sizes to reconsider their cyber-readiness.”

– “The motives of the attacks and who is behind them also vary, from social activism, to criminal theft (ransom) and large-scale state or corporate espionage. The common thread, though, is that data is the target – personal, sensitive and financial information of customers and staff, a business’s own financial and corporate records, trade secrets and other intellectual property.”

– “What Can You Do: Training: Humans remain the weakest link in many networks. Training your employees on cyber-threats is crucial, and should include: (a) how to spot and report phishing emails; (b) kind of information they should never give to anyone except specific people within your company (e.g. login and password details); (c) what group within your company is likely to ask them for specific kind of information (e.g. your HR department is unlikely to ask an employee for information about the company’s intellectual property); (d) not to use USB devices they did not acquire from a trusted source on your systems”

– “Test and Plan: red-teaming is the new trend to deliberately test your own systems for vulnerabilities, which you can then use to prepare a comprehensive response plan that you can implement as soon as any cyber-attack or data breach is detected.”