What you need to know about data security for your business.

What you need to know about data security for your business.

GDPR, NDB, IRAP, CCSL, CCPA. If you know what any of those acronyms mean, then you’re doing well. If you’re aware of how they impact your business, then you’re doing even better.

If you have no idea what I’m talking about though, you’re not alone. 

All of these are acronyms for various security requirements, data protection laws and certifications both in Australia and throughout the world. And if you’re a business in Australia who collects and stores the data of your customers or clients, then you’re going to need to know about them. 

As more and more of our data moves into the cloud (which we think is a good thing, by the way), the more you need to be aware of your responsibilities in protecting the data of your customers.

The long and the short of it is that as a business owner or manager, you need to know where your information lives on the cloud, you need to ensure that it’s protected, secured and in many industries certified, and you need to know what to do if there’s a breach of that data in the event that the client information you hold is stolen or accessed.

Reading an article recently about the possible changes ahead for Australia’s Data Protection Laws, it occurred to me how confusing the topic of data protection is for many businesses, not just in Australia but around the world. It also occurred to me that there are a few simple steps you can take to ensure your business is doing what’s necessary to protect your data, your clients and their personal information.

Where to start with data protection

The first thing you need to know when it comes to protecting client data, is that not all cloud data services are as compliant as you might imagine. And in many industries like law, finance and medical, compliance is a crucial component of the day-to-day running of the business.

Recently a client of ours asked if their cloud data storage was IRAP certified. In simplified terms, IRAP is the Information Security Registered Assessors Program run by the ACSC (Australian Cyber Security Centre) and gives accreditation to individuals in the public and private sector to assess whether an ICT system meets Australian Government standards.

Now for this client, I wasn’t sure, so I checked with the vendor and the answer was “No”. It was SOC2 compliant and ISO27001 compliant (etc, etc) – but not IRAP. So, the product the client was using was based on a Danish product and while it is probably as secure and compliant as it needs to be, it didn’t tick the box required for this client’s industry body.

So, what can you do to avoid the same problem?

Make sure you’re using leading technology platforms

The best way to make sure that you’ll be compliant is to make sure you’re using the leading technology platforms in the cloud computing space.

It’s our view at P1 Technology, that the leading platform is well and truly Microsoft Sharepoint. They store your data on shore, in Australian datacentres and they are certified for all major Australian compliance requirements.

You might be using Google or Dropbox for the same things that Sharepoint can deliver to your business. Google is IRAP compliant and has some great tools for business. Something else to consider though, is how these providers are setup in terms of how they do business with you.

Microsoft have always been a fee for service company. They charge you for something and you get a product. Google is the opposite. They’ve always been more of a “freemium” provider, giving you a certain amount of access for free, and then charging you if you want access to more features. This does make me question with Google, how much of your data could be potentially shared with others. Remember that when you’re getting something for free, you (and your data) are the product.

Know your compliance obligations

Do you:

• -    Know where your data is stored?
• -    Use Multi-factor Authentication to protect it?
• -    Use strong, unique passwords?

If you can answer yes to these three questions, then you’ll rest easier when you’re next asked about your data security policy.

If you’re concerned about your business being compliant with data protection laws, talk to your IT provider so you can review where your data lives and make sure it’s protected as well as it can be.

« Back to News