“There are only two types of companies: Those that have been hacked and those that will be hacked.” – Robert S. Mueller III, former Director of the Federal Bureau of Investigation.
Cyber security incidents have become a common occurrence in Australia and across the world. Organisations are no longer speaking in terms of if, rather, it has become a matter of when.
In this article, we address how you can ensure your organisation is as well-placed as possible to respond to a cyber security incident. In summary, we recommend you:
- Undertake risk assessments.
- Implement security measures.
- Have a tailored cyber security incident response plan.
- Test your staff, systems and incident response plan.
- Ensure any incidents or near-misses are made into valuable learning opportunities.
Undertaking risk assessment
It is important to identify the types of data you collect and store, and the potential risks to that data. This will help you determine what security measures to put in place and what your incident response plan should include.
It is also important to know the types of data that are held and why, as not knowing the data you hold or holding data you do not need or should not have exposes organisations to significant risks from a cyber security and privacy perspective.
Implementing security measures
Once you understand the types of data you have and the likely risks associated with that data, the next step is implementing suitable and adequate security measures. This includes things like firewalls, encryption, and access controls. Ensuring these measures remain up to date is equally important.
Creating an incident response plan
Many of the decisions an organisation will be required to make during a cyber security incident, for example, a data breach, can be made beforehand. This is one of the reasons having an incident response plan that is specific to your organisation is crucial.
There is no “one size fits all” step-by-step guide to responding to a data breach – there are simply too many variables at play and a broad range of risks which may arise depending on the nature of the organisation that has been breached, the systems in place, the method and scale of the breach and the type of information that has been compromised.
That said, the Office of the Australian Information Officer (OAIC) recommends that all data breach response plans should generally centre on the following four key steps:
- Contain the data breach to limit or prevent any further compromise of personal information.
- Assess the data breach by gathering the facts and evaluating the risks, including potential harm to individuals whose personal information has been compromised and, to the extent possible, taking action to remediate any risk of harm.
- Notify individuals and the OAIC if required. If the breach is an ‘eligible data breach’ under the notifiable data breaches scheme, it may be mandatory for your organisation to notify.
- Review the incident and consider what actions can be taken to prevent future breaches.
Your organisation’s incident response plan should also address the steps and decisions required when facing a ransomware attack, or you may choose to have a separate response plan for such incidents.
Although each cyber security incident will be different and must be managed on a case-by-case basis, having a response plan which is tailored to your organisation can save time, money and reputation if a cyber security incident does occur.
Testing your incident response plan
Everyone is familiar with the concept of a fire drill. In this context, the benefit of testing systems, policies, procedures and people in order to be ready for a time of crisis is widely accepted. More and more organisations are beginning to understand the importance of this in the context of cyber security.
We recommend that organisations invest in incident response drills, adversary simulation and/or penetration testing, as this will reveal the strengths and weaknesses present in your technology and workforce.
Handling the aftermath and learning from an incident
If your organisation does suffer from a cyber security incident, it is important to take steps to prevent future breaches and to provide reassurance to your staff and stakeholders.
Once the immediate crisis is resolved, a cyber security incident or near-miss should be treated as a learning experience and an opportunity to improve. It is important to:
- Identify vulnerabilities: Review your security measures and identify areas where improvements can be made.
- Implement improvements: Implement changes to your security measures to prevent and mitigate the impacts of future breaches.
- Communicate with stakeholders: Provide regular updates on what steps are being taken to protect their information.
- Conduct regular reviews: Both technology and the law are evolving rapidly. Regularly review your policies, procedure and security measures to ensure they remain effective and up-to-date.
What can we do for you?
Page Seager offers both proactive and reactive legal support in the areas of cyber security and privacy law.
We can assist with matters such as:
- Preparing and updating your organisation’s cyber security incident response plan.
- Responding to a cyber security incident such as a data breach, data leak, or ransomware attack.
- Preparing and updating your organisation’s privacy and data governance policies.
- Reviewing your contracts to mitigate cyber security and privacy risks and ensure legal and regulatory compliance.
- Advising on your organisation’s obligations under legislation such as the Privacy Act 1988, the Security of Critical Infrastructure Act 2018 and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
We are also available to deliver educational sessions to your employees, executives and directors.
More information
If you have any queries or would like further information about this article, please contact:
Kathryn Speed
Principal
M: 0408 446 013
E: kspeed@pageseager.com.au
Published: 5 April 2023
