Question

Is your information Technology used in your office fully secure?

Importance

We all know we should back up our computer systems regularly, store a backup off site, use the latest software versions, change our passwords regularly and never share passwords with our fellow employees.

From 22nd February 2018, there is a stringent reporting process required to the office of Australian Information Commissioner in the event your data is hacked, stolen or passed on to others. This applies to any business with a turnover in excess of $3 million per annum.

If you don’t report such breaches, large fines up to $1.8m, can be applied. And imagine the financial and reputational damage to your office if your data got into the wrong hands.

Given the recent spate of computer systems being hacked within large corporates and multi nationals, have you double checked with your IT support company that your IT devices and records are as secure as practicable?

Solutions:
  1. Ask for written advice from your computer support company confirming your system is safe ‘as far as reasonably practicable’.
  2. Check with your insurance broker for Cyber insurance appropriate for your agency.
  3. Ensure that you have regular daily back up arrangements, automatic overnight into a cloud arrangement or other off-site facility.

You need to be assured by your IT company/consultant that, at a very minimum, these questions are answered:

  • Do you have the most up to date versions of the operating systems on your IT devices?
  • Do you have up to date virus software including the monitoring of incoming emails and browsers on your IT devices?
  • Do you have different, at least 8 character passwords on your devices including your WiFi system?
  • Do you change your passwords at least every 3 months?
  • Do you have a complete backup of your systems off site so you could rebuild them?
  • Do you keep at least the last 7 days of document backups? These backups would be preferably off site.
  • Do you have a functioning firewall between your network and the internet? The firewall device should have the latest software and be properly pass-worded.