Tag: practical tips

1
Research reports say risks to smartphone security aren’t phoney
2
Study reveals massive cost of cybercrime for Asia Pacific businesses
3
One-third of US businesses suffer data breaches: How will you protect yourself?
4
Update everything: Discovery of Wi-Fi flaw in connected devices
5
10 Considerations for Developing a Data Breach Response Plan
6
Top Five Cybersecurity Insurance Tips
7
Quick Tips for Entities Looking to Protect Against Cyber Breaches
8
Government Regulation, Legislation and Enforcement Updates

Research reports say risks to smartphone security aren’t phoney

By Rob Pulham, Warwick Andersen and Sarah Goegan

Beware! Your favourite apps may be putting your phone and data at risk. Reports from Allot and BitSight have examined rising threats to the security of our mobile devices.

Read More

Study reveals massive cost of cybercrime for Asia Pacific businesses

By Cameron Abbott and Sarah Goegan

We all know that cybersecurity incidents can cost your organisation a lot of money, but exactly how much? A report by Frost and Sullivan has found that losses from cyberattacks in the Asia Pacific region (APAC) could reach a staggering US$1.75 trillion, nearly 7 per cent of the region’s gross domestic product in 2017. As covered in our blog last week, the cost of cyber scams alone in Australia totalled $340 million AUD last year.

Read More

One-third of US businesses suffer data breaches: How will you protect yourself?

By Cameron Abbott and Harry Crawford

A recent survey has shown that nearly one-third (29%) of US businesses experienced a data breach in the previous year.

The Hartford Steam Boiler Inspection and Insurance Company, part of global reinsurer Munich Re, conducted the survey which shows that 8 in 10 affected businesses spent at least $5,000 to respond. 27 percent of the businesses spent between US$5,000 and US$50,000 to respond to the data breach and 30 percent spent between US$50,000 and US$100,000, and a considerable portion spent even more than that. The costs were not only directly financial, with two-thirds of the affected businesses reporting their reputation was negatively impacted.

Read More

Update everything: Discovery of Wi-Fi flaw in connected devices

By Cameron Abbott, Rob Pulham and Olivia Coburn

A Belgian researcher has discovered a weakness in WPA-2, the security protocol used in the majority of routers and devices including computers, mobile phones and connected household appliances, to secure internet and wireless network connections.

The researcher, Mathy Vanhoef, has named the flaw KRACK, for Key Reinstallation Attack.

Any device that supports Wi-Fi is likely to be affected by KRACK, albeit devices will have different levels of vulnerability depending on their operating systems. Linux and Android are believed to be more susceptible than Windows and iOS, and devices running Android 6.0 are reportedly particularly vulnerable.

Read More

10 Considerations for Developing a Data Breach Response Plan

By Jim Bulling and Michelle Chasser

A quick response to a data breach is key to mitigating its impact. The Office of the Australian Information Commissioner (OAIC) recommends that all entities have a data breach response plan in place and has recently released draft guidance on how to develop such a plan.

The guidance recommends that the plan include setting out the actions to be taken in the event of a breach and the team members involved in those actions. Here are some questions for your organisation to consider based on the OAIC’s draft guidance to developing a data breach response plan.

1. What constitutes a data breach?

2. What actions should your staff take?

3. Who is a member of the response team?

4. When does a breach needs to be escalated to senior management?

5. Who is responsible for contacting and managing any affected individuals?

6. Who decides whether to contact law enforcement or regulators?

7. How are records of data breaches kept?

8. How will you identify and address any weaknesses in data handling that contributed to a data breach?

9. Are there any steps your cybersecurity insurance policy requires you to follow?

10. How will you test your response plan?

The OAIC’s Guide to developing a data breach response plan Consultation draft can be found here.

Top Five Cybersecurity Insurance Tips

By Jim Bulling and Roberta Anderson

The increased risks posed by cybersecurity breaches has meant that many organisation are looking to insurance to address some of the exposure. But cybersecurity insurance is still new and there are things which companies wishing to purchase cybersecurity insurance should look out for. Here are five tips if you are considering obtaining or renewing a cybersecurity insurance policy.

Read More

Quick Tips for Entities Looking to Protect Against Cyber Breaches

By Jim Bulling

Research in Australia and overseas suggests that most cyber breaches can either be prevented or the impact of any attack can be significantly limited by a range of low cost and easy to implement measures. These include the following:

  • Username and password standards should be sophisticated.
  • Administrative and privileged access should be controlled.
  • Undesirable applications should removed.
  • Automated patching tools and processes should be used.
  • Data should be backed up regularly.
  • Access to mobile devices should require authentication and data should be encrypted.
  • Anti virus software and filters should be used.

Research released by the Australian Defence Signals Directorate (DSD) indicates that at least 85% of the cyber intrusions that the DSD has responded to would have been mitigated had organisations implemented the above strategies.

Government Regulation, Legislation and Enforcement Updates

by Jim Bulling and Julia Baldi

Australian Federal Government Cybersecurity Review
The Australian Federal Government holds a Cybersecurity Review.

See the Australian Government’s summary of the review here.

SEC Guidance Update
The SEC’s Investment Management Team published a Guidance Update which outlines measures managed funds and investment advisers may wish to consider in addressing cybersecurity risk. The guidance includes practical tips applicable to Australian entities.

See the Guidance Update here.

Read More

Copyright © 2018, K&L Gates LLP. All Rights Reserved.