Search

Data Breaches: Preventive and Responsive Strategies for SMEs

In Australia, small and medium-sized businesses (SMEs) are increasingly finding themselves under attack from cybercriminals and falling victim to data breaches.

From ransomware attacks to phishing schemes, businesses in Australia are no strangers to the looming threats of data breaches. In 2022/2023, the Australian Signals Directorate saw nearly 94,000 cybercrime reports, up 23%.

How To Prevent Data Breaches - Your Response Plan

Step 1: Risk Assessment

When assessing your organisation’s risk for a data breach, you must first identify where your data resides and how it flows across your systems and external interfaces. This involves mapping locations, data processing activities, and data transfer points.

Remember, adhering to the Australian Privacy Principles and the Notifiable Data Breaches scheme is crucial to avoid penalties and reputation loss.

No stress, though – our team is here to help strengthen your cyber defences, allowing you to focus on your business with peace of mind.

Risk Related Words Written Wood Blocks Sitting on Wood Surface in Front a Defocused Background

Case Study: Australian Red Cross Blood Service Data Breach

In 2016, the Australian Red Cross Blood Service leaked the personal details of approximately 550,000 blood donors. The data, including names, addresses, and some sensitive health information, was inadvertently made available on an unsecured public-facing website.

Surprisingly, this resulted from a human error when a file containing this data was sent to a contractor.

Step 2: Containment

When a breach is detected, it’s time to act swiftly to isolate affected systems to prevent further attack spread. For starters, you don’t know what’s affecting your systems, and if it’s contagious, you’d want to stop its spread to minimise its damage. This could mean the following:

  • Disconnecting from the network
  • Restricting remote access
  • Shutting down specific services

Advanced Steps

Responsible
Network Team

Outcome
Affected systems disconnected from the primary network

Responsible
IT Security

Outcome
Admin passwords reset; user resets in progress

Responsible
Systems Team

Outcome
Patches identified to be applied post-forensic analysis

Responsible
Compliance Officer

Outcome
Access rights are confirmed and adjusted where necessary

Responsible
Forensics Team

Outcome
Evidence preserved for affected systems

Responsible
IT Security

Outcome
Encrypted channels are established for incident communication

Responsible
Legal Department

Outcome
Reviewing containment actions to ensure legal compliance

chain which breaks under pressure with the back wall

Containment is a critical phase in the response to a data breach. It involves immediate actions to limit the breach’s spread and impact and prevent further unauthorised access to sensitive data.

Step 3: Eradication

This process requires you to document each step taken, including the details of the vulnerabilities addressed, the tools and the methods used for removal, and any system changes made.

This documentation not only supports post-incident reviews but also informs and improves your organisation’s ongoing security posture and response strategies.

Taking written notes in a notebook

Step 4: Recovery

This is the most crucial phase of the process, thus demanding you do it ‘right’. Recovery involves restoring and returning the affected systems and services to normal operations while ensuring no remnants of the security threat remain.

Here’s how this pans out for you and your business:

Carefully bring affected systems back online after ensuring they are free from the breach’s impact.

Use verified clean backups to restore data, ensuring that these backups have not been compromised.

Re-establish affected services methodically to minimise the risk of latent vulnerabilities.

If complete restoration is not immediately possible, implement temporary measures to maintain business operations.

Before restoring each system, reinforce security measures to prevent a recurrence of the breach.

Update and deploy patches to fix the vulnerabilities that led to the breach.

Monitor the restored systems for any signs of instability or indications of a persistent security threat.

Set up additional alerts to quickly identify anomalies that may suggest lingering issues.

Validate the integrity of the restored systems and data, ensuring no tampering.

Engage in comprehensive testing to confirm that all systems are fully functional and secure.

Keep your stakeholders informed about the recovery process, including expected timeframes for full-service restoration.

Provide updates to customers, suppliers, and partners as necessary, maintaining transparency about the system status.

Document each step of the recovery process, including the actions taken to address the breach and the lessons learned.

Record any changes made to the system configurations and security measures.

Validate the integrity of the restored systems and data, ensuring no tampering.

Engage in comprehensive testing to confirm that all systems are fully functional and secure.

Validate the integrity of the restored systems and data, ensuring no tampering.

Engage in comprehensive testing to confirm that all systems are fully functional and secure.

Update your business continuity plan and disaster recovery strategies based on insights from the incident and recovery phase.

Consider better preparing for future incidents and reducing recovery time and impact.

list of words on grey background including prevention, continuity, recovery and security

Case Study: The 2019 LandMark White Data Breach

LandMark White, one of Australia’s largest valuation firms, experienced multiple data breaches in 2019 which led to a significant financial and reputational impact. The breaches occurred when sensitive valuation data was exposed online, impacting 100,00 customers.

This incident was attributed to an insecure API endpoint and resulted in the firm being temporarily suspended from the panels of major financial institutions

Conclusion

Your cybersecurity is only as strong as your weakest link. The key to a robust defence lies in preparation, real-time monitoring, and swift response. But remember, you don’t have to sail these treacherous waters alone. Our team will partner with you to craft tailor-made solutions for your organisations, providing a well-rounded, compliant security strategy.

Customer Stories

Platataclogo

Platypus Outdoor Group

Platypus Outdoor Group is a Melbourne-based company that offers military, law enforcement, and emergency responder footwear, clothing and field gear for public and government purchase.

LEAP Strategies joined forces with Platypus in 2001 to implement and manage their technology solutions. Since the partnership began, LEAP has built a trusted relationship with Platypus through successfully establishing and maintaining their servers, network and security. Security is paramount due to their direct dealings with law enforcement and military forces in Australia and worldwide.

Bob Stewart: Our family serving you since 1925

Bob Stewart – A Spotlight on Success

Third generation family business, Bob Stewart is a hallmark retailer in the world of school uniforms around Australia.

Partner centric in our approach, LEAP Strategies has collaborated with Bob Stewart for 15 years, adapting technology solutions to suit evolving business needs.

Let’s Start the Conversation.

Transform your tech landscape with LEAP Strategies.

Reach out to discuss our innovative solutions