A large Australian telecommunications provider recently breached privacy laws when the information of 15,775 customers from 2009 and earlier was found to be accessible via the internet. Of this total number, 1,257 were active silent line customers, a service that filters calls.
"This incident is a timely reminder to all organisations that they should prioritise privacy. All entities bound by the Privacy Act must have in place security measures to protect personal information," said Privacy Commissioner Timothy Pilgrim.
The breach certainly highlights the security flaws of the telecommunications company, and should enforce the need for proper security moving forward. Luckily for larger companies, a data breach can usually be overcome due to market monopoly.
Smaller companies, however, are often unable to repair damaged reputations or recoup financial losses incurred. To avoid data breaches, security steps need to be two-fold. Firstly, and most importantly, personnel should be properly vetted and trained in the security system.
This includes making sure security staff are invested in the security of the company, as constant engagement and research from staff will enable proactive threat prevention. For example, discovering what went wrong with other companies in order to fix the problem.
Afterwards, penetration testing and ethical hacking should be used to expose areas of risk in the network. These security measures should be undertaken regularly and changed to find different security flaws. Only with frequent testing can network security be ensured.
"This incident provides lessons for all organisations – there is no 'set and forget' solution to information security and privacy in the digital environment. Organisations need to regularly review and improve security systems to avoid data breaches," said Mr Pilgrim.
Moving forward, companies will need to place importance on both employee and customer data security, testing systems frequently.