December 6th, 2022 | Sterling

What Can We Learn from Major Data Breaches?

A series of major cyberattacks and data breaches in Australia in 2022 has been a source of lessons for all.

The swathe of data breaches has involved leaks of information relating to many millions of customers. In the more significant breaches, personal details and identity documents have been accessed, causing well-founded concern for those customers whose data was released.

Key Takeaways and Learnings for Businesses

  1. There are many important takeaways for businesses on the data security and technology front. Cybercriminals became increasingly savvy and opportunistic during the pandemic, and this bravado has apparently not waned in 2022.Businesses therefore need to be proactive in mitigating security risks and minimising the chance that cybercriminals succeed in accessing their systems. This includes routine testing and updating of security software and conducting regular penetration testing and other simulations. There is no longer any room for data security complacency when such significant amounts of data are stored, accessed, and utilised on a daily basis.
  2. From a legal perspective, businesses need to review and bolster their agreements with customers about the appropriate use of their data. This includes the length of time that their data will be stored, clarifying how their data will be used throughout its lifetime, and explaining how it will be erased once the period is up.Businesses that fail to effectively communicate and fulfil their duties when dealing with customer data will find themselves vulnerable to class actions and major legal issues should a major data breach occur.
  3. There are also many learnings about the level and timeliness of communication expected from businesses should a cyberattack or data breach occur.Customers now expect increasing levels of transparency and forthrightness from businesses about major issues. They also expect this communication in a timely manner due to the many channels available for businesses to contact customers about issues as and when they arise.

Yet, a survey carried out by PwC “suggests 90% of Australian executives are still concerned publicly sharing information about cyber attacks on their businesses could hurt their bottom line and lead to a loss in advantage over their competitors.” This is a worrying statistic in a world where cyberattacks are becoming increasingly frequent and sophisticated.

The Australian Cyber Security Centre has suggested that cooperation between companies and transparency with stakeholders “are key to building a truly national threat picture”, and we hope to see increased transparency from businesses when major cyberattacks or data breaches occur in the future.

  1. Finally, businesses must thoroughly consider and regularly review the internal processes and procedures in place to protect proprietary systems and sensitive customer data.Robust processes and procedures should be in place to mitigate the risk of employees facilitating access for cyberattacks and for employees to understand their personal responsibility when it comes to data security and systems usage.This is important from a compliance perspective – to ensure data is collected and stored in line with legislation. And it is equally important from a risk management perspective – to minimise the risk that employees either knowingly or unknowingly provide access for cybercriminals to extract valuable data from systems.All employees must therefore undergo frequent training and development to keep abreast of security changes and updates.

What Can HR Teams Learn from Data Breaches?

 While many cybersecurity, IT, and data security lessons have been identified, there are also actions that HR teams can take to minimise the chance that employees become implicated in cyberattacks.

One such action is to conduct thorough background screening during the recruitment process. Employees often have access to sensitive customer data hence it’s vital that businesses hire candidates that can be trusted to manage customer data responsibly.

By conducting screening during the recruitment process, such as financial probity, social media searches, and reference checks, hiring teams can obtain a more holistic view of a candidate in order to make well-informed hiring decisions. Ensure that your hire is who they say they are with identify verification to  prevent identity fraud or handing your sensitive customer information into the hand of fraudsters.

Along with background screening at the time of hiring, businesses should regularly review their risk by conducting re screening or indeed continuous screening of employees. Employee circumstances are always changing, e.g. they may experience  personal or financial issues during their tenure, which may impact on their behaviour, continuous  or rec screening enables employers to identify these changes as they arise to ensure that employees remain suitable for the workplace and for their role.

In a time when data security is of utmost importance, businesses are being evaluated not only on their cybersecurity and privacy credentials but also on their entire operational process to mitigate risk, including hiring and recruitment.

How Sterling Can Help

 Sterling are experts in providing background screening services and solutions in the Asia-Pacific region. We offer a wide range of screening services, including criminal searches , employment verification , identity verification, social media, civil litigation, adverse media searches, and many more.

Employees have frequent access to confidential data and systems; it is therefore more important than ever to make sure you’re hiring the right people. Contact us here to discuss your screening needs and ensure your business is doing all it can to hire suitable employees and mitigate risk.

This publication is for informational purposes only and nothing contained in it should be construed as legal advice. We expressly disclaim any warranty or responsibility for damages arising out this information. We encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.