Maintaining the privacy of club member’s personal information and the overall security of your IT systems has become a greater focus in recent times. With the introduction of the Notifiable Data Breaches (NDB) scheme, the Australian government has strengthened the requirements for businesses to protect the personal information they hold.
As clubs evolve and look for deeper relationships with members, a greater focus must be placed on creating an environment of trust. This presents an opportunity for clubs to demonstrate to members not only the fantastic services on offer but the protection of their personal information. Holding more personal information on members will require clubs to strengthen the maturity of the people, processes and technology to create this environment of trust.
The most recent statistics from the NDB clearly show that 97% of all breaches relate to either malicious/criminal activity or human error, systems are rarely the direct cause. A broader focus must be taken than just implementing newer or better technology solutions, the cyber resilience that is required within clubs requires should address multiple areas to achieve the strongest possible position.
What steps can clubs take:
- Review your data breach response framework to ensure relevant personnel will be made aware of a breach as soon as practicable;
- Classify the data you hold and ensure you know where it located and where it is “in transit”;
- Ensure your incumbent IT vendor or internal team has security as a high focus area with regular monitoring and reporting at both board and operational levels;
- Create a training program for your employees in good practices for handling data; and
- Engage an external 3rd party to check the resilience of your governance and IT environments.
Written by Shane Swift, Associate Director for Technology Advisory at BDO Australia. Shane has 20 years’ experience in the IT industry delivering cyber security solutions and services.
How BDO can help – Exclusive Offer.
Exclusive to LCA club members BDO have created a packaged Cyber Resilience review suited specifically to clubs. This review assists clubs in assessing their current position in both the Technology and Governance domains of Cyber Resilience.
The cyber resilience review:
- Preliminary scope confirmation teleconference
- Health check questionnaire
- Onsite review in NSW metro area
- Interview with internal IT Manager (or similar) and IT managed service provider
- Leverages technical standards from 3 cyber security bodies – ISF, NIST and ISO
- Tests 7 technical domain and 6 governance domains
- Detailed findings report
- Actionable remediation recommendations
The total price for the above is $12,500* ex GST
*Pricing is dependent on the initial scoping exercise. BDO reserves the right to alter pricing based on this scoping exercise should the complexity of the environment exceed the standard scope of this engagement offer.
Associate Director, Advisory
Direct: +61 2 9240 9852
Direct: +61 2 8264 6639