We have heard so much recently about cyber security and hacks into corporate databases – Optus, Medibank Private and the Smith Family, to name a few.
It is concerning that companies like this, that spend millions of dollars on IT, are prone to these attacks. We clearly do not have the resources, either as an Association or as small businesses, to guarantee protection of our customer data, but there are things we can do to reduce our risks.
But before we get to the list, Pilates Alliance Australasia are currently in discussion with a cyber security company:
- to ensure the PAA is doing everything that can be reasonably expected to reduce our risk of a cyber-attack, and
- to be able to offer this service to our members at an affordable price.
Cyber Security Checklist:
- Consider what client data you keep and whether you really need to record it online.
Date of birth is useful, but is it really needed. What about just keeping the year of birth? (I use Bookings Essential in my business and we are recording date of birth as the first of January with the correct year of birth.)
We used to need addresses for receipts for health fund rebates, but are they really required? (I checked with one of the larger private health funds & they said not to keep any data that is not essential. Vague and slightly unhelpful! On the receipts from Bookings Essential, if there is no address recorded online, there is space where the client could write it in themselves….if we ever get health fund rebates reinstated!).
Do you keep a record of medical conditions online? For most medical issues, this is probably not a problem. However, make a judgement call about recording sensitive information.
- Do you have reasonable password protection on your files and do you regularly change your passwords?
- Ensure your systems have up-to-date anti-virus software.
- Stay informed about scams – subscribe to Scamwatch email alerts and follow @Scamwatch_gov on Twitter.
- Have clear processes in place for verifying and paying accounts, and make sure all staff know about them.
- Consider what business information you post on social media and networking sites, as scammers use publicly available information to target businesses.
- Back up your data regularly and store your backups offsite and offline.
- Ensure that you’re running the latest version of your operating system (eg. Windows, macOS, iOS or Android) on all your computers, laptops, tablets, phones and any other internet-connected devices; consider upgrading or replacing devices that can no longer be updated.
- Ensure that you’re running the latest version of any applications and uninstall any applications that are no longer needed.
- Switch on automatic updates for your operating systems and applications if they’re available. You may wish to refer to the Australian Cyber Security Centre’s guides on how to do this.
- Create an inventory of all of your internet-connected devices and the software (operating systems and applications) running on those devices and periodically review this list and when they were last updated.
- Ensure staff who have left your business no longer have access to information and files.
Other useful Cyber Security websites and pages:
Note: If you have given personal information to a scammer or have been impacted by recent data breaches, contact IDCARE
Robyn Rix, PAA President