How do you get down to business in the cyber environment? 

Why you need to know about cyber security

If you work in or manage a business you need to know about cyber security for a range of reasons.

1. You are expected to know and respect the laws and regulations governing the use of computers and information.
2. It’s important that you understand what’s at stake legally for all stakeholders.
3. You need to keep abreast about the emerging legal requirements for confidentiality, integrity and availability of data. Ignorance is never an acceptable excuse.
4. There are requirements that your organisation/authorities must respect in terms of the legal rights that are owed to a person.
5. There are liabilities for not exercising best practice security.
6. Security professionals must be prepared to apply wise judgement, often in tense situations, so that appropriate decision are made.

Due care and due diligence

Many of the SMEs you work in will be dealing with a range of stakeholders. For example, you will have both employee information and customer information. You are obliged by law to keep this information secure through due care and due diligence; not complying can increase business risk.

Due diligence is the continuous activity an organisation engages into understanding the current threats and risks that it faces.

Due care standards are met when an organisation makes sure that every employee knows what behaviour is acceptable versus unacceptable and knows the consequences. These standards are the verifiable and measurable steps an organisation takes (eg implementing controls) to provide protection from the current security threats and risks it faces.

Failure to practice due care and due diligence can expose an organisation to negligence. For example, an organisation is in violation of the due care concept if it does not implement a data protection mechanism and ensure that the mechanism is being enforced.

Cyber security regulations

There is link to a handy resource below that collates many of the cyber security related legal and regulatory requirements of the Federal Government of Australia. It lists some of the state-specific requirements to gain some insight into how some of the state laws differ from Federal laws. This can be an especially tricky area for privacy, as there could be both state and federal laws that apply to an organisation, depending on your country.

One particularly interesting example is the Australian Spam Act of 2003 (Cwlth). As a business owner or marketer, the goal is always to get more customers. What better way than through email or SMS advertising? Many businesses believe they are allowed to send out as many emails as they want to advertise various products and so forth. However, the Australian Spam Act prohibits sending unsolicited commercial electronic messages via email, SMS, MMS and instant messages. Failing to adhere to this law can lead up to fines of AUD1.1 million per day. Do you know the requirements and laws in your country?

Ultimately, as a business owner or even employee, there is a range of cyber laws we have to adhere by when we are conducting our daily work tasks. It is best to be aware, be educated and ensure that you know what you need to do. Most importantly, keep up to date with current regulations and standards.

Its our data but who really owns it?  

Social networking sites: rights and responsibilities

All around the world, billions of people use social media to stay connected to friends and family members.

As we upload photos, videos, daily activities and anything else we can, we don’t always think about where else this data might be used. When you sign up to social networking platforms you agree to terms of service, which most people will not read as they are long legal contracts. In fact, this Atlantic article discussing a study from Carnegie Melon researchers states that it would take 76 work days to read all the privacy policies the average person agrees to each year.

The question is, who owns all this data? Do we own it? If you upload it to Facebook, do they own it? Let’s take a look at the legal environment surrounding storing your data on sites like Facebook.

Read the Facebook statement of rights and responsibilities. Facebook has recently come under scrutiny for harvesting personal information of its users and in early 2016, Germany launched legal proceedings against Facebook for this very reason. You can check out this Wall Street Journal article discussing Germany’s investigation into Facebook for more information. Their argument is that Facebook is taking advantage of its position as it has access to massive amounts of data, and is stepping over privacy laws to put competitors out of business in the online advertising market.