IoT, third parties raise risks in NDB era


By Dylan Bushell-Embling
Tuesday, 24 April, 2018

IoT, third parties raise risks in NDB era

Australian businesses covered by the new Notifiable Data Breach legislation must work to secure access to IoT devices — including access by third parties — before they fall victim to a breach, according to enterprise mobility solutions provider Wavelink.

IoT devices pose a particular security risk to organisations required to ensure their networks are fully compliant with the NDB legislation, the company warned.

The new regime means that the devices and applications of contractors, third parties and guests that plug into an organisation’s network must also be secured.

“Businesses can no longer remain stagnant and fail to act on security and compliance. Organisations of all sizes must ensure they’re in line with the new legislation changes and perform due diligence to ensure their networks are protected,” Wavelink National Business Manager for Fortinet Hugo Hutchison said.

“Security breaches affect a company’s reputation and may result in significant consequences, with the cost and ramifications following a security breach potentially far more than the cost of initial investment in adequate protection measures.”

IoT devices including wearables, voice-activated devices and smart appliances typically do not come with built-in security, which can pose a threat to enterprise networks, Hutchison said.

“Businesses shouldn’t assume that IoT devices are inherently secure because they’re not. Before connecting any IoT device to the network, businesses must change the default usernames and passwords at a minimum. From there, it’s still crucial to implement a security solution that delivers visibility and control into what devices are connected and how they’re being used.”

This is a particular concern in places such as schools and hospitals which are subject to the NDB scheme and tend to have hundreds of users including guests accessing their networks.

If they fail to maintain an appropriate security and compliance system they may be held liable for any data breaches that occur as a result.

Image credit: ©iStockphoto.com/Brian Jackson

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

How the explosion of non-human identities is changing cybersecurity

A surge in machine‍-‍to‍-‍machine communication and non‍-‍human...

Building stronger critical infrastructure with Zero Trust

Zero Trust provides a way to stay ahead of cyber attacks by assuming breaches will happen and...

Happy birthday, Active Directory!

Active Directory is a technology that has proved its staying power and has shaped enterprise IT...

Content from other channels on our network

Queensland transitions to new digital identity system

Adobe Acrobat Sign completes IRAP assessment

DTA releases Major Digital Projects Report 2025

WA Government signs MOU with General Dynamics

Australia under attack as higher cyber threat activity observed: report

'World-first' 5G standalone slice handover across borders

Perth's new rail network control centre ready for operations

Command and control: modern control room design meets cyber-physical safety

$6.1m in govt funding to improve NSW rural connectivity

'Splitting method' brings less-powerful satellites into 5G era

AI microgrid solutions coming to NT

Powering research with community batteries

Electrical retailers fined for non-compliant appliances

Research aims to increase energy efficiency in mobile networks

The case for standalone power

  • All content Copyright © 2025 Westwick-Farrow Pty Ltd