IoT, third parties raise risks in NDB era
Australian businesses covered by the new Notifiable Data Breach legislation must work to secure access to IoT devices — including access by third parties — before they fall victim to a breach, according to enterprise mobility solutions provider Wavelink.
IoT devices pose a particular security risk to organisations required to ensure their networks are fully compliant with the NDB legislation, the company warned.
The new regime means that the devices and applications of contractors, third parties and guests that plug into an organisation’s network must also be secured.
“Businesses can no longer remain stagnant and fail to act on security and compliance. Organisations of all sizes must ensure they’re in line with the new legislation changes and perform due diligence to ensure their networks are protected,” Wavelink National Business Manager for Fortinet Hugo Hutchison said.
“Security breaches affect a company’s reputation and may result in significant consequences, with the cost and ramifications following a security breach potentially far more than the cost of initial investment in adequate protection measures.”
IoT devices including wearables, voice-activated devices and smart appliances typically do not come with built-in security, which can pose a threat to enterprise networks, Hutchison said.
“Businesses shouldn’t assume that IoT devices are inherently secure because they’re not. Before connecting any IoT device to the network, businesses must change the default usernames and passwords at a minimum. From there, it’s still crucial to implement a security solution that delivers visibility and control into what devices are connected and how they’re being used.”
This is a particular concern in places such as schools and hospitals which are subject to the NDB scheme and tend to have hundreds of users including guests accessing their networks.
If they fail to maintain an appropriate security and compliance system they may be held liable for any data breaches that occur as a result.
Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.
The AI regulation debate in Australia: navigating risks and rewards
To remain competitive in the world economy, Australia needs to find a way to safely use AI systems.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.