Log in

The Office of the Australian Information Commissioner (OAIC) has been clear about encrypting personal data, both in its guidelines and in recent data breach investigations. But according to Chris Gatford, director of penetration testing firm Hacklabs, very few organisations are living up to expectations.

"Encrypted file systems, especially encrypting data at rest, it just doesn't occur," Gatford told ZDNet. "Ninety nine percent of organisations do not encrypt anything other than the occasional laptop."

The most common scenario Gatford encounters during pentests is where none of the target organisation's desktop workstations run any kind of encryption for end users whatsoever. That seems a long way from what the OAIC expects.

The OAIC doesn't demand encryption outright. But its Guide to securing personal information reminds organisations that they need to take "reasonable steps" to secure that information. Encryption is "important in many circumstances", and organisations need to protect data, whether it's on servers, in databases, in backups, in third-party cloud services, on end-user devices including smartphones and tablets as well as laptops, or in portable storage devices.

Full Story

In the News

New data breach notification scheme will be a barometer for business maturity - AFR -12 March 2018

Do not mistake cyber security for being merely a technical discussion about IT problems to be fixed. Cyber security is now, and always has been, purely a response to risk. The risks have changed...

The Future of Work: The Role of People - Adobe - 31 Jan 2018

The Future of Work: The Role of People Foreword by Joseph Sweeney, IBRS Advisor For the past 30 years, organisations have applied technology to people to make the workplace more productive. But...

Businesses unprepared for new data breach notification laws - AFR - 29th January 2018

Thousands of Australian small businesses remain woefully unprepared for the introduction of new laws that will require them to publicly disclose if their customers' data is breached by hackers or...

Intel chip meltdown flaw shows new vulnerability - AFR - Jan 5th 2018

Cyber security experts have warned the long-term implications of chip vulnerabilities nicknamed Spectre and Meltdown discovered by researchers this week are still unknown, despite it appearing that...

Business experience should help parents keep kids safe online - AFR - 28th Nov 2017

The adults in the lives of young people need to know more about security and safety in an online world and they could be learning this at work The Office of the eSafety Commissioner deals with some...

Subscribe to IBRS Updates

Invalid Input
Invalid Input
Please enter a valid email address
Please enter your mobile phone number
Invalid Input

Get in-context advice from our experts about your most pressing issues or areas of interest

Make an Inquiry


Already a subscriber?

Login to read your premium content.

Recently Viewed Articles