Saturday, 21 February 2015

Who is at risk of data theft?

Everyone who owns a business that involves the collection and management of data – well that’s just about everyone in business these days – is at risk of data theft. For example: a real estate agent has a list of potential buyers, clients with houses to sell, properties they manage (Rent Roll) etc. Imagine if one of the agents took any of these lists, let alone all three.

Another example: a medical practice that has patient files, not just the patient’s contact details but their medical records. Any insider with access to these files could remove or copy them and take them out of the business and use them to set up a new practice or use the files to negotiate a position with a competitor. Can’t happen you say, the law would stop them. No it won’t, and it does happen, it happened to me.

One more example: An online training business/consultancy. One of the trainers, who might even be a contractor, gets authorised access to the businesses database of clients AND their learning tools, copies them and sets up their own business. Can’t happen you say. It happens all the time, and it's next to impossible to stop them.

ALSO, under the Office of the Australian Information Commissioner's (OAIC) guidelines you are suppose to notify patients (or customers) their information may have been breached. What effect does this notification have on your business? You will get calls, many of them abusive, wondering what information was taken and how the thieves were able to breach your security. The breach notification actually causes additional harm to the businesses reputation and will very likely drive patients or customers away. The OAIC will do nothing to the thief however your business may also suffer the additional financial hit of a massive fine from the Privacy Commissioner.

I know you are thinking that's just not fair, that can't be right. In Australia my dear reader that is absolutely right, insider data thieves are absolutely immune from prosecution by any authority.

ANY business that relies on a database is at risk. If you are a small-to-medium sized business you’re actually more at risk as you simply won’t have the money, time or resources to pursue the person who stole the data, and every moment you spend on chasing them, that person is stealing your customers and your business.

And, this is even more important if you run your own small consultancy business. It may be just you and therefore you might feel safe. But who has access to your computer, who maintains your website, runs your EDM campaigns, does your marketing? Most of these tasks require access to your database – or can open an electronic door to your database. So you’re at risk to.

The best thing you can do, and really the only thing you can do, is be aware. And in the case of data theft be alert and alarmed as well.

There are things you can do to minimise the risk … recognising there is a risk is the first important step.