Security Market Segment LS
Tuesday, 06 February 2018 09:41

SMBs have much to do to be ready for data breach laws


A survey of small and medium businesses in Australia with an annual turnover of more than $3 million has found that almost half do not consider themselves ready to cope with a new data breach law that comes into force on 22 February.

The survey, titled HP Australia IT Security Study, covered 528 SMBs with between 10 and 99 employees across the services, production, retail and hospitality, health and education, and distribution industries.

Key findings:

  • almost half of all Australian SMBs with an annual turnover of more than $3 million do not consider themselves to be prepared for the mandatory data breach disclosure laws that will come into operation from 22 February;
  • only 18% have a compliance policy in place while 33% are developing a policy;
  • fifty-seven percent of SMBs have not done any sort of IT security risk assessment in the last 12 months;
  • of the 43% of SMBs that have undertaken a risk assessment, 29% included printers in their analysis, a device that is increasingly an entry point for data breaches;
  • sixty-three percent said their employees worked remotely on a regular basis, and as a result were becoming increasingly concerned about associated security risks;
  • sixty-three percent allowed employees to access company data from personal devices;
  • less than half (44%) of respondents have a security policy in place for employees that bring a personal device to work; and
  • only 37% restricted the data that could be accessed from the device.

“The consequences of a data breach can be severe; from financial to brand and reputation damage,” said Paul Gracey, director, Printing Systems, HP South Pacific.

“Organisations should implement a process to monitor, detect and report data breaches, but prevention – and reducing the frequency and severity of breaches – is equally important.

“Endpoint security — at the device level — is critical to that mix. Organisations tend to rely solely on third-party software security to protect their devices when, in reality, stronger and better business security must be integrated into the device itself.

"With hackers able to bypass traditional network perimeter security and anti-virus programs, it’s time we scrutinise a hardware’s security as closely, if not more, than our external security solutions.”

One aspect of security that was not looked at much was the threat from accessories like printers; while 43% of SMBs had done a security analysis, only 29% had taken printers into account.

“Security threats are evolving every day. Due to reduced effectiveness of firewall protection, every device on an organisation’s network is at risk, and unfortunately printing and imaging devices are often overlooked and left exposed,” said Gracey.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments