Training organisations collect sensitive personal and financial information from the students for their business operation and for reporting purposes, as in the case of AVETMISS. Financial data may include Bank account information or credit card numbers, used for one time or recurring payments.
How secure are your data repositories and databases from unauthorized access? Can you detect an intrusion attempt? Who has access to sensitive information? What could be the impact for your business if you experience data breaches? These are some of the questions that should be asked by any organization. The answers to these questions will help establish an action plan to improve the data security level.
Unfortunately, there is no end for this race. Security measures and tools evolve and improve continuously driven by the ever growing hacking activity at a global scale and the increased risk exposure by offering online access to the services provided by the organisation. It is not possible to reach a status where there is nothing else to be done. There is not such a thing as perfect security.
Another important reason to be concerned with Data Security and Privacy is the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (“Amendment Act”), which increases significantly the obligations for private business and government agencies that collect or deal with personal information in Australia from 12 March 2014.
In our experience, most organisations do not know they are subject to continuous attempts to gain unauthorized access to their data and do not even have a way to identify a successful intrusion to their systems by an external entity.
It is highly recommended to have a Data Security strategy in place and know the existing risks and vulnerabilities in your systems. A final suggestion: keep always a low profile on security matters. Publicising about your good level of security usually turns into an invitation to hackers for the challenge of it.
Francisco DiSilvestro
Director
Apex Academic technologies