Cyber-lightning should bolt directors to action
These days technology is as essential to company operations as electricity. And just like a lightning strike can take out the entire power supply and shut down operations. A cyber-strike can take out all computing systems and have huge reputation, trust and legal consequences for its customers, suppliers, government and staff.
What does that white bolt searing from the sky look like in computer language?
It’s often an explosive data breach. They are rampant in today’s digital ecosystem with more than 800 major data breaches reported to the Australian privacy watchdog in 2018 and many more never reported.
Data breaches have cost CEOs and board directors their jobs. One example was in 2019, when LandMark White, Australia’s leading property valuation service, was breached with over 100,000 sets of client information leaked, including addresses, emails and driver’s licenses. Estimates of financial loss for the company exceeded $7 million, however, and more importantly loss of customer trust, contracts and reputation will have long term impacts. In this case, the data breach resulted in the company being suspended from a number of its clients, including three major banks’ valuation panels.
This shows that directors have a key responsibility for safeguarding their companies against data breaches. While hiring IT experts and spending money on data protection is good practice, directors have a much broader duty. This includes a legal duty of care to take steps to personally understand and manage risk – including cyber risk.
Australian company directors could be liable for negligence or worse breaching their duty of care if they haven’t reasonable steps to understand and manage the risk of data breaches.
With this in mind, there are some essential steps that a board of directors need to take to prevent and respond to data breaches within their organisations.
Just as directors can’t flick finance responsibilities to a director with an accounting background, cyber responsibilities should not be handed-off to a fellow director with a technology background.
A director who hasn’t understood or gathered enough information could be found negligent. It is imperative that directors get connected to the core of their organisation to understand what data would be valuable to hackers, what processes are in place to secure this data, what testing is being done and what are the potential impacts of a breach in terms of finance, reputation and culture.
Directors must play an active role in promoting cybersecurity training and safety within the organisation to support a culture of reporting and whistleblowing. Staff and suppliers are the front line of defence when it comes to flagging data breaches, so it is crucial that they have proper training and support from the highest level.
Take immediate steps to determine what information has been breached as accurately and quickly as possible. Was it names and addresses or bank card information? Are customers impacted or are suppliers? The type of information breached will inform the legal obligations, the company and the next steps.
Data security used to be an IT issue, but it is now a legal issue. There are specific legal requirements, namely specific reporting steps, which must be taken within a short timeframe after being alerted to a breach.
- A communications plan must be put in place to clearly communicate to affected parties:
- the extent of the breach
- when it occurred
- what happened
- what action is needed by the customer
- what action is being taken to secure their information
If this is not done well, kick-back on directors can come from authorities and clients. For instance, Canva was widely criticised for burying a data breach notice under a swathe of marketing messages.
Depending on the extent of the breach, the following communication steps should be put into motion.
- Nominate a senior media spokesperson
- Identify appropriate avenues of communication to get your message out to affected parties, i.e. email, social media, press announcements, and across different platforms including call centres and bulletin notices
- Facilitate a two-way flow of communication and enable trained staff to respond to customers queries, whether it be online or call centres
- Brief relevant stakeholders, industry and experts
- Monitor media for feedback and tailor messages and actions accordingly
Internal communication should be rolled out quickly. Staff will be the ones that customers will look to for answers as soon as the alarm is sounded. While this is most often ignored as companies scramble to report the breach externally, this is the most important, as staff are your lynch pin for action and for credibility.
Demonstrate that the company is taking preventative actions to secure its data in future and highlight any learnings that have resulted from the breach.
The right response is complex and sometimes hard for directors to navigate. It will involve IT, operations, legal and communication experts.
The best prevention is making sure that directors are prepared and are able to respond to the risk of a cyber-lightning strike on their business.
Jenny Muir wins PR’s outstanding contribution award
The 2019 National President’s Award recognising outstanding contributions to the public relations and communication profession and the Public Relations Institute of Australia (PRIA) was presented to Jenny Muir, chief counsel Primary Communication, at the recent National PRIA conference.
The trophy is presented each year to a professional who has committed a great deal of time and effort to building and maintaining the PRIA as the leading national professional body for public relations and communication practitioners.
Jenny Muir is one of our profession’s top advocacy strategists and for many years has made significant contributions to the PRIA, the Registered Consultancy Group and the overall profession.
Jenny’s career spans more than twenty years across Australia and Asia, beginning in TV news and politics before specialising in communication strategy and counsel.
Jenny was National President for the PRIA Board from 2016 until April 2018, and remained on the Board as Immediate Past President until November 2019, guiding the organisation through changes to ensure its continued renewal and relevance. She will continue to support the PRIA by guiding the Institutes’ advocacy program to government, and representing the profession internationally and as Executive Council member for the Global Alliance’s Asia-Pacific Council.
Her dedication, passion and commitment to advancing our industry is evident to all who know, as she continues to work with Australian Governments, not-for-profit organisations, peak industry bodies, and global commercial organisations.
The National PRIA President’s Award was introduced in 1991 by Greg Ray to recognise both outstanding contributions to the PRIA and the support provided to the PRIA President during the year of the Award.
Zebra Technologies celebrates year-on-year achievements with its partners in ANZ
Zebra Technologies welcomed more than 200 partners to its annual partner events in Auckland, Melbourne and Sydney.
The events were designed to celebrate shared achievements between Zebra and its ANZ-based partners and distributors in 2019.
These events provided an opportunity for partners to connect and network with one another, and to meet with Zebra’s executive leadership team. During the event, Zebra also took the opportunity to present prospects for the new year, with a presentation from Vice President & General Manager of Zebra Technologies Asia Pacific, Ryan Goh.
After formal presentations were completed, guests were treated to a round of poker or blackjack with complimentary casino chips, whilst roving waiters distributed canapes and beverages.
Spirits were high at the events, and feedback received from partners was overwhelmingly positive, with several remarking that these have been the best Zebra events they have attended.
World Wellness Group calls for more health workers and centres
Success is certainly a double-edged sword for non-profit World Wellness Group (WWG) which provides much-needed health, wellbeing, interpreting and social justice support for migrants, refugees and people seeking asylum in Brisbane.
Last year, more than 23,000 consultations were delivered to those in need, which has sparked an urgent call for more doctors and nurses to join the WWG team.
There are also calls to copy the WWG Brisbane clinic into all state and territory capital cities, where 80 per cent of migrants, refugees and people seeking asylum reside.
High-profile orthopaedic surgeon, Dr Munjed Al Muderis (who has his own remarkable refugee story to tell after fleeing the Saddam Hussein regime) is an Ambassador for WWG, sharing the message far and wide.
Last week Dr Al Muderis featured in a media program to highlight the issues and attract resources from more health workers and policymakers.
Making Connections is at the heart of a significant period of reform for Australia’s mental health system
The National Mental Health Commission’s Connections project tour was successfully
completed recently after visiting 26 towns and cities around the country from June –
Beginning on Thursday Island and travelling across all states and territories, strong
connections were made with each community including the diversity of professionals
and volunteers involved in mental health and suicide prevention, and most significantly
with those with a living experience, together with carers, families and supporters. Each
community had an opportunity to share their experiences and ideas for change during a
town hall meeting.
CEO, Christine Morgan, and Chair, Lucy Brogden were keen to learn about the realities
and experiences of mental ill health and suicide from Australians to help inform the
development of a national 2030 Vision for mental health, suicide prevention and
wellbeing for the Australian Government to affect system change.
“This is about ensuring that the voices of those with a living experience of mental health
and suicidality are involved in Australia’s 2030 Vision for mental health, and are
contributing to the design of an improved approach,” said Ms Morgan.
For those not able to attend meetings, a consultation portal was open to all wanting to
share their story.
The Connections project insights will significantly inform the recommendations and
proposed system changes included in the 2030 Vision report to be delivered to the
Minister for Health, Greg Hunt, before Christmas.
Primary is proud to have designed and delivered the Connections project alongside the
project team at the Commission, and to work with the National Mental Health
Commission on their priority projects.