5 Key Strategies to Secure Your Database

Working within the disability sector, NDS providers store a plethora of personal donor, patient and volunteer data. These records contain sensitive information and must be stored securely to ensure the on-going privacy of individuals.

In 2018, Family Planning NSW became a victim of a cyber-attack which resulted in the personal information of up to 8000 clients being compromised[1]. Their website was hacked using ransomware, and attackers had access to names, contact details and dates of birth.

As the digital threat landscape prominence continues to grow, NDS providers need to protect their databases in the face of a breach. Preparation is essential, that’s why developing a solid security strategy can help combat cyber-attacks.

At Combo, we developed 5 key strategies NDS providers can leverage to ensure their databases are secure and client information is kept protected.

Planning
When your organisation looks at security measures, it shouldn’t be a matter of ‘if’ you’ll fall victim to a breach, but rather ‘when’. Being able to respond promptly to a cyber-attack can greatly help to reduce the potential impact it can have on your organisation.

Deploying network defences and enterprise-grade protection across your IT environment can help to combat potential threats of hacking. Alongside these steps, a communication plan that outlines staff responsibilities in the event of a data breach can ensure fast responsiveness and keep your organisation on top of the threat.  

People

Training end-users and staff about data breaches is imperative to the protection of your client’s data. Having security awareness enables your employees to identify potential scams, reducing the risk of breaches before they occur.

Educate your staff about using different passwords across accounts and implement password management programs. Show employees how to identify a phishing email, suspicious links and ransomware that could be disguised as downloadable content.

Systems

Your internal IT systems must be secure to protect your organisation’s database. Integrating reliable hardware and software is key to combatting cyber-attacks across devices and infrastructure, from implementing firewalls and company-wide anti-virus and mail filtering solutions, through to the right end user device selection.

HP’s Sure Suite can protect your hardware from every angle with features that identify suspicious activity and real-time threats. Leverage multi-factor authentication to make it harder to access programs and databases, and software that isolates threats before they can spread to other areas of your device[2].  

Processes

Staff must be aware of their responsibilities and protocols in the event of a breach. It can be catastrophic for your reputation if your client’s personal data falls into the wrong hands.

Running a data breach simulation is a great way to help
employees understand how they need to respond in the face of an attack.
Allocating different roles to staff members can create greater awareness of
protocol and allow you to combat the cyber threat at a faster pace.

Compliance

Any information about a client held by the NDIS is classified as ‘protected information’ under the NDIS act[3]. Meeting all regulatory, customer and data privacy standards is a key responsibility of staff to ensure the on-going protection of data. 

Employees must use devices and infrastructure appropriately, ensuring that when a client requests personal information the right steps are taken to access it securely.

When it comes to data, there’s no such thing as too much security. Keeping your client’s information protected with effective solutions is paramount.  Navigating what software or infrastructure you need can be challenging, but at Combo we can help you across each aspect of your security landscape.

With over 17 years of experience working in the disability sector, Combo in partnership with HP and Intel® can help you build a security strategy for the digital era. For more information about our services, get in touch with one of our friendly team today.


[1] K Aubusson, Cyber-attack on Family Planning NSW client database, May 14 2018, SMH, https://www.smh.com.au/national/nsw/cyber-attack-on-family-planning-nsw-client-database-20180514-p4zf5c.html.

[2] HP Business Security ‘Sure Sense’, HP 2019, https://www8.hp.com/us/en/solutions/computer-security.html#modal=expanded-content-4

[3] Privacy, NDIS, 26 August 2019, https://www.ndis.gov.au/about-us/policies/privacy.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.