Welcome to FILED Newsletter, our monthly round-up of relevant news, opinion, guidance, and other useful links in the world of data, records and information management. This month:

• Medibank won't pay ransom to hacker, as they report 9.7 million customers were impacted by the October hack
• New figures suggest hackers earned US $600 million in 2021
• One in three employees don't care about cybersecurity.

‍

If you only read one thing

Shifting left to improve security and generate customer loyalty

I’ve just spent the better part of the last month in the United States, meeting with customers and records and information management professionals at a few events spread through the country, notably ARMA in Nashville, and P.S.R in Austin. Coincidentally timed with a spate of major data breaches in Australia, it was interesting to see those on the other side of the world talking through the same issues.

One key theme that is emerging is the convergence of data retention and privacy.

Managing sensitive personal data appropriately (data privacy) is all about keeping only what is in use and legally valid. There was a lot of discussion of the need to make privacy a developer and engineering responsibility, rather than focusing on what happens after a breach occurs.

Shifting left means your company does its best to avoid problems before they occur— being proactive rather than reactive and addressing the risks and problems before they happen. Weaving privacy into the organizations’ core values means having it as a core requirement in your development process. This will also include redacting, pruning, and removal of privacy data via automation and reducing the co-mingling of data in repositories.

In essence, by adopting privacy as a cornerstone of your business, you relay a message of how important your customers are. According to PwC, 85% of consumers said providers should disclose cyber breaches so that they can choose to use another supplier in the future. Putting your customers first will instill an unrivaled sense of loyalty and will reap financial benefits for years to come.

🤫 Privacy and governance

Australian health insurance provider Medibank has released an analysis into its October data breach: 9.7 million current and former customers had their personal details accessed (including name, birth date, address, phone number, email), but no primary documents were accessed. Medibank won’t be paying the ransom to the hacker, as they believe doing so would be counterproductive.

Following the Optus and Medibank data breaches, is Australia seen as a “weak target”?

The Australian government is considering a centralized digital ID verification system. The idea is that such a system will allow citizens to verify their ID once, and have businesses refer to that, rather than having citizens verify their ID multiple times. The idea does have some obvious drawbacks like, uh, creating a centralized repository of all Australians’ sensitive data.

To follow up on the above: yes, customers care about privacy, and they will spend more with companies that have responsible data practices.

🔐 Security

The team that maintains OpenSSL, open-source software used to provide encryption for communications, disclosed a pair of vulnerabilities in the most recent version of the software. While initially rated “critical”, they were then downgraded to “high”.  

One in three employees don’t understand the importance of cybersecurity, with a quarter “not even pretending to care about it”.  

Why are there so many data breaches? There’s a growing industry of data brokers, and ransomware is big business—earning criminals US $600 million in 2021.

Threat intelligence firm SOCRadar announced what they claim to be a major Microsoft data breach, though the company disputes the scale of customers impacted.

A Danish train network was stopped in its tracks last week thanks to a cyberattack, which compromised a subcontractors’ testing environment.

‍

📣 The latest from RecordPoint

If the right people can't access important business data, what's the point of collecting it? Data silos, security and privacy concerns, and a lack of trust are holding businesses back from the benefits of collaboration. Learn how to overcome these issues.

Learn how the Australian Institute of Aboriginal and Torres Strait Islander Studies overcame the challenges of a small team and limited data governance, using RecordPoint's machine learning and AI technology to lower compliance risk.

Learn why audit logs matter for security and compliance.