IoT, third parties raise risks in NDB era


By Dylan Bushell-Embling
Tuesday, 24 April, 2018

IoT, third parties raise risks in NDB era

Australian businesses covered by the new Notifiable Data Breach legislation must work to secure access to IoT devices — including access by third parties — before they fall victim to a breach, according to enterprise mobility solutions provider Wavelink.

IoT devices pose a particular security risk to organisations required to ensure their networks are fully compliant with the NDB legislation, the company warned.

The new regime means that the devices and applications of contractors, third parties and guests that plug into an organisation’s network must also be secured.

“Businesses can no longer remain stagnant and fail to act on security and compliance. Organisations of all sizes must ensure they’re in line with the new legislation changes and perform due diligence to ensure their networks are protected,” Wavelink National Business Manager for Fortinet Hugo Hutchison said.

“Security breaches affect a company’s reputation and may result in significant consequences, with the cost and ramifications following a security breach potentially far more than the cost of initial investment in adequate protection measures.”

IoT devices including wearables, voice-activated devices and smart appliances typically do not come with built-in security, which can pose a threat to enterprise networks, Hutchison said.

“Businesses shouldn’t assume that IoT devices are inherently secure because they’re not. Before connecting any IoT device to the network, businesses must change the default usernames and passwords at a minimum. From there, it’s still crucial to implement a security solution that delivers visibility and control into what devices are connected and how they’re being used.”

This is a particular concern in places such as schools and hospitals which are subject to the NDB scheme and tend to have hundreds of users including guests accessing their networks.

If they fail to maintain an appropriate security and compliance system they may be held liable for any data breaches that occur as a result.

Image credit: ©iStockphoto.com/Brian Jackson

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

Secure-by-design software development for digital innovation

The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...

Bolstering AI-powered cybersecurity in the face of increasing threats

The escalation of complex cyber risks is becoming a pressing issue for those in business...

How attackers are weaponising GenAI through data poisoning and manipulation

The possibility for shared large language models to be manipulated through data poisoning...

Content from other channels on our network

EV future for Monash Uni

Shell Cove battery launched on NSW South Coast

Million-dollar rooftop solar for Kimberley hospital

Protecting wildlife from electrical assets — and vice versa

Immersive VR training for electricians

Robotic lab enhances battery manufacturing

Machine learning used to create fabric-based touch sensor

Hybrid sodium-ion battery can be charged in a few minutes

Researchers develop energy-efficient probabilistic computer

Wearable sensor measures real skin feel

'Curving' light beams could enable terahertz comms

Panasonic offers private 5G network testing in Munich

Antenna upgrade enables better sewer management

60 million Aust drone flights predicted for 2043

The fire on Marley's Hill

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd