VET News

2017 NVC Sponsor Guest Blog: VETtrak

Keys to Data Security for Training Providers

RTO’s from all around Australia are given the responsibility of maintaining the security of large quantities of data – much of it personal or sensitive in nature. The VET industry is seen by cyber attackers as an attractive target for stealing personal information and financial gains through ransomware attacks. The Australian government reported that in the past year it handled 10,351 incidents affecting businesses, of which 363 were more serious incidents affecting systems of national interest.

When formulating your plan to protect against data breaches it is important to remember that most breaches occur as a result of complacency and failures in the delivery and management of ICT services and information.  The Australian Red Cross was a victim to this last year in September when a third party ICT service provider inadvertently published blood donors personal information on their public website and was only found 5 weeks later. Spend some time with your IT team or third party ICT service provider(s) to understand how they are protecting you from malicious or accidental data breaches. Administrators need greater access privileges than normal users so they can undertake activities that may impact several users or business processes. Avoid software that gives standard users the same access privileges as administrators. In addition, employees should have individual access credentials for each business system (not shared credentials).

We may live in the Internet age, but many RTO’s will store personal data the old fashioned way - on paper. This will often be as an adhoc backup strategy, computer systems are not trusted and if data is lost online then the fall back is to hunt down enrolment or assessment papers. The same security principals that apply to data stored in computer systems also need to be applied to your filing cabinet full of personal information – what controls are in place for who can access the files? What measures are in place for preventing a data breach? What retention policies are required (special care needs to be taken with sensitive information such as credit card details)?

According to the Verizon Data Breach Incident Report, 63% of confirmed data breaches involved weak, default or stolen passwords. Protect your RTO’s data by choosing passwords that are long and hard to guess. It is also important to change your passwords regularly.  The website https://haveibeenpwned.com/ has a search function where you can check if your email address has been compromised in a known data breach. It also has hundreds of millions of real world passwords that have been exposed in data breaches. A cyber attacker will use this list of passwords in a brute force attack – make sure any password that you use is not in this published list!

How do you recover if your data is lost or damaged? The best insurance is to take regular backups of your data using an automated system. The backups should not be stored on the same computer system (offsite is preferable) and you should regularly test your recovery procedures. This shouldn’t be new to you - It is an ASQA requirement that RTO’s should have a backup of your student data.

Thinking about taking your RTO paperless? Concerned about data security and related compliance issues? Seek out the friendly VETtrak staff at the VELGs National Conference to find out how we can help. We have flexible software and training solutions tailored to the ever-changing VET industry. To find out more about VETtrak – visit https://vettrak.com.au/

Useful Links/Further Reading

https://staysmartonline.govcms.gov.au/sites/g/files/net1886/f/Stay-Smart-Online-Small-Business-Guide_0.PDF

http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf

https://cybersecuritystrategy.pmc.gov.au/cyber-security-strategy-first-annual-update-2017.pdf

https://www.arnnet.com.au/article/625715/red-cross-blood-service-partner-owns-up-data-breach-blunder/

Darcey Newcombe, VETtrak

Date posted Sep 6, 2017