Keeping your data safe: The importance of cybersecurity

In recent years, cybersecurity has gone from being a specialised field of IT operations to a major preoccupation of senior executives in all kinds of organisations. One reason is that, under Australian company and privacy legislation, executives and boards can now be held responsible for data and financial losses due to insufficient security measures. Another is that, as we digitally transform our operations and move infrastructure to the cloud, we feel more vulnerable to cyberattack.

Further, the risks and costs are now proven; highly publicised data breaches and denial of service attacks have crippled global organisations, causing irreparable financial harm and long-lasting brand damage. It has recently been acknowledged by our Prime Minister, Scott Morrison, that state-sponsored attacks have been mounted not only on our economy, but on our research and political institutions as a kind of cyber warfare. To combat this threat, Morrison’s committed $1.664bn of federal spending over the next decade.

In such an environment, TechnologyOne is proud to have leapt another significant security hurdle — becoming the first enterprise software provider to earn assessment under the Australian Government’s Information Security Registered Assessors Program (IRAP) for PROTECTED classified data.

What is IRAP?

IRAP is operated by the Australian Cyber Security Centre and assesses products in terms of their use under government information security ratings. Our ERP SaaS platform was previously rated as ‘OFFICIAL: Sensitive’ — but achieving IRAP assessment for PROTECTED classified data is of great value to our Federal Government customers, as we can now store and process any classification of data up to and including PROTECTED. As the former head of the ACSC, Alastair MacGibbon has noted, this upgrade comes at a critical time for the nation.

“The more protected systems across government, the better. In security, you’re only as strong as the weakest link,” he said. “Smaller government agencies are exposed to the same risk and threats as their larger counterparts, but often have fewer resources to mitigate them. I applaud any company, particularly a sovereign Australian one, that is looking to raise security by design and default.”

Unless your organisation is a Federal Government agency, there is actually no need for your suppliers to undergo IRAP assessment. But TechnologyOne having done so across our entire platform — including the 14 products operating on it — highlights our commitment to cybersecurity. We’ve set about to raise the bar for all our customers — at no extra cost.

How else do we protect our customers?

IRAP assessment for PROTECTED data is just the most recent in the security and quality accreditations and certifications we have invested in heavily over many years. We know that our customers need maximum comfort that their organisation’s data is safe, especially when it is off their premises.

For organisations preparing to transition from an on-premise ERP solution to our SaaS platform, security is one of the top three concerns they discuss with us.

Due to our investment in securing our SaaS platform — and the expertise and experience of our security professionals — sensitive data is almost certainly better protected on our platform than it could be in a customer’s own data centre. As a SaaS solutions provider, security risk mitigation is core to our business as a trusted advisor to key industries and governments around the world.

How must you help yourself?

While you can entrust us to care for your information held on our SaaS platform, this doesn’t let you off the hook. You are still responsible for your own people and processes, in terms of reducing cybersecurity risk to your operational, financial, customer and employee data.

According to the Office of the Australian Information Commissioner — the federal agency to which all data breaches must now be reported — approximately a third are the result of human error. This can happen in government too — with DFAT recently revealing the identity of thousands of Australians trying to return home in three incidents within three months.

While advanced email security tools can now catch the vast majority of phishing attempts, training all of your employees on a regular basis about how to recognise those that slip through is still essential. As is awareness of social engineering, another method used to gain access to your systems in order to steal data.

In summary…

By undergoing IRAP assessment, we have ensured a higher level of security for not only our Federal government but for all of our diverse customers. This measure is just one of the many that we continuously put in place across our global ERP SaaS solution.

We have been partnering with key industry players for 30 years now — and all this is part of our commitment to deliver the most trusted platform and be a trusted advisor.

If you would like to know more about our investment in and commitment to SaaS security, visit our website.

Image credit: ©stock.adobe.com/au/Gorodenkoff