Repossession & Process Serving Firms-Data Security Review
Over the past weeks, we have noticed a number of repossession and process serving clients to become concerned with data security and cyber attacks. An advisory note posted on the governments’ Australian Cyber Security Centre website describes the attack as a “cyber campaign targeting Australian networks”.
The advisory says the attackers are primarily using “remote code execution vulnerability” to target Australian networks and systems. Remote code execution is a common type of cyber-attack in which an attacker attempts to insert their own software codes into a vulnerable system such as a server or database.
The attackers would not only try to steal information but also attempt to run malicious codes that could damage or disable the systems under attack.
Detecting this is hard and would require advanced defensive measures such as penetration testing, in which trained security professionals are known as “ethical hackers” try to hack into a system in an attempt to find potential vulnerabilities.
Information Security Management
As a result of the ongoing Cyberattacks, we see clients focusing on reviewing their third party providers information security and compliance policies.
The client, now more than never, needs to be confident that the data and information transmitted to a third party are secure and managed in the most secure methods possible. The transmission of confidential information to unsecured third parties can be fraught with dangers.
Repossession, Process Serving & Investigations
Currently, there are very few repossession or process serving companies and certainly, no investigation companies that the writer knows of, who hold the necessary international standard ISO/IEC 27001 (INFORMATION SECURITY MANAGEMENT).
As more and more clients request this accreditation, there is now a mad scramble by companies to obtain this standard, as most proactive financial organisations are requesting this standard as a prerequisite to ongoing work with third party agencies.
The only issue is the standard is not easy to obtain and requires constant reviews and accreditation annually. You can rest assured any firm that has achieved ISO 27001 has worked hard and invested countless hours and dollars into obtaining it.
Agencies who hold ISO 27001 allows organisations of any kind to be assured the security of their assets such as financial information, intellectual property, employee details, customers details, or information entrusted is in safe hands.
In APRA’s PRUDENTIAL PRACTICE GUIDE, CPG 234 Information Security, this standard should be a base for dealing with any third party agency that holds your confidential and private information.
At SWA, we have held this standard since 2018. Our clients with the confidence our information security management is first class and continuously under review