Network Security issues at University of Tasmania

Student Name

Student ID

Author Name
Introduction

In this project, the discussion is focused on network security issues. Network security is a strategy that
used by a company to ensure the security of the organizational data including its network traffic.
Network Security deals with both hardware and software technologies. It is a combination of multiple
defensive algorithms at different layers. Various policies and algorithm controls the security at each
layer. Authorized users only can access the network. However, malicious users should be blocked in
order to prevent threats. Due to heavy digitization, many financial and non-financial transactions are
being done on daily basis using the internet. It is very important for the organizations to keep these
transactions secure, as leakage of these confidential data may highly affect the company. Data Breach
is a common issue faced by many companies. It means unintentional or planned release of
confidential data into un-trusted environment. Due to data breach many valuable information can be
leaked in public. It is huge threat to the company as well as the customers whose information are
leaked. The assignment tends to focus on the responsibilities of “PageUp” in an event of data breach
in the company.
Discussion:

Data Breach:

Data breach is a serious issue now days. Data breach can be understood in a simple way it is an
incident in which a individual or a company illegally access the data of a person without the approval.
It is a kind of security breach, which is design to steal all the information or to publish all the
information to an illegal source (Romanosky, Hoffman and Acquisti, 2014). Data breach can also be
classified as a data spill. In a common data breach, information such as credit card numbers, personal
details of a person can be exposed to the third party. It is a serious threat to the users or the customers,
if the company found guilty on data breaches then company will be penalised or they will face the
civil proceedings.

Causes of the breach:

A simple example of data breach is when a hacker hacks into the companies database to steal some
sensitive data about the company or any customer, this can be considered as a high level breaching.
However, a person who is not an employee of a bank and watches all the entries in the computer
system can also be consider as a data breach.

Data breaches can be brought by weak password, laptop and mobile that have been stolen. People
who are using free open Wi-Fi that can capture the login credentials can lead to the exposure of the
data. Mainly the data has been hacked by the Email (Wikina, 2014). In which a hacker will sent a mail
which will be lead to a browser where it will ask the person to provide email id and password, once all
the information is been recorded. It will help the criminals to get all the important content and records
of the company or the individual. Many rivals companies in the same field do the same to get all the
information to compete. These hackers and the cybercriminals causes the data breaches however,
there are also some incidents where the government or the company accidently expose the sensitive
data in public forum. These incidents can be referred as accidental data breaches.

Notifiable Data Breaches scheme (NDB)

The NDB is a scheme, which comes under part IIIC of the Privacy Act 1988, which was recognized
for the requirement of the organization in responding to data breaches. The privacy amendment act
2017 established the NDB in Australia. This scheme is applied to all the agencies and the companies
who have the personal information security obligations under the Australian Privacy act 1988
(Leonard, and Principal, 2018).

The NDB scheme helps the individual to inform him about the data breach of personal information,
which can provide a serious harm to the individual. This kind of information should include some of
the recommendations as if the individual in response to the data breaches that is provided by the
agencies can take what steps. Apart from that the Australian information commissioner is also been
notified about the data breach. If the companies have to notify the commissioner about the data
breach, they can lodge their statement through the NDB statement form (Carter, and Hartridge, 2018).

Importance of NDB

The NDB scheme helps the individual to protect the personal information and improves the simplicity
in the context of the agencies and the organization in respond to the serious data breaches. NDB
supports and improves the community confidence that all the personal information is protected. It
helps to promote the higher principles of personal information security across all the Australian
industries (Carrigan, Gallagher, and Di Marco, 2017).

Response summary on Data Breach:

The below diagram provides a complete overview of a typical response of data breach which includes
the requirements of NDB Scheme.
Notable Data Breaches:

In the recent times, there are many cases of the data breaches in small and large organizations, as well
as the government agencies. A recent case on PageUp, which has been discovered by the company as
some of the data, has been leaked of the employees as well as the clients of the company. The
company has announced about the data breach and the investigation that is going on. Apart from that
in 2013, one more company has been breached by some hacker and exposed the customer’s name and
their credit card information (Cheng, Liu, and Yao, 2017). Later on the company has announced about
40 million customer have been affected by this data breach. By the investigation found that the third
party business partner had been breached. The company access the targets network by providing the
credentials and spread malware to the company’s POS system. The company found guilty and they
have to pay tens of millions in a legal settlement. Moreover, the company’s CEO has resigned from
his post. There are many examples of data breaches in this 21 st century, which causes many
companies to lose their important records and customer data.

Data Breach in Page Up:

PageUp is a multinational software company based in Sydney. Many high profile Australian
companies uses the service of PageUp for their various operations. Especially the services are used for
recruitment purpose. However, earlier this year a data breach was reported in PageUp, due to which a
huge amount of data were compromised. Some of the popular companies that are using the software
services are Wesfarmers, Linfox, ABC and Telstra.

Many job applications were compromised due to data breach occurred. These applications contain
various data that could be extremely useful by frauds. The data include birth date, passport details,
bank account details and tax file numbers. Various government bodies and large private sector
companies were heavily dependent on Page Up for their recruitment process. Nevertheless, due to this
incident, these companies have suspended their sites.

PageUp has more than two million users in 190 countries. The company posted that there was an
“unusual activity” noticed in their system. In addition, they urged their users to suspend usage of their
services for few days to prevent data loss. They also made an investigation team to search the root
cause behind the data breach activity (Sen and Borle, 2015).

The respective clients of Page include:

 NAB (National Australia Bank)

After the investigation, Cyber security experts said that they have not found any further threats in
system. They also said that PageUp is safe for use. As per the forensic report, it is confirmed that
PageUp systems were hacked by and unauthorized person. The incident was happened on 17 th June,
2018.

The date obtained by the hacker is listed below:

Information of employees and former employees of PageUp Clients:

Some personal information of employees was affected. These include contact information of the
employee (name, telephone number, physical address and e-mail address) and employment
information (employment status, company name, job role)

Job Applicants:

These include contact information and employment information during the job application.

It also include biographical details (gender, nationality, DOB and whether the applicant is local
resident or not)

Job References of Client

The references also include applicant information, employment information and contact information

Affect on University of Tasmania

More than 3,500 people were enlisted in the job site of University of Tasmania. Due to the exposure
of data, the e-mails and other valuable information were compromised in the public ( Bill and
Bartels, 2015). The jobseekers who applied through the recruitment site had filled various vital
information such as Bank details, Tax file numbers, employment conditions and various related
personal information. When these data were compromised, it could have cause financial loss of the
jobseekers. However, it was not sure that how many of these people got actually affected due to this
incident.

Further, University of Tasmania (UTA) has suspended all of their recruitment process as a
precautionary step.

Responsibilities of PageUp in context of NDB

The company should provide a secure environment in the web so that further security breach can be
prevented (Martin, Borah and Palmatier, 2017). The company is now associated with Australian
Cyber Security Centre (ACSC), multiple individual security agencies and Australian Federal Police to
deal with the network security issues.

Primarily the company should focus on their IT infrastructure and its firewalls to prevent exposure of
data. The company should take these steps:

Not allowing invaders: The security policies and related protocols should be improved. The IT
system should use algorithms to create a unique security key for a particular authorized person. The
key should be changed periodically in order to increase the security level of the system. PageUp can
implement new policies to improve overall network architecture.

Security architecture may require advanced protection and segmentation: The algorithms should be
kept in various layers so the system to increase the physical level of security. Additionally, advanced
software and hardware can be implemented to strengthen the security ( Savage, Petro and
Goldsmith, Ponoi Corp, 2016). Further, all the data should not be kept in the same place. The data
should be kept in various network drives or servers so that a occasional data breach could not make a
huge impact on the company. The segmentation helps the company to effectively prevent a data
breach. The PageUp can introduce this method to increase their network security.

Introducing key: Various advanced security algorithms and firewalls should be used in the cyber
system. These algorithms should use the basic idea of unique authorized security key for each user
(Haager, Sandwith, Terrano and Saripalli, 2018) . However, an expert or a group of experts should
always monitor these programs to check arrival of potential threats in the system. Further these keys
should be valid only for a specific time intervals. It means each time a user tries to log in to the
system, it will ask some relevant security questions to the user. The system will provide a valid
security key depending on the validity of those answers. If an unauthorized user also fails to provide
correct relevant answer, he will not able to access the system for that time. The user might need to
contact system admin of PageUp for further process.
Conclusion

Based on the project it could be understood that the Data Breach is a serious threat to the company as
it will affect the company’s customers and the employees believe. Data protection is one of the
important works for the company. It could be stated the breach in the PageUp company is also been
discussed as it will provide the clear concept of the data breach as well as the Role of the NDB was
also discussed. How NDB helps the people to have some confidence about their personal information
that will be protected. There are some rules and regulations, which have been set by the NDB, which
has to be followed by the companies in order to protect the data and records of the individual, like
keeping the records in separate systems and the password, which changes day by day, these
Suggestions, may protect the data from theft. Apart from in, this project there is a discussion on how
the companies are responsible for the preventions of the data loss of the companies and the individual.
Reference:

Bill, E. and Bartels, L., 2015. Suspended Sentences in Tasmania: An Analysis of the Impact
of Recent Breach Reforms. U. Tas. L. Rev., 34, p.6.

Carrigan, D., Gallagher, J. and Di Marco, B., 2017. Australia's new mandatory data breach
notification regime: How to prepare your business. Governance Directions, 69(5),
p.280.

Carter, D.J. and Hartridge, S., 2018. Mandatory data breach notification requirements for
medical practice. The Medical Journal of Australia, 209(6), p.1.

Cheng, L., Liu, F. and Yao, D., 2017. Enterprise data breach: causes, challenges, prevention,
and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge
Discovery, 7(5), p.e1211.

Haager, J., Sandwith, C., Terrano, J. and Saripalli, P., Topia Tech Inc, 2018. Systems and
methods for security hardening of data in transit and at rest via segmentation,
shuffling and multi-key encryption. U.S. Patent 9,990,502.

Leonard, P. and Principal, D.S., 2018. The new Australian Notifiable Data Breach Scheme.

Martin, K.D., Borah, A. and Palmatier, R.W., 2017. Data privacy: Effects on customer and
firm performance. Journal of Marketing, 81(1), pp.36-58.

Romanosky, S., Hoffman, D. and Acquisti, A., 2014. Empirical analysis of data breach
litigation. Journal of Empirical Legal Studies, 11(1), pp.74-104.

Savage, C., Petro, C. and Goldsmith, S., Ponoi Corp, 2016. System for providing session-
based network privacy, private, persistent storage, and discretionary access control
for sharing private data. U.S. Patent 9,262,608.

Sen, R. and Borle, S., 2015. Estimating the contextual risk of data breach: An empirical
approach. Journal of Management Information Systems, 32(2), pp.314-341.

Wikina, S.B., 2014. What caused the breach? An examination of use of information
technology and health data breaches. Perspectives in health information
management, 11(Fall).