Search Results

Generic Systems Australia Privacy Policy Generic Systems Australia (“GSA”, “we” or “us) are committed to protecting the privacy of the BUSINESS information we collect. Our Privacy Policy describes how we collect and use your business information where we are acting as a data controller (i.e. where we decide how and why your information is used). This Policy does not apply to personal information we hold as an employer or data processor when acting on behalf of, and in accordance with the instructions of our customers through our customers’ use of GSA services and the software licenced via us. We may make changes to our Privacy Policy from time to time to take account of changes to our standard practices and procedures or where necessary to comply with new laws and regulations. If we make changes, we will update the “last updated” date in the following paragraph, and the latest version will always be available on our website. This Policy was last updated on 1 June 2024 . We encourage you to check our website from time to time to ensure that you are aware of our current Privacy Policy. Types of personal information we collect The types of personal information we collect will depend on the circumstances in which the information is collected. However, the types of personal information we collect and hold about you may include: identifying information, such as your name; contact information, such as your address, email address and telephone/mobile number; usernames and passwords that you create when registering for an account with us; your organisation and position, where your organisation has business dealing with us; information about your occupation and employer organisation; information about how you use the products or services we provide to you; records of our communications with you, such as telephone, email, SMS, online and in person communications; if you visit our offices, images of you which may be captured on CCTV; other information that you provide us during the course of business; and other information that is capable of identifying you. You are always welcome to provide us with comments, queries and feedback in relation to our products and services. We may record and monitor telephone calls and other communications between you and us for training, quality control and compliance purposes. When you communicate with us, we may collect additional information including the languages you speak, how best to manage communications with you, and information about your dealings with us. If you participate in a survey or competition, or respond to a feedback request, we will collect the information that you provide in doing so, and associated information such as when and how you submitted the response. We collect information about people who are our contractors, suppliers and business partners, or who are employed by our contractors, suppliers and business partners. When you do business with us, we may collect information about you from others, such as from others who do business with you. Our website may contain links to third party websites. We are not responsible for the privacy practices or the content of those third-party websites. The privacy practices applicable to those third-party websites may differ substantially from ours, so we advise you to read the privacy policy of those websites before using them. Log data, device and location information When using our products and services (including our website), we will collect information about you and about your use of our products and services, such as which services you use and how you use them. We will collect information such as: user name and password; device information, such as the model and ID of the device you use, operating system, telephone number and mobile phone network; server log information, such as details of how you used the products or service (including our website), IP address, hardware settings, browser type, browser language, the date and time of your use and referral URL; and your browser or your account using cookies (see below for further information about our use of cookies). Our products and services (including our website) may also detect and use your IP address or domain name for internal traffic monitoring and capacity management purposes or to otherwise administer the products and services. The patterns of usage of visitors to the online services may be tracked for the purposes of providing improved service and content based on aggregate or statistical review of user traffic patterns. How we collect personal information We may collect personal information about you in the following ways: when you order products or services from us; when you use our online services and other products and services (including our website); when you visit our sites or offices; when you submit a query or request to us; when you respond to a survey that we run or fill in forms on our website; by tracking your use of our products and services (including our website); from third parties who are entitled to disclose that information to us; from publicly available sources; from online sources (including social media platforms and providers like LinkedIn); suppliers of information products and services (e.g. companies that consolidate data from multiple public sources); or other lawful means. From time to time, we may use third-party online services to collect personal information such as your name and email address or telephone number to administer online competitions, customer feedback and surveys. If you provide us with personal information about someone else, you must only do so if that person has provided their permission for you to do so. Cookies We may also collect personal information about you and your use of our website, products and services using cookies. Amongst other things, we use cookies to monitor and observe your use of our website, products and services, compile aggregate data about that use, and provide you with a more effective service (which may include customising parts of our website based on your preferences and past activities on that website). How we use personal information and our legal basis for using your personal information We use personal information that we collect about you to: verify your identity when you are dealing with us; maintain our relationship with you; determine your eligibility for any of our products or services; answer your queries and requests; enable us to provide you or your organisation with our products and services; use in accordance with any request or instructions from you; make special offers related to our products or services that we think may be of interest to you; keep you informed about our activities and notify you of changes to our products or services; monitor use of our products and services (including our website); provide better products, services and information to our customers and to the community; assess, operate, maintain, upgrade and improve our products and services (including our website); maintain and update our records; carry out market analysis and research; carry out planning and forecasting activities and other internal business processes; manage and resolve any legal or commercial complaints or issues (including debt recovery); meet our obligations and perform our functions under applicable laws and agreements; comply with our legal and regulatory obligations; use as otherwise required or authorised by law or government agency. We may also use your personal information for any other purpose as authorised by you. Our legal basis for the above activities includes: consent; necessary for performance of a contract; necessary for our legitimate interests or the legitimate interests of a third party; necessary for compliance with our legal obligations. . When we have legitimate interests As set out above, in some cases we use your information where it is necessary for our legitimate interests or the legitimate interests of a third party. This includes where the use of your personal information is necessary to: administer our operations and business in an efficient and effective way including undertaking management planning and improving and developing our products and services; for our authorised third-party service providers or others to perform services on our behalf, such as payment processing and data analysis; understand and respond to queries, complaints and feedback; send direct marketing to business contacts; transfer personal information in relation to an actual or proposed sale, transfer or reorganisation of all or part of our business and the acquisition of the business; analyse and optimise our website's content by updating it in accordance with your preferences; ensure network and information security; and enforce our legal rights and manage any dispute and legal claims and take legal or other professional advice. Direct marketing and research If you have given us your consent or if we are otherwise legally entitled to do so, we may use and disclose your personal information for marketing purposes (but we will not sell your personal information to any third party) including contacting you about our products and services (including our website), the products and services of other people, or related special offers from our business partners, that we think may be of interest to you. This information may be sent to you by email, SMS or by other means. We may use your personal information to carry out consumer and market research, compile demographics and perform other research and analysis so that we can develop and implement initiatives to improve our services, improve the design, construction and operation of our products and identify people likely to be interested in our products and services. You can opt-out of receiving marketing communications from us at any time by following the “unsubscribe” link in any communication (or sending a return email with “un subscribe in the Subject line” from us or contacting us using the contact details below. Unsubscribing from marketing communications will not stop service-related communications from us, such as administrative alerts in relation to your account. De-identification We may de-identify information about you so that the information can no longer be used to identify you (anonymisation). We may use and disclose de-identified information in the course of our business (including in any promotional or marketing material). Aggregation We may aggregate information on the use of our products and services (including our website) in such a way that the information can no longer be related to identifiable individuals. We may use and disclose aggregated information in the course of our business (including in any promotional or marketing material). Who we disclose personal information to We may disclose your personal information to: your representatives, advisers and others you have authorised to interact with us on your behalf; controlled entities within our corporate group; our team members and third parties including business partners, consultants, contractors, suppliers, service providers, professional advisers and agents who need the information to assist us with conducting our business activities; prospective purchasers of all or part of our business or shares in our company or a related entity; government agencies or authorities, regulators, law enforcement agencies and other parties where authorised or required by law who ask us to disclose that information and to which we are legally required to disclose your personal information; parties identified at the time of collecting your personal information or as otherwise authorised by you. How we maintain and secure your personal information Security is a priority for us when it comes to your information. We take reasonable steps to ensure that any of your personal information which we hold is accurate, complete and up to date. These steps include promptly updating personal information when we are advised that personal information has changed, checking our contact lists for accuracy, and providing individuals with a simple means to update their personal information. On rare occasions, we also keep hard copy records of this personal information in physical storage facilities. We use a range of physical and technical security processes and procedures to protect the confidentiality and security of the information that we hold, and we update these from time to time. These measures include: implementing physical and technical access and security controls to our physical and electronic databases, such as security procedures for access to our business premises; and technological security procedures including password protection, network firewalls, encryption, intrusion detection and site monitoring where practicable to do so. We also take steps to monitor access to and modification of your information by our team members and contractors, and ensure that our team members and contractors are aware of and properly trained in their obligations for managing your privacy. However, the internet is not a secure environment and no matter what physical and technical security processes and procedures are used we cannot guarantee the security of your personal information. You also play an important role in keeping your information secure by maintaining the confidentiality of any usernames and passwords you use with our products and services (including our website). How long we store your personal information for Personal information is only retained for as long as it is needed for the purpose for which it was collected or as required by law. After the expiry of this period, we will take reasonable steps to make sure its de-identified or destroyed. The criteria used to determine appropriate retention periods for personal information include: the length of time we have an ongoing business relationship with you; the amount, nature and sensitivity of the personal information; whether we have a legal obligation to retain personal information; and whether retaining the personal information is necessary to resolve legal disputes (including the establishment, exercise or defence of legal claims). Your rights Depending on where you are located, you may have a right to: request a copy of your personal information. In relation to personal data you have supplied to us, and which is held by us for the purpose of entering into a contract between us or on the basis of your consent, you may be entitled to ask us for a copy of this information in a structured, commonly used and machine readable format so that you can reuse it or share it with other organisations; object to our processing of your data and ask us to restrict the use of your information and to delete it; or correct or rectify any personal information that is out-of-date, incorrect, incomplete or misleading. Such requests should be submitted to us in writing using the contact details below. We may ask you to verify your identity before responding to your request. We will respond to your request in a timely manner and action your request in accordance with applicable data protection laws. You have a right to withdraw your consent where you have previously given us consent to use your personal information (e.g. to receive marketing communications). You can do this by contacting the Privacy Officer using the contact details below or, where the consent relates to marketing, by unsubscribing using the link in any of our communications. Complaints If you have a concern about your privacy or how we have collected or handled your personal information, please contact our Privacy Officer using the contact details below. If you wish to make a complaint, you should forward a written complaint to our Privacy Officer using the contact details below. In the complaint, please include your contact details (such as email address, name, address and telephone number) so we can contact you for further information and clearly describe the complaint. We will respond to your query or complaint within a reasonable time and in accordance with applicable data protection laws. If you are not satisfied with our response, you may contact us to discuss your concerns or may raise a complaint with your local data protection authority through their official channels. In Australia it is the Office of the Australian Information Commissioner, in New Zealand it is the Privacy Commissioner. Contact us If you require further information this Privacy Policy or Generic Systems Australia’s management of your personal information please contact us via the following contact details: Privacy Officer Phone: +61 2-9959-2239 Email: info@gensys.com.au

Why Automating Encryption and Decryption Makes Cybersecurity Sense How does encryption and decryption work? Which types of encryption are best suited to different data transfer needs? How can encryption be integrated with your existing business technologies? Our guide, Why Automating Encryption and Decryption Makes Good Cybersecurity Sense, offers a quick read of the basics of encryption, answering these questions and more. To Receive Our Report, Please Fill in the Form Below: First name Last name Enter your email address Phone You'll receive the 'Why Automating Encryption and Decryption Makes Cybersecurity Sense' shortly! RESOURCES Receive Report HOME

Our comprehensive Buyer's Guide will help you consider the questions, options and opportunities for finding the right MFT solution for your organisation. To receive a free copy in your inbox, simply share your email address with us below. First name Last name Enter your email address and click "Receive Guide". (We'll protect your privacy as per our Privacy Policy.) Phone Your Buyer's Guide has been emailed to you! RESOURCES Receive Guide HOME

MFT Local Buyer's Guide Finding the right Managed File Transfer solution for your organisation may not be easy... with dozens of factors to consider - including industry and government compliance requirements, cloud vs on-prem solutions, critical cybersecurity protections, pricing models and more. In this MFT Local Buyer’s Guide, you’ll find the key considerations, the questions you need to ask vendors, and a wealth of other advice to help you successfully evaluate MFT solutions. To receive our Local Buyers' Guide, simply submit your email address below: First name Last name Enter your email address Phone You'll receive the Buyers' Guide shortly! RESOURCES Receive Report HOME

< News Balancing Cyber Security with Frictionless Customer Experience 17 June 2025 Cyber thieves are stealing more from businesses than “just” data and money. They’re stealing customer trust. Research shows that customers are increasingly worried about how well companies are protecting their data. And those worries are hurting companies’ bottom lines. Fears Realised Nearly 2 in 5 customers have been the victim of two or more data breaches, according to S&P Global Market Intelligence. A third of the victims of identity theft have experienced it within the past three years. Stuart Vaeth, SVP of strategic business development at Trua, said cyber theft incidents weaken customer trust and brand reputation. “The result can be lost business. It absolutely impacts the reputation of the service provider,” he said. “Obviously, it erodes trust. People may not come back to your site if your data has been breached.” Research by S&P Global Market Intelligence shows that more than three-quarters of customers are concerned about the risk of trying digital experiences or products that require sharing personal data online. This is a serious challenge for businesses who recognise that customer data is essential to providing personalised purchasing experiences. Cyber Security Integral to Customer Experience The safety of customer data is as much a customer experience issue as it is a cyber security one. Sheryl Kingstone, research director of customer experience and commerce at S&P Global Market Intelligence, said that a mistake many businesses make is to look at their customer data “in a silo”. “When we do take a look at things like what CISOs want or what privacy experts want versus what marketing and customer experience teams want, it becomes very complicated, because we need to mind the gaps,” Kingstone said. “There are trade-offs between compliance and the customer experience.” “Security compliance teams look at ensuring risk and compliance. CX leaders want to reduce customer friction points,” she said. Businesses need to balance customer experience with risk and compliance. Vaeth said that, while CX leaders generally aim for zero friction to prevent drop off, some friction can be beneficial. Collecting customer data directly or asking customers for verification can provide reassurance and need not impact drop off rates. Earning Customer Trust One way to earn customer trust and assure customers you take data protection seriously is to show them your credentials. For example, you can display them on your website and in marketing materials. Another way to demonstrate your “cybertrustworthiness” is to let your customers know when you’re investing in new technologies, improving processes and gaining certifications. It demonstrates you’re on a path of continual improvement that can differentiate you from your competitors. Protecting Customer Data Stepping up to the needs of customer data guardianship requires both technology solutions and sound business practices. Layered defences, with integrated solutions that address encryption, threat protection, and data loss prevention, enable safe collaboration without risking malware, mishandled data, breaches and non-compliance. Given most breaches involve a human element, technology solutions need to be automated and easy for employees to use. Software needs to be able to manage: How access to data is granted; How access is authenticated; How access is tracked and controlled; and How access can be speedily revoked, when needed. Layered Protection A standalone managed file transfer (MFT) solution – such as GoAnywhere MFT - is a great first layer of defence. It provides security for files at rest and in-transit. However, integrating Threat Protection as an additional layer enables you to take appropriate action when there’s customer data moving in and out of your organisation. Based on rules you predefine, Generic Systems Australia’s Advanced Threat Protection Bundle can mask, remove, or permit customer data to be moved within your organisation and beyond, via a Secure ICAP Gateway. On Hand to Help At Generic Systems Australia we’re the Asia-Pacific region’s experts in deploying Managed File Transfer and Advanced Threat Protection. We’ve assisted dozens of organisations to protect their customer data and secure their file transfers, while keeping their businesses running smoothly. If you’d like to discuss how we can help you, please feel welcome to contact me . I’m always happy to have an obligation-free chat and explain how simply we can help you maintain your customers’ trust. Attribution: This article includes quotes from an interview originally published on cybersecuritydive.com . Previous Next

< News GoAnywhere declared "Best MFT" 6 Nov 2023 GoAnywhere judged to be Best Managed File Transfer Solution Transferring data is the lifeblood of a modern organisation. Securely sharing critical information between employees, suppliers and customers is essential to efficient operations. Last year, respected tech analysts Info-Tech evaluated the most popular MFT software and vendors. Their analysis, which took into account vendor experience and capabilities, product features and customer satisfaction, found GoAnywhere to be the top MFT solution. So, what led Info-Tech’s judges to recommend GoAnywhere for businesses seeking a secure and efficient file transfer solution…? Unmatched Versatility: GoAnywhere MFT offers an all-encompassing platform for secure file transfers, automation, and seamless cloud integration. Some competitive offerings don’t support Cloud Deployment. GoAnywhere’s versatility and extensive feature set impressed Info-Tech's evaluators, leading them to conclude it was the ideal choice for businesses with diverse transfer needs. User-Friendly Efficiency : User-friendliness is key element of efficient in business operations, and Info-Tech found that GoAnywhere MFT really delivers on this front. From IT specialists to non-technical professionals, the platform's intuitive design streamlines file transfers, task scheduling, and security management. Fortified Security: In this era of increased data breach risk, GoAnywhere’s robust encryption and access controls keep sensitive data protected. Stellar Customer Reviews : 93% of GoAnywhere reviewers said they would likely recommend the solution. The solution’s composite review score was 8.9 out of 10. Budget-Conscious Investment : Info-Tech found GoAnywhere MFT to be a supremely cost-effective solution, with attractive pricing strategies. Responsive Support and Ongoing Updates : Info-Tech applauded GoAnywhere for its responsive customer support and regular updates, ensuring business continuity. Market Leader – for a reason GoAnywhere MFT's combination of versatility, security, ease of use, and budget-friendliness has propelled it to the top of the MFT market, as recognised by Info-Tech. For businesses on the quest for a comprehensive and reliable file transfer solution, GoAnywhere MFT is the smart and strategic choice. Want to Learn More? Generic Systems Australia is the Asia-Pacific region’s leading provider of secure MFT solutions. If you’d like to explore how your organisations’ efficiency and bottom line could be boosted through MFT technology, please feel free to contact our Business Manager , Bradley Copson , for an obligation-free discussion, or read more on our website . Previous Next

SECURE YOUR CLOUD DATA Whether you are already moving select pieces of your business to the cloud, just starting the cloud conversation, or are considering establishing a hybrid environment, you're in good company. Organisations move to the cloud in some fashion for its flexibility, scalability, and faster deployment. However, there is still hesitancy in adapting cloud technology due to security concerns as well as compliance requirements, and a lack of visibility and control. A 2023 Cloud Security Report, which surveyed the challenges and priorities of more than 750 cybersecurity professionals, found that 39% of respondents already have more than half of their workloads in the cloud, and 58% planned to get to that level in the next 12–18 months. However, Cloud security continues to be a significant concern, with 95% of surveyed organisations concerned about their security posture in public cloud environments. In this article, we explore how a robust Managed File Transfer (MFT) solution can help protect your data transfers, in transit and at rest, without compromising the convenience or cost-effectiveness of moving your business to a cloud-based environment. Cloud File Transfers Most organisations oversee dozens (if not hundreds or thousands) of in-house file transfers a day. Whether it’s sending files to employees, transferring reports to trading partners, receiving data from third-party vendors, or collecting sensitive information from customers, it’s all part of the exchange of information that is regularly processed. Where do cloud-based file transfers fit in? Cloud infrastructure can give companies a lot of leeway. Some data can be managed in the cloud, or all of it can be — the choice is entirely up to you. Moving data to the cloud can be as simple as transferring files and folders to whatever storage platform you use with your provider. And with strong encryption and security policies in place, you can control who has access to that business-critical, sensitive data in the cloud. Data that’s been entrusted to the cloud is kept in physical servers and data centres managed by cloud computing services. Almost all file movement between a business, its employees, its trading partners, and its remote locations can happen through the cloud. Sensitive information can move quickly and efficiently between the business and wherever it’s stored (even on servers around the world), which gives organisations the ability to operate smoothly and access their data from anywhere. Because everything is stored off-site, local outages and user errors are minimised, bettering the chances that important, scheduled transfers will complete successfully. The Current State of Cloud D ata Security For cloud computing platforms like Amazon Web Services, Microsoft Azure, and Google Cloud, security of customer data is one of their highest priorities. They have a variety of resources in place to protect their clients’ privacy, but despite their best attempts, these measures don’t always stop data loss, compromised information, or unexpected cloud server outages. Cloud security is a two-way street. Researching each cloud provider’s cybersecurity methods and selecting the best one for your organisation is imperative — a positive step toward ensuring your data’s integrity. But it’s not the only step. IT teams are just as responsible for the security of their sensitive business data as the cloud platforms that hold it. Whether your organisation is thinking of deploying to the cloud or already has, you'll need to perform due diligence regarding your processes and policies. Start by asking questions like these: What are our top security considerations? How will our IT team processes change? What vulnerabilities have been introduced or addressed from moving to the cloud? Do we have points of failure that should be planned for? Are cloud file transfers properly encrypted to minimise risk of data breaches? Protecting Your File Transfers Many of these questions are subjective, of course. Each IT team is likely to answer them in different ways, based on your company policies and processes. But to achieve the best possible cloud security, don’t overlook the current state of your file transfers. Encryption is often the last line of defence between a malicious user or human error and sensitive information. If, however, data is properly secured with strong encryption protocols during transfers as well as when idle and sitting on a server, a cloud breach is far less likely to result in data exposure. For those who must comply with regulations like HIPAA, GDPR, GLBA, PCI DSS, and SOX, following encryption requirements in the cloud comes with extra benefits — as long as the keys for encrypted data are safe, breached information can’t be read, preventing hackers from selling or otherwise exploiting your or your customers sensitive data. File Transfers and the Cloud When moving your data between your network and the cloud, it’s considered best practice to always encrypt your files and protect your communication using secure network protocols like SFTP, FTPS, or SCP. Your files, databases, and even entire folders should be encrypted at rest, too, whether or not the cloud platform you’ve chosen already secures it. A common dated (and not recommended) approach to file transfers uses custom scripts created by internal programmers. The scripts often include commands for encryption, which may or may not be simple to modify, depending on your team's given skillset. While this file transfer process "can" work for a while, as it addresses basic company needs initially, as the number of file transfers rise, so does the difficulty of maintaining a homegrown solution. And that’s not including other possible roadblocks, like an inability to handle logging capabilities or alerts when a file transfer fails. Managed file transfer solutions provide organisations with helpful, robust features that enable them to grow with their data exchange requirements –– especially beneficial when moving to a cloud environment. GoAnywhere Managed File Transfer GoAnywhere MFT eliminates the need for homegrown scripts and multiple programs by streamlining the file transfer process. It can be installed in a cloud-based environment (single or multi) or on-premises via a variety of platforms, giving you full control of your deployment. Transfers can be scheduled and automated with custom workflows (projects), and data can be sent securely between systems, employees, customers, and trading partners. Meanwhile, administrators are given a single point of control with extensive security settings, audit trails, and reports, greatly reducing the possibility of user errors and oversights. GoAnywhere also provides high return on investment by reducing the time spent on manual labour, improving the quality of file transfers, making security more cost-effective, and helping organisations meet a variety of requirements including PCI DSS, HIPAA, GDPR, and FISMA. MFT Security and Encryption All file transfers are protected with popular encryption protocols, including SFTP, FTPS, FTP, SCP, AS2, HTTPS, Open PGP, and ZIP with AES. In the GoAnywhere MFT solution. A built-in key manager allows administrators to create, import, export, and manage Open PGP keys, SSH keys, and SSL certificates. And for those who must comply with FIPS 140-2, validated encryption ciphers can be enabled for SSL and SSH protocols. GoAnywhere offers connections to a variety of servers and guarantees file delivery by using connection retries and file auto-resume. Admins can monitor transfer success, review account activity, and authenticate user access from anywhere via GoAnywhere’s browser-based interface. Beyond basic encryption practices and features, GoAnywhere also addresses several business requirements for the cloud. GoAnywhere and Amazon EC2 For organisations that use AWS as their cloud provider, GoAnywhere MFT easily integrates with Amazon Elastic Cloud Computing (EC2). You can find, and quickly install, GoAnywhere MFT on Amazon's AWS Marketplace. You can use GoAnywhere’s secure FTP technology to protect sensitive file transfers with strong encryption technology and modern authentication methods. This creates encrypted tunnels between client and server systems and provides confidentiality and integrity to critical transmissions. Secure FTP also protects any user credentials that flow over the connection. Do you need to address high volumes of file transfers in your organisation? With GoAnywhere’s clustering technology, file transfers and other processes can be distributed across multiple Amazon EC2 instances for load balancing. And when an instance is taken offline, file transfers and jobs will be automatically routed to other installations in the cluster. GoAnywhere and Microsoft Azure For organisations that use Microsoft as their cloud provider, GoAnywhere integrates with Azure to provide IT teams with secure file transfers between all active parties. Installing and running GoAnywhere MFT on Azure is an effortless process, as everything you need is included, reducing the need for additional third-party solutions. You can install GoAnywhere on your choice of Azure-supported Windows or Linux operating systems, then set up your trading partner accounts and file transfer processes. GoAnywhere’s intuitive design and modular features allow you to be up and running on Azure quickly. If you want to scale GoAnywhere on Azure, file transfers and other processes can be distributed across multiple Azure VM instances for load balancing. Connections to a variety of databases including Microsoft SQL Server through GoAnywhere, and user accounts can be authenticated against Microsoft Active Directory to simplify user management for your file collaboration needs. Conclusion Organisations worldwide have already, or soon will be turning their focus to the cloud. Yes, security will continue to be an issue in all configurations of technology on-premises, in the cloud, or in hybrid situations. And moving to the cloud isn't without risk. To help prevent data loss, IT teams must do due diligence and take steps to protect their data — starting with their cloud file transfer process and solutions. Implementing a managed file transfer solution like GoAnywhere MFT enables businesses to control how their data is protected, in transit and at rest. Through strong encryption protocols, file monitoring, and integration with Amazon EC2 and Microsoft Azure, IT teams can rest assured that organisational and customer data is safe in a variety of environments without running outdated, unsecure expensive, time-consuming scripts and programs. Is it time to enhance the security of YOUR cloud data? If you’d like to discuss how GoAnywhere MFT can enhance the security of your organisation’s cloud data, please feel welcome to reach out to our Business Manager, Bradley Copson. He’s always happy to have an obligation-free discussion, explain how quickly and easily we can transition your organisation to the class-leading MFT solution, and offer you a zero-cost Proof of Concept. At Generic Systems Australia, we’re your local experts in secure Managed File Transfer. RESOURCES HOME

Our Annual Upgrade and Health Check Service provides dedicated resources to update your organisation’s GoAnywhere environment to the latest version. One of our experienced local Technical Consultants will review your organisation’s upgrade strategy, conduct a Health Check of your system and consult with you on any risks and compatibility issues potentially associated with your upgrade. Review product datasheet below: RESOURCES HOME

New Cyber Laws Passed – What Australian Businesses Need to Know and Do Earlier this week, the Australian Parliament passed a suite of legislative reforms designed to enhance Australia’s cyber security. The reforms include a raft of new requirements and obligations on Australian businesses. About the Legislation Based on recommendations by the Parliamentary Joint Committee on Intelligence and Security, the new legislation addresses a number of proposals initially set out in Australia’s 2023 – 2030 Cyber Security Strategy, and spans three separate Acts: the Cyber Security Act 2024 (Cyber Security Act); the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024; and the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Act 2024 (SOCI Amendment Act). Mandatory reporting of ransom payments, and the introduction of a new voluntary information sharing regime, will have the most immediate impact on organisations. Mandatory reporting of ransomware payments Ransomware attacks are rife across Australia. The Australian Signals Directorate (ASD) reported that this form of cyber extortion accounted for 11% of all cyber incidents to it in 2023-2024, up from 8% in the previous year. The Government had previously pursued a ban on ransom payments. However, its position has since moderated somewhat. The Cyber Security Act only requires organisations to report ransomware payments to the Department of Home Affairs and the ASD. This new reporting obligation will commence at latest six months after the Act receives royal assent (potentially earlier by proclamation) and applies broadly to: organisations which are a responsible entity for a critical infrastructure asset; and other private sector organisations which conduct business in Australia with an annual turnover exceeding a threshold (to be specified - likely to be A$3M). Ransomware reports are required to be made within 72 hours of making a payment (not the receipt of a demand or the discovery of a ransomware attack). Difficult Decisions The requirement to report payments will need to be taken into account by Boards when considering whether to pay a ransom. The Government’s general view on ransoms continues to be that organisations should not pay them. It reasons that payments don’t guarantee the recovery or confidentiality of stolen data, but do encourage cyber attacks to proliferate. Organisations in receipt of ransom demands are left to ponder several competing considerations… Paying a ransom could potentially contravene sanctions (such as the one imposed on Aleksandr Ermakov, the individual responsible for the 2022 Medibank data breach) or anti-money laundering laws. Company Directors fulfilling the duty of care to act in the best interests of their organisation will need to balance the risks of payment - commercial damage, incentive to re-target, uncertainty of data recovery – against the risks of not paying - loss of systems data, reputational damage, third party claims, lost customers and business disruption. If a ransom payment is made, then the new mandatory reporting obligation will be in addition to other applicable reporting requirements an organisation is subject to. These could include the Privacy Act 1988, the SOCI Act, and continuous disclosure obligations under the ASX Listing Rules and CPS 234. In fact, it’s important that Cyber Incident Response plans developed by organisations specifically address these overlapping requirements, taking into account the various regulators and timeframes of each. Be aware that, for any entities regulated under the SOCI Act, it’s also conceivable that the Government could use its directions power to direct an entity to pay - or not pay - a ransom. An organisation which fails to comply with mandatory ransom reporting will incur a civil penalty of 60 penalty units (currently A$93,900). Voluntary reporting regime A new National Cyber Security Coordinator (NCSC) is being established under the Cyber Security Act to lead a whole-of-government response to significant cyber security incidents. The Act provides a framework for the voluntary disclosure of information by any organisation operating in Australia, or any responsible entity under the SOCI Act, to the NCSC relating to cyber security incidents. However, it imposes various limitations on how the NCSC may further use and disclose information voluntarily provided by entities, depending on the significance of the incident. Non-significant cyber security incidents: Information can be used for limited purposes such as directing the reporting entity to assistance services, coordinating a government response, and informing Ministers. Significant cyber security incidents: Information can be used for broader ‘Permitted Cyber Security Purposes’. These include preventing or mitigating risks to critical infrastructure or national security, and supporting intelligence or enforcement agencies. A cyber security incident is deemed “significant” if: there is a material risk that the incident has seriously prejudiced, is seriously prejudicing or could reasonably be expected to prejudice the social or economic stability of Australia or its people, the defence of Australia or national security; or the incident is, or could reasonably be expected to be, of serious concern to the Australian people. Information voluntarily provided by organisations to the NCSC is subject to limited use protections similar to those which apply to information disclosed as part of a ransomware payment report. The new voluntary reporting regime and corresponding limited use protection has come into immediate effect. Limited use protection The Cyber Security Act outlines how businesses should work with the NCSC and other government agencies to obtain assistance and guidance when responding to cyber incidents. It also provides businesses with certain limited use protections when collaborating with the government’s cyber security agencies - a legislative foundation for the CISA Traffic Light Protocol government agencies have recently offered when assisting organisations. Such protections were requested by business lobby groups. They provided feedback during the public consultation period that disclosing information about a data breach could risk exposing an organisation to further regulatory or enforcement action, adverse publicity and litigation. Further, if disclosing a cyber incident was determined to be against an organisation’s best interests, its directors could potentially be in breach of their duties in approving the disclosure. That could in turn expose directors to enforcement action from ASIC. Counterweighing these concerns, the Government believes that sharing information on current threats and incidents can help other organisations avoid similar incidents. In balancing these competing interests, the Cyber Security Act limits the purposes for which information contained in a ransomware payment report or voluntarily report provided to the NCSC can be used or disclosed. The NCSC (and any Government agency it coordinates with) cannot record, use or disclose the information provided for the purposes of investigating or enforcing or assisting in the investigation or enforcement of any contravention of a Commonwealth, State or Territory law. An important exemption from the limited use protections are that crimes and breaches of the limited use protections created by the Act. In this way, the protections stop short of being a full “safe harbour”. Information provided under these protections isn’t admissible in evidence against the disclosing entity, including criminal, civil penalty and civil proceedings (including a breach of the common law). And, the provision of information to the NSCS does not affect any claim of legal professional privilege over the information contained in that information. These limited use protections will be of value to organisations disclosing information to the Government about cyber incidents. However, directors should bear in mind the notable gaps in the protection they provide. For example: Information provided can’t be used or disclosed for the purposes of investigating or enforcing any contravention by the reporting entity of another law (whether federal, state or territory), other than a law that imposes a penalty or sanction for a criminal offence. This means that if the ransomware report indicates that a payment was made in breach of relevant sanctions laws, then the limited use protection will not prevent the use of the report in a subsequent investigation or enforcement action. While information provided to the NCSC cannot be obtained from the NSCS by regulators or government agencies, the protection offered under this Act does not prevent regulators from obtaining the underlying information through other means, including via regulatory investigatory powers or where provided under other mandatory reporting regimes, such as those in the Privacy Act 1988, the SOCI Act, the Telecommunications Act 1997 and the ASX Listing Rules continuous disclosure obligations. So, cyber incident notifications provided to the ACSC under the SOCI Act are not captured by the limited use protection, even if that information is also voluntarily provided to the NCSC or detailed in a mandatory ransomware report. A similar limited use protection has been introduced via the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 for cyber incident information voluntarily shared with the ASD. Other Inclusions in the Legislation This article has focused on developments within the new Cyber Security legislative reforms which will most impact companies and organisations. However, in the interests of completeness, here is a brief overview of other key developments covered in the legislation: Mandated Security Standards for Internet of Things (IOT) Devices. These standards will be detailed in legislative rules, with suppliers required to provide a statement of compliance for devices supplied to the Australian market. New Cyber Incident Review Board. This independent advisory body will be empowered to conduct no-fault, post-incident reviews of significant cyber security incidents and provide recommendations and information to both the private and public sector. It will have the power to compel entities to provide information about significant cyber security incidents. Critical Infrastructure definition expanded. Data storage systems which hold business critical data have been added to the definition of critical infrastructure assets. This closes a gap in the regulations which became apparent in the aftermath of the Optus and Medibank data breaches. Expanded Incident Response Powers. The Government will now have the power to direct an entity to take, or not take a specific action, in the event of a cyber incident affecting critical infrastructure. Security and incident notification obligations moved from the Telecommunications Act 1997 to the SOCI Act, consolidating the cyber obligations of telecommunication carriers and carriage service providers under a single piece of legislation. What Organisations Should Do Cyber security response plans should now be reassessed and upgraded to ensure they align to the new mandatory ransomware reporting requirements. Playbooks and procedures should take account of how an organisation plans to engage with cyber security authorities, bearing in mind the extent - and limitations - of the defined limited use protections. Focus on preventing cyber incidents - not just responding to them. A Managed File Transfer (MFT) solution such as GoAnywhere MFT can encrypt data at rest and in transit, complying with the highest data security standards. It manages inbound and outbound file transfers across an organisation, using industry-standard file transfer protocols and encryption to protect your data. Advanced Threat Protection and Adaptive Loss Prevention add a further layer of defence. SFT Threat Protection facilitates safe collaboration with external parties, helping to prevent malware from entering an organisation, and reducing the risk of employees losing or mishandling sensitive data. Finally, organisations should seek professional legal counsel in determining and responding to their obligations and responsibilities under the new Cyber Security legislative reforms. The information provided in this article has been general in nature, and the interpretations and advice outlined above should not be interpreted as professional legal advice.

< News Why Your Business Can't Rely on Employee Cybersecurity Training 29 Oct 2025 The employee cyber security training programs implemented by most large companies don’t reduce the risk of their employees falling for phishing scams. That’s the shocking conclusion of recent research evaluating the effectiveness of two common types of cybersecurity training.  Phishing is a deceptive tactic in which attackers impersonate trusted entities to trick individuals into revealing sensitive information like passwords, credit card numbers, or personal data.  It continues to be the most common form of cyber attack, and leads to the greatest number of cyber infiltrations. Testing the Defences To test the effectiveness of anti-phishing training, researchers sent 10 different phishing email campaigns to 19,500 employees at UC San Diego Health over an eight month period.  They found that there was no significant relationship between whether an employee had recently completed mandated cybersecurity training and whether they then fell victim to a phishing email. Researchers also tested whether sharing anti-phishing information after an employee fell for a phishing scam improved the employee's ability to detect a subsequent phishing attempt. However, once again, they observed very little difference in repeat failure rates. In fact, embedded phishing training only reduced the likelihood of an employee clicking on a phishing link by a mere 2%. Why training fails Research study co-author Grant Ho said a key reason the anti-phishing training isn’t effective is that most employees don’t engage with embedded training materials.  75% of users in the study engaged with embedded training materials for a minute or less, and a third closed embedded training pages immediately, without reading them. He recommended that organisations refocus their efforts to combat phishing on technical countermeasures. Technical Countermeasures One of the first and best lines of defence against phishing is to prevent malware and suspicious links before they can reach employees’ devices.  At Generic Systems Australia we combine the world’s leading Managed File Transfer solution, GoAnywhere , with Advanced Threat Protection to deliver a proactive, multilayered defence against both external threats and internal data leakage.  GoAnywhere provides secure encryption, access controls and audit trails for file transfers, while ATP enables your organisation’s email system to automatically detect and prevent phishing links and other malware from entering your organisation. Here to Help At Generic Systems Australia we have decades of experience helping Australian and New Zealand organisations protect themselves against malware and other cyber attacks. Our Migration Service makes the transition even easier for organisations who prefer to let their team get on with their regular work rather than taking time out to improve their IT plumbing. If you’d like a no-cost, no-obligation discussion about how we could help you simply and affordably adopt an advanced MFT and ATP solution, please feel welcome to get in touch with me. At Generic Systems Australia, we’re your local experts in Secure Managed File Transfer. Previous Next