Search Results

< News New Security Standards for NZ Government Agencies 24 June 2025 New Zealand's National Cyber Security Centre (NCSC) has drafted Cyber Security Standards which government agencies will be required to adopt and implement later this year. The new standards outline the minimum cybersecurity practices that agencies must adopt for their business-critical and external-facing systems. In general terms, they require that cyber security policies, capabilities, controls, and practices must be well-formed and repeatable. The Standards 10 draft Standards are currently being discussed with agencies and industry partners as part of pre-implementation consultation and feedback gathering. They are: 1. Security Awareness 2. Risk Management 3. Assets and their Importance 4. Secure Software Configuration 5. Patching 6. Multi-factor Authentication 7. Detect Unusual Behaviour 8. Least Privilege 9. Data Recovery 10. Response Planning Maturity Model The draft Standards feature a built-in Capability Maturity Model (CMM) to help agencies standardise how they measure, track and improve their cyber risk management over time. CMM1 “Informal”: Security capability may be ad-hoc, unmanaged or unpredictable. Success may rely on individuals rather than institutional capability. CMM2 “Planned and Tracked”: Security capability is well formed in designated business units. The security policies, capabilities, control and practices are in place and repeatable. They are designed to meet the organisation’s core security requirements. CMM3 “Standardised”: Security capability is standardised, integrated, understood and followed consistently across the enterprise. Security is well-governed and managed at an enterprise level. CMM4 “Quantitatively Controlled”: Security capability and performance is measured, monitored and objectively and quantitively controlled. Security measures are hardened in response to performance alerts. Security is a strategic focus for the organisation. CMM5 “Optimising”: Security capability adapts to a dynamic, high risk operating environment. Practices are generally recognised as world-leading and have near real-time measurement and response mechanisms. Agencies will be required to meet at least Capability Maturity Model level two (CMM2) for their business-critical and external-facing systems. Consultation Phase underway The NCSC began consulting with affected agencies and industry partners on 16 June. Discussions will continue until 4 July 2025, with final Standards planned for publication in October 2025. Agencies will be required to report on their implementation of the standards as part of Protective Security Requirements reporting process (a framework for managing security within NZ government organisations) in April 2026. The initial draft of the NCSC’s Minimum Cyber Security Standards are available for download from the NCSC website . MFT as a Baseline Protection Tactic NZ organisations seeking to step up to the new minimum standards should carefully consider installing a Managed File Transfer (MFT) solution as an initial step. This relatively simple enhancement to IT systems puts organisations miles ahead of businesses still using risky and outdated FTP (File Transfer Protocol) or email to transfer files. MFT centralises data transfer and - more importantly - applies policies to data to protect it from threats such as inbound malware and employees sending files via ad hoc platforms outside the defensive perimeter (e.g. Google Drive and Dropbox). MFT has the built-in advantage of “forcing” the application of policies designed to better protect data such as encryption, monitoring, and auditing. Expertise Close at Hand No-one better understands local MFT needs and best practices than Generic Systems Australia. Our team has decades of experience helping organisations implement the world’s leading MFT solution. Our Migration Service makes the transition even easier for busy agencies who would rather focus on their core mission than their IT systems. If you’d like a no-cost, no-obligation discussion about how we could help you simply and affordably adopt an advanced MFT solution, please feel welcome to get in touch. At Generic Systems Australia, we’re your local experts in Secure Managed File Transfer. Previous Next

< News Why has Managed File Transfer become a “Must-Have”? 29 Apr 2025 The rise and rise of interconnected business and cloud data storage has made it more challenging than ever for organisations to secure their electronic perimeters. It’s no longer enough to monitor on-premise systems and internal networks. For the value of data to be unlocked, it must be active. However, the very act of transmitting your valued data exposes it to increased risk of interception, hijack and exploitation. Any electronic exchange with business partners, suppliers and customers is at risk. Storing and retrieving data with cloud providers further exacerbates that risk. Cyber Crime Wave In 2024, cybercrime cost Australian organisations an average $4.2M per breach, a significant increase from previous years. Small businesses reported an average cost of $49,600 per cybercrime incident, while individuals reported losses averaging $30,700. The Australian Signals Directorate (ASD) received over 87,000 cybercrime reports during the year. It’s generally easier to build cyber security defences around static, on-premise data. However, that leaves the majority of business data interactions vulnerable. This is where a Managed File Transfer (MFT) solution – enabling more secure and more efficient data sharing – plays a crucial role. MFT in the Defensive Line MFT protects the movement of messages, data and files inside and outside of an organisation. And as a bonus, it also makes that movement more efficient and reliable, outpacing and outperforming applications such as file transfer protocol (FTP), hypertext transfer protocol (HTTP), and secure file transfer protocol (SFTP). When you consider the advantages MFT offers modern, data-driven enterprises, it’s unsurprising that its popularity continues to surge past its 2024 estimated global value of $12.6B. Encryption : MFT employs robust encryption algorithms, reducing the risk of data breaches during transit. Features like Access Controls, and Multi-factor Authentication, safeguard sensitive information from unauthorised access. Efficiency : MFT automates repetitive tasks. This not only reduces human error, it saves significant employee time. Through scheduling of file transfers, monitoring of progress, and automatic error-handling, it enables a significant boost to operational efficiency. Compliance : In industries with strict regulatory requirements, MFT helps companies meet compliance standards (e.g. HIPAA and GDPR) by automatically maintaining detailed logs and audit trails. Scalability : Through its ability to handle large file transfers and an ever-growing number of users, MFT is able to grow in sync with an organisation's needs, while maintaining superior performance. Collaboration : In addition to improving business processes within an organisation, MFT facilitates seamless collaboration with external partners, suppliers, and customers, fostering strong relationships built on shared trust and reliability. Local MFT Experts At Generic Systems Australia we have decades of experience installing and customising MFT solutions to suit the needs of Australian and New Zealand businesses. If you’d like to explore how MFT can boost your organisation’s security and efficiency, please feel welcome to get in touch . I’m always ready to have a broad-ranging, no-obligation discussion. If you’d like, I can even organise a quick proof-of-concept to demonstrate how MFT can be easily tailored to your organisation’s specific needs. At Generic Systems Australia, we’re your local experts in Managed File Transfer. Previous Next

< News Is It Time Your Company Upgraded from Ad-Hoc File Sharing? 18 Mar 2025 The Global File Sharing market is booming . Uptake of services such as Dropbox, Google Drive, Box, Microsoft OneDrive, Citrix ShareFile, Egnyte, Zoho Docs, IBM FileNet, SharePoint, Adobe Document Cloud, M-Files, Accellion, Syncplicity, SugarSync, WeTransfer has never been stronger. These "ad-hoc" file-sharing applications are certainly popular. However, are companies that permit their proliferation unwittingly taking risks with their data and foregoing productivity gains? Picking Up Where Ad-Hoc Drops Off Managed File Transfer (MFT) generally outperforms ad-hoc file sharing services due to its enhanced security, automation, and centralised management capabilities. These additional capabilities are crucial for handling sensitive data and ensuring compliance with industry standards. Here's a breakdown of why MFT may be the better solution for your company… Enhanced Security MFT solutions offer robust encryption, secure protocols (like SFTP, FTPS), and robust auditing capabilities, ensuring data confidentiality and integrity. Ad-hoc services, while offering some security features, may lack the comprehensive security controls needed for enterprise-level data protection. Automation and Efficiency MFT platforms automate file transfers, reduce manual errors, and streamline workflows, improving efficiency and reducing IT overhead. Ad-hoc services require more manual intervention and can be less efficient for large-scale or complex file transfers. Centralised Management MFT provides centralised control and visibility over file transfers, allowing IT teams to manage access, monitor activities, and enforce policies. Ad-hoc services often lack this level of control, making it difficult to manage and audit data transfers. Compliance and Auditing MFT solutions facilitate compliance with industry regulations and standards by providing comprehensive audit trails and reporting capabilities. Ad-hoc services may not offer the same level of auditability, making compliance more challenging. Scalability and Reliability MFT platforms are designed to handle large volumes of data and complex transfer scenarios, ensuring scalability and reliability. Ad-hoc services may struggle to handle large files or complex transfers, potentially leading to delays or failures. Free Demonstration? At Generic Systems Australia , we’re your local experts in secure managed file transfer. We have decades of experience helping local companies like yours embrace and leverage MFT’s capabilities and advantages. If you’d like to see first-hand how MFT can keep your data safe and boost your team’s productivity, please feel welcome to get in touch . We can have an obligation-free chat, and I can even arrange a free Proof of Concept for your organisation. Previous Next

< News $21T at stake as Medibank pursued over cyber breaches 6 June 2024 Australia’s privacy watchdog has announced it will take legal action against Medibank Private for allegedly failing to protect the medical details of 9.7 million Australians. Russian cybercriminals hacked and then sold the deeply personal medical details of some Australians in 2022. The Office of the Australian Information Commissioner alleges Medibank “failed to take reasonable steps to protect personal information it held given its size, resources, the nature and volume of the sensitive and personal information it handled, and the risk of serious harm for an individual in the case of a breach.” Contraventions of section 13G of the Privacy Act for each of Medibank’s 9.7 million customers could attract a maximum civil penalty of up to $2,220,000 each – that’s $21 trillion in total. Medibank has said it will defend the proceedings. The potential size of the claim shows the watchdog’s intention to warn other companies about their responsibility to protect citizens’ data they collect. “Organisations that collect, use and store personal information have a considerable responsibility to ensure that data is held safely and securely. That is particularly the case when it comes to sensitive data,” Privacy Commissioner Carly Kind said. “This case should serve as a wake-up call to Australian organisations to invest in their digital defences to meet the challenges of an evolving cyber landscape. Organisations have an ethical as well as legal duty to protect the personal information they are entrusted with and a responsibility to keep it safe.” If you’d rather prevent cybertheft than defend it in court, consider how a Managed File Transfer solution can help protect your data in transit, at rest, and in the cloud. Our free resources are a good starting point, and our Business Manager Bradley Copson is always happy to have an obligation-free discussion and provide a free Proof of Concept. Previous Next

< News GoAnywhere's Cloud Connectors 17 Mar 2024 Seamlessly integrate GoAnywhere with External Services via Cloud Connectors Cloud Connectors enable you to easily and securely transfer files between your organisation and external cloud services and applications. Also referred to as “cloud integrations”, Cloud Connectors offer out-of-the-box connectors for GoAnywhere to popular services including Salesforce, SharePoint Online, Microsoft Dynamics 365, Box, and Dropbox. For example: Let’s say one of your trading partners requests an important file and wants you to share it via a folder in Dropbox. Or perhaps you have contacts or billing information you want to update automatically in Salesforce. Cloud Connectors enable you to easily do so. Broad Range Cloud Connectors are easily downloaded from GoAnywhere MFT’s integrated Marketplace, which features Connectors for the most commonly used cloud services. These include: • Alibaba Object Storage Service • Amazon Cloud Trail, CloudWatch, EC2, Lambda, SNS, and SQS • Atlassian JIRA • Automate Plus • Azure Data Lake Storage Gen1 (superseded by Gen2) and Storage Queue • Box • Citrix ShareFile • Dropbox • Egnyte • GateScanner CDR • GoAnywhere Command • Google Cloud Storage, Drive, and Translate • JAMS • Jenkins • Microsoft Dynamics 365 Business Central, 365 CRM, OneDrive, Sharepoint Online and Sharepoint On-Premise • OPSWAT MetaDefender • Salesforce • ServiceNow • SMA OpCon Scheduler • SOS Berlin JobScheduler (Online version not supported) • Trello • Veeva CRM • Votiro • Webdocs • Zendesk (Online version not supported) Cloud Connectors can integrate with available on-premise and online versions of third-party software unless otherwise noted. How to Configure Cloud Connectors Once a Cloud Connector is installed, you can configure the connection properties as a GoAnywhere Resource. With this resource, you only need to specify the connection once before being able to seamlessly reuse it in any of your workflows and cloud file transfers. A Cloud Connector definition contains the various actions required to communicate with cloud applications. For example: authentication logging file transfer file management and error handling. In GoAnywhere, these actions appear as elements located under the Cloud Connector in the GoAnywhere Project Designer. Elements can be incorporated into your workflows alongside other project tasks, and processes can even be automated between multiple web and cloud services at once. New GoAnywhere connectors can be downloaded without needing to update the software. No Connector? No problem! While GoAnywhere Marketplace contains a broad array of Cloud Connectors, you may also want to connect to a unique external service. Custom connectors are the answer! At Generic Systems Australia, we can design and develop Custom Connectors for you, using GoAnywhere’s Cloud Connector Designer. If you’d like to discuss how your organisation’s file transfers to external cloud providers can be made more efficient and secure, please feel to contact our Business Manager, Bradley Copson (mail to: bradley@gensys.com.au ). He’s always happy to have an obligation-free discussion, explain how simply we can transition you from outdated software and approaches, and offer you a zero-cost Proof of Concept. Generic Systems Australia Your Local Experts in Managed File Transfer #MFT #managedfiletransfer #securefiletransfer #sft #cybersecurity #datatransfer Previous Next

New Cyber Laws Passed – What Australian Businesses Need to Know and Do Earlier this week, the Australian Parliament passed a suite of legislative reforms designed to enhance Australia’s cyber security. The reforms include a raft of new requirements and obligations on Australian businesses. About the Legislation Based on recommendations by the Parliamentary Joint Committee on Intelligence and Security, the new legislation addresses a number of proposals initially set out in Australia’s 2023 – 2030 Cyber Security Strategy, and spans three separate Acts: the Cyber Security Act 2024 (Cyber Security Act); the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024; and the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Act 2024 (SOCI Amendment Act). Mandatory reporting of ransom payments, and the introduction of a new voluntary information sharing regime, will have the most immediate impact on organisations. Mandatory reporting of ransomware payments Ransomware attacks are rife across Australia. The Australian Signals Directorate (ASD) reported that this form of cyber extortion accounted for 11% of all cyber incidents to it in 2023-2024, up from 8% in the previous year. The Government had previously pursued a ban on ransom payments. However, its position has since moderated somewhat. The Cyber Security Act only requires organisations to report ransomware payments to the Department of Home Affairs and the ASD. This new reporting obligation will commence at latest six months after the Act receives royal assent (potentially earlier by proclamation) and applies broadly to: organisations which are a responsible entity for a critical infrastructure asset; and other private sector organisations which conduct business in Australia with an annual turnover exceeding a threshold (to be specified - likely to be A$3M). Ransomware reports are required to be made within 72 hours of making a payment (not the receipt of a demand or the discovery of a ransomware attack). Difficult Decisions The requirement to report payments will need to be taken into account by Boards when considering whether to pay a ransom. The Government’s general view on ransoms continues to be that organisations should not pay them. It reasons that payments don’t guarantee the recovery or confidentiality of stolen data, but do encourage cyber attacks to proliferate. Organisations in receipt of ransom demands are left to ponder several competing considerations… Paying a ransom could potentially contravene sanctions (such as the one imposed on Aleksandr Ermakov, the individual responsible for the 2022 Medibank data breach) or anti-money laundering laws. Company Directors fulfilling the duty of care to act in the best interests of their organisation will need to balance the risks of payment - commercial damage, incentive to re-target, uncertainty of data recovery – against the risks of not paying - loss of systems data, reputational damage, third party claims, lost customers and business disruption. If a ransom payment is made, then the new mandatory reporting obligation will be in addition to other applicable reporting requirements an organisation is subject to. These could include the Privacy Act 1988, the SOCI Act, and continuous disclosure obligations under the ASX Listing Rules and CPS 234. In fact, it’s important that Cyber Incident Response plans developed by organisations specifically address these overlapping requirements, taking into account the various regulators and timeframes of each. Be aware that, for any entities regulated under the SOCI Act, it’s also conceivable that the Government could use its directions power to direct an entity to pay - or not pay - a ransom. An organisation which fails to comply with mandatory ransom reporting will incur a civil penalty of 60 penalty units (currently A$93,900). Voluntary reporting regime A new National Cyber Security Coordinator (NCSC) is being established under the Cyber Security Act to lead a whole-of-government response to significant cyber security incidents. The Act provides a framework for the voluntary disclosure of information by any organisation operating in Australia, or any responsible entity under the SOCI Act, to the NCSC relating to cyber security incidents. However, it imposes various limitations on how the NCSC may further use and disclose information voluntarily provided by entities, depending on the significance of the incident. Non-significant cyber security incidents: Information can be used for limited purposes such as directing the reporting entity to assistance services, coordinating a government response, and informing Ministers. Significant cyber security incidents: Information can be used for broader ‘Permitted Cyber Security Purposes’. These include preventing or mitigating risks to critical infrastructure or national security, and supporting intelligence or enforcement agencies. A cyber security incident is deemed “significant” if: there is a material risk that the incident has seriously prejudiced, is seriously prejudicing or could reasonably be expected to prejudice the social or economic stability of Australia or its people, the defence of Australia or national security; or the incident is, or could reasonably be expected to be, of serious concern to the Australian people. Information voluntarily provided by organisations to the NCSC is subject to limited use protections similar to those which apply to information disclosed as part of a ransomware payment report. The new voluntary reporting regime and corresponding limited use protection has come into immediate effect. Limited use protection The Cyber Security Act outlines how businesses should work with the NCSC and other government agencies to obtain assistance and guidance when responding to cyber incidents. It also provides businesses with certain limited use protections when collaborating with the government’s cyber security agencies - a legislative foundation for the CISA Traffic Light Protocol government agencies have recently offered when assisting organisations. Such protections were requested by business lobby groups. They provided feedback during the public consultation period that disclosing information about a data breach could risk exposing an organisation to further regulatory or enforcement action, adverse publicity and litigation. Further, if disclosing a cyber incident was determined to be against an organisation’s best interests, its directors could potentially be in breach of their duties in approving the disclosure. That could in turn expose directors to enforcement action from ASIC. Counterweighing these concerns, the Government believes that sharing information on current threats and incidents can help other organisations avoid similar incidents. In balancing these competing interests, the Cyber Security Act limits the purposes for which information contained in a ransomware payment report or voluntarily report provided to the NCSC can be used or disclosed. The NCSC (and any Government agency it coordinates with) cannot record, use or disclose the information provided for the purposes of investigating or enforcing or assisting in the investigation or enforcement of any contravention of a Commonwealth, State or Territory law. An important exemption from the limited use protections are that crimes and breaches of the limited use protections created by the Act. In this way, the protections stop short of being a full “safe harbour”. Information provided under these protections isn’t admissible in evidence against the disclosing entity, including criminal, civil penalty and civil proceedings (including a breach of the common law). And, the provision of information to the NSCS does not affect any claim of legal professional privilege over the information contained in that information. These limited use protections will be of value to organisations disclosing information to the Government about cyber incidents. However, directors should bear in mind the notable gaps in the protection they provide. For example: Information provided can’t be used or disclosed for the purposes of investigating or enforcing any contravention by the reporting entity of another law (whether federal, state or territory), other than a law that imposes a penalty or sanction for a criminal offence. This means that if the ransomware report indicates that a payment was made in breach of relevant sanctions laws, then the limited use protection will not prevent the use of the report in a subsequent investigation or enforcement action. While information provided to the NCSC cannot be obtained from the NSCS by regulators or government agencies, the protection offered under this Act does not prevent regulators from obtaining the underlying information through other means, including via regulatory investigatory powers or where provided under other mandatory reporting regimes, such as those in the Privacy Act 1988, the SOCI Act, the Telecommunications Act 1997 and the ASX Listing Rules continuous disclosure obligations. So, cyber incident notifications provided to the ACSC under the SOCI Act are not captured by the limited use protection, even if that information is also voluntarily provided to the NCSC or detailed in a mandatory ransomware report. A similar limited use protection has been introduced via the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 for cyber incident information voluntarily shared with the ASD. Other Inclusions in the Legislation This article has focused on developments within the new Cyber Security legislative reforms which will most impact companies and organisations. However, in the interests of completeness, here is a brief overview of other key developments covered in the legislation: Mandated Security Standards for Internet of Things (IOT) Devices. These standards will be detailed in legislative rules, with suppliers required to provide a statement of compliance for devices supplied to the Australian market. New Cyber Incident Review Board. This independent advisory body will be empowered to conduct no-fault, post-incident reviews of significant cyber security incidents and provide recommendations and information to both the private and public sector. It will have the power to compel entities to provide information about significant cyber security incidents. Critical Infrastructure definition expanded. Data storage systems which hold business critical data have been added to the definition of critical infrastructure assets. This closes a gap in the regulations which became apparent in the aftermath of the Optus and Medibank data breaches. Expanded Incident Response Powers. The Government will now have the power to direct an entity to take, or not take a specific action, in the event of a cyber incident affecting critical infrastructure. Security and incident notification obligations moved from the Telecommunications Act 1997 to the SOCI Act, consolidating the cyber obligations of telecommunication carriers and carriage service providers under a single piece of legislation. What Organisations Should Do Cyber security response plans should now be reassessed and upgraded to ensure they align to the new mandatory ransomware reporting requirements. Playbooks and procedures should take account of how an organisation plans to engage with cyber security authorities, bearing in mind the extent - and limitations - of the defined limited use protections. Focus on preventing cyber incidents - not just responding to them. A Managed File Transfer (MFT) solution such as GoAnywhere MFT can encrypt data at rest and in transit, complying with the highest data security standards. It manages inbound and outbound file transfers across an organisation, using industry-standard file transfer protocols and encryption to protect your data. Advanced Threat Protection and Adaptive Loss Prevention add a further layer of defence. SFT Threat Protection facilitates safe collaboration with external parties, helping to prevent malware from entering an organisation, and reducing the risk of employees losing or mishandling sensitive data. Finally, organisations should seek professional legal counsel in determining and responding to their obligations and responsibilities under the new Cyber Security legislative reforms. The information provided in this article has been general in nature, and the interpretations and advice outlined above should not be interpreted as professional legal advice.

< News GoAnywhere Version 7.8.0 Released 5 May 2025 Great news for those using the world's most advanced Managed File Transfer solution. GoAnywhere MFT 7.8.0, GoAnywhere Agents 2.4.0 and GoAnywhere Gateway 3.3.0 have just been released. These new versions feature many useful updates including handling of Azure Storage, security updates, component updates, and much more. Head over to your client portal to see the Release Notes. For GoAnywhere MFT check out the release notes for 7.7.0, 7.7.1 and 7.8.0. Previous Next

Generic Systems Australia Privacy Policy Generic Systems Australia (“GSA”, “we” or “us) are committed to protecting the privacy of the BUSINESS information we collect. Our Privacy Policy describes how we collect and use your business information where we are acting as a data controller (i.e. where we decide how and why your information is used). This Policy does not apply to personal information we hold as an employer or data processor when acting on behalf of, and in accordance with the instructions of our customers through our customers’ use of GSA services and the software licenced via us. We may make changes to our Privacy Policy from time to time to take account of changes to our standard practices and procedures or where necessary to comply with new laws and regulations. If we make changes, we will update the “last updated” date in the following paragraph, and the latest version will always be available on our website. This Policy was last updated on 1 June 2024 . We encourage you to check our website from time to time to ensure that you are aware of our current Privacy Policy. Types of personal information we collect The types of personal information we collect will depend on the circumstances in which the information is collected. However, the types of personal information we collect and hold about you may include: identifying information, such as your name; contact information, such as your address, email address and telephone/mobile number; usernames and passwords that you create when registering for an account with us; your organisation and position, where your organisation has business dealing with us; information about your occupation and employer organisation; information about how you use the products or services we provide to you; records of our communications with you, such as telephone, email, SMS, online and in person communications; if you visit our offices, images of you which may be captured on CCTV; other information that you provide us during the course of business; and other information that is capable of identifying you. You are always welcome to provide us with comments, queries and feedback in relation to our products and services. We may record and monitor telephone calls and other communications between you and us for training, quality control and compliance purposes. When you communicate with us, we may collect additional information including the languages you speak, how best to manage communications with you, and information about your dealings with us. If you participate in a survey or competition, or respond to a feedback request, we will collect the information that you provide in doing so, and associated information such as when and how you submitted the response. We collect information about people who are our contractors, suppliers and business partners, or who are employed by our contractors, suppliers and business partners. When you do business with us, we may collect information about you from others, such as from others who do business with you. Our website may contain links to third party websites. We are not responsible for the privacy practices or the content of those third-party websites. The privacy practices applicable to those third-party websites may differ substantially from ours, so we advise you to read the privacy policy of those websites before using them. Log data, device and location information When using our products and services (including our website), we will collect information about you and about your use of our products and services, such as which services you use and how you use them. We will collect information such as: user name and password; device information, such as the model and ID of the device you use, operating system, telephone number and mobile phone network; server log information, such as details of how you used the products or service (including our website), IP address, hardware settings, browser type, browser language, the date and time of your use and referral URL; and your browser or your account using cookies (see below for further information about our use of cookies). Our products and services (including our website) may also detect and use your IP address or domain name for internal traffic monitoring and capacity management purposes or to otherwise administer the products and services. The patterns of usage of visitors to the online services may be tracked for the purposes of providing improved service and content based on aggregate or statistical review of user traffic patterns. How we collect personal information We may collect personal information about you in the following ways: when you order products or services from us; when you use our online services and other products and services (including our website); when you visit our sites or offices; when you submit a query or request to us; when you respond to a survey that we run or fill in forms on our website; by tracking your use of our products and services (including our website); from third parties who are entitled to disclose that information to us; from publicly available sources; from online sources (including social media platforms and providers like LinkedIn); suppliers of information products and services (e.g. companies that consolidate data from multiple public sources); or other lawful means. From time to time, we may use third-party online services to collect personal information such as your name and email address or telephone number to administer online competitions, customer feedback and surveys. If you provide us with personal information about someone else, you must only do so if that person has provided their permission for you to do so. Cookies We may also collect personal information about you and your use of our website, products and services using cookies. Amongst other things, we use cookies to monitor and observe your use of our website, products and services, compile aggregate data about that use, and provide you with a more effective service (which may include customising parts of our website based on your preferences and past activities on that website). How we use personal information and our legal basis for using your personal information We use personal information that we collect about you to: verify your identity when you are dealing with us; maintain our relationship with you; determine your eligibility for any of our products or services; answer your queries and requests; enable us to provide you or your organisation with our products and services; use in accordance with any request or instructions from you; make special offers related to our products or services that we think may be of interest to you; keep you informed about our activities and notify you of changes to our products or services; monitor use of our products and services (including our website); provide better products, services and information to our customers and to the community; assess, operate, maintain, upgrade and improve our products and services (including our website); maintain and update our records; carry out market analysis and research; carry out planning and forecasting activities and other internal business processes; manage and resolve any legal or commercial complaints or issues (including debt recovery); meet our obligations and perform our functions under applicable laws and agreements; comply with our legal and regulatory obligations; use as otherwise required or authorised by law or government agency. We may also use your personal information for any other purpose as authorised by you. Our legal basis for the above activities includes: consent; necessary for performance of a contract; necessary for our legitimate interests or the legitimate interests of a third party; necessary for compliance with our legal obligations. . When we have legitimate interests As set out above, in some cases we use your information where it is necessary for our legitimate interests or the legitimate interests of a third party. This includes where the use of your personal information is necessary to: administer our operations and business in an efficient and effective way including undertaking management planning and improving and developing our products and services; for our authorised third-party service providers or others to perform services on our behalf, such as payment processing and data analysis; understand and respond to queries, complaints and feedback; send direct marketing to business contacts; transfer personal information in relation to an actual or proposed sale, transfer or reorganisation of all or part of our business and the acquisition of the business; analyse and optimise our website's content by updating it in accordance with your preferences; ensure network and information security; and enforce our legal rights and manage any dispute and legal claims and take legal or other professional advice. Direct marketing and research If you have given us your consent or if we are otherwise legally entitled to do so, we may use and disclose your personal information for marketing purposes (but we will not sell your personal information to any third party) including contacting you about our products and services (including our website), the products and services of other people, or related special offers from our business partners, that we think may be of interest to you. This information may be sent to you by email, SMS or by other means. We may use your personal information to carry out consumer and market research, compile demographics and perform other research and analysis so that we can develop and implement initiatives to improve our services, improve the design, construction and operation of our products and identify people likely to be interested in our products and services. You can opt-out of receiving marketing communications from us at any time by following the “unsubscribe” link in any communication (or sending a return email with “un subscribe in the Subject line” from us or contacting us using the contact details below. Unsubscribing from marketing communications will not stop service-related communications from us, such as administrative alerts in relation to your account. De-identification We may de-identify information about you so that the information can no longer be used to identify you (anonymisation). We may use and disclose de-identified information in the course of our business (including in any promotional or marketing material). Aggregation We may aggregate information on the use of our products and services (including our website) in such a way that the information can no longer be related to identifiable individuals. We may use and disclose aggregated information in the course of our business (including in any promotional or marketing material). Who we disclose personal information to We may disclose your personal information to: your representatives, advisers and others you have authorised to interact with us on your behalf; controlled entities within our corporate group; our team members and third parties including business partners, consultants, contractors, suppliers, service providers, professional advisers and agents who need the information to assist us with conducting our business activities; prospective purchasers of all or part of our business or shares in our company or a related entity; government agencies or authorities, regulators, law enforcement agencies and other parties where authorised or required by law who ask us to disclose that information and to which we are legally required to disclose your personal information; parties identified at the time of collecting your personal information or as otherwise authorised by you. How we maintain and secure your personal information Security is a priority for us when it comes to your information. We take reasonable steps to ensure that any of your personal information which we hold is accurate, complete and up to date. These steps include promptly updating personal information when we are advised that personal information has changed, checking our contact lists for accuracy, and providing individuals with a simple means to update their personal information. On rare occasions, we also keep hard copy records of this personal information in physical storage facilities. We use a range of physical and technical security processes and procedures to protect the confidentiality and security of the information that we hold, and we update these from time to time. These measures include: implementing physical and technical access and security controls to our physical and electronic databases, such as security procedures for access to our business premises; and technological security procedures including password protection, network firewalls, encryption, intrusion detection and site monitoring where practicable to do so. We also take steps to monitor access to and modification of your information by our team members and contractors, and ensure that our team members and contractors are aware of and properly trained in their obligations for managing your privacy. However, the internet is not a secure environment and no matter what physical and technical security processes and procedures are used we cannot guarantee the security of your personal information. You also play an important role in keeping your information secure by maintaining the confidentiality of any usernames and passwords you use with our products and services (including our website). How long we store your personal information for Personal information is only retained for as long as it is needed for the purpose for which it was collected or as required by law. After the expiry of this period, we will take reasonable steps to make sure its de-identified or destroyed. The criteria used to determine appropriate retention periods for personal information include: the length of time we have an ongoing business relationship with you; the amount, nature and sensitivity of the personal information; whether we have a legal obligation to retain personal information; and whether retaining the personal information is necessary to resolve legal disputes (including the establishment, exercise or defence of legal claims). Your rights Depending on where you are located, you may have a right to: request a copy of your personal information. In relation to personal data you have supplied to us, and which is held by us for the purpose of entering into a contract between us or on the basis of your consent, you may be entitled to ask us for a copy of this information in a structured, commonly used and machine readable format so that you can reuse it or share it with other organisations; object to our processing of your data and ask us to restrict the use of your information and to delete it; or correct or rectify any personal information that is out-of-date, incorrect, incomplete or misleading. Such requests should be submitted to us in writing using the contact details below. We may ask you to verify your identity before responding to your request. We will respond to your request in a timely manner and action your request in accordance with applicable data protection laws. You have a right to withdraw your consent where you have previously given us consent to use your personal information (e.g. to receive marketing communications). You can do this by contacting the Privacy Officer using the contact details below or, where the consent relates to marketing, by unsubscribing using the link in any of our communications. Complaints If you have a concern about your privacy or how we have collected or handled your personal information, please contact our Privacy Officer using the contact details below. If you wish to make a complaint, you should forward a written complaint to our Privacy Officer using the contact details below. In the complaint, please include your contact details (such as email address, name, address and telephone number) so we can contact you for further information and clearly describe the complaint. We will respond to your query or complaint within a reasonable time and in accordance with applicable data protection laws. If you are not satisfied with our response, you may contact us to discuss your concerns or may raise a complaint with your local data protection authority through their official channels. In Australia it is the Office of the Australian Information Commissioner, in New Zealand it is the Privacy Commissioner. Contact us If you require further information this Privacy Policy or Generic Systems Australia’s management of your personal information please contact us via the following contact details: Privacy Officer Phone: +61 2-9959-2239 Email: info@gensys.com.au

< News 'Twas the Week Before Christmas... 16 Dec 2024 Previous Next

< News Small-to-Medium Businesses the Big Targets for Cybercrime 17 Mar 2024 While cyberattacks on large corporates make the headlines, it’s small to medium businesses who are being hit the hardest. The 2024 Sophos Threat Report found that the sophistication of cyberthreats faced by small to medium organisations is often on par with those used to attack large enterprises. Apparently, while the amount of money that can be stolen is less than that available from a larger organisation, cybercriminals more than make up the difference in the volume of thefts. More vulnerable, greater impact Sophos say that organisations with fewer than 500 employees are not only more vulnerable to cybercriminals, they also suffer more proportionally from the results of cyberattacks. The greater vulnerability is due to a lack of experienced security operations staff, underinvestment in cybersecurity, and smaller information technology budgets. And, when these businesses are hit by cyberattacks, the expense of recovery forces many to close. Attractive Ransomware Targets 90% of the world’s businesses are small- and medium-sized. In Australia, these businesses contribute more than 60% of the nation’s overall GDP. According to The Institute for Security and Technology’s Ransomware Task Force, 70% of ransomware attacks target small to medium businesses. Other Prevalent Threats Beyond Ransomware, a variety of other cyberthreats also pose an existential threat to small and medium businesses. Data theft is the focus of most malware targeting small and medium businesses. Password stealers, keyboard loggers, and other spyware make up nearly half of malware detections. Credential theft through phishing and malware can expose small businesses’ data on cloud platforms and service providers, and network breaches can be used to target their customers as well. Web-based malware distribution — through “malvertising” or malicious search engine optimisation — is also on the rise. Unprotected devices connected to organisational networks — including unmanaged computers without security software installed, improperly configured computers and systems running software fallen out of support by manufacturers — are a primary point of entry. Attackers are increasingly abusing device drivers — both vulnerable drivers from legitimate companies, and malicious drivers that have been signed with stolen or fraudulently obtained certificates. Email attacks have begun to feature more active engagement with targets over email, using a thread of emails and responses to make their lures more convincing. Attacks on mobile device users, including social engineering-based scams tied to the abuse of third-party services and social media platforms, have grown exponentially, affecting individuals and small to medium businesses. Your Data is Their Target The greatest cybersecurity challenge facing organisations of all sizes is data protection. More than 90% of attacks reported to Sophos involved data or credential theft, with methods ranging from ransomware attacks, to data extortion, unauthorised remote access, and simple data theft. Compromised business email userids are also a substantial problem for small to medium businesses, and the next most prevalent threat after ransomware. Stolen credentials, including browser cookies, can be used to compromise business email userids, provide unauthorised access to third-party services such as cloud-based finance systems, and entry to internal resources. Turning Your Own Tech Against You Sophos said that, as 2023 progressed, they observed an increase in the use of remote execution of ransomware. Unmanaged devices on an organisation’s own network were hijacked to encrypt files on other systems via network file access. Ransomware and other malware developers are increasingly using cross-platform languages to build versions for not only Windows, but also macOS and Linux operating systems. Small and medium businesses also need to be concerned about the security of the services they depend upon to manage their business. Attacks against managed service providers became an enduring part of the ransomware playbook in 2023. How to Protect Your Business Criminal syndicates count on smaller organisations to be less well-defended and to not have deployed modern, sophisticated tools to protect their users and assets. The key to successfully defending against their threat is to use a multi-layered strategy that includes robust data transfer protection, staff education, and multifactor authentication. A Secure Managed File Transfer solution such as the class-leading GoAnywhere MFT addresses the many risks of ad hoc techniques through a holistic approach to security, including: Automatic authentication, encryption and decryption User access controls Auditing and Reporting, and Industry standards compliance. If you’d like to beef up your organisation’s defences against the increasing threats posed by cybercriminals , please feel free to contact me , Bradley Copson (mail to: bradley@gensys.com.au ). I’m always happy to have an obligation-free discussion, and explain how we can quickly and affordably transition you from your existing approaches without disrupting your business. I’ll even offer you a zero-cost Proof of Concept. Bradley Copson Business Manager Generic Systems Australia Your Local Experts in Secure Managed File Transfer #MFT #managedfiletransfer #securefiletransfer #sft #cybersecurity #datatransfer Previous Next