17 December 2020

End of year wrap: What the Four Seasons Total Landscaping debacle taught us about privacy and security

It’s been a dumpster fire of a yearand so, for our end-of-year wrap, we looked to the most ridiculously hilarious moment of the year.

Here are five lessons we took from the infamous Four Seasons Total Landscaping debacle: 

You never know where youre going to end up 

Like the journalists expecting a press conference at a boutique hotel only to find themselves in the backlot of a lawnmowing shop between a sex shop and a crematorium, security teams in 2020 suddenly found themselves in unexpected territory.

Likely expecting another year of applying security patches and protecting corporate networks, most suddenly found their main focus was securing the remote connections of hundreds (sometimes thousands) of employees.

While 2020 has been a year of scrambling to find work-arounds and quick fixes, the security challenge for 2021 will be getting us to a safe and secure new normal. Because whatever happens, remote working is here to stay. 

There really was mass fraud in 2020 

But maybe not the kind alleged by the leader of the free world and his lawyers.  

Cybercriminals had another great year in the email fraud department in 2020. Business email compromise scams picked up, with the FBI recently issuing a private industry notification due to an increase in cybercriminals using auto-forwarding rules on web-based email clients to conceal their activities. The FBI estimates that BEC scammers have made off with more than USD$12billion over five years, and the ACCC reported that Australian businesses lost $132million in 2019 from BEC scams 

Get a good lawyer for tough times 

When things get complicated, a good lawyer is what we need. (Just don’t ask your lawyer to book your event space.)  

Many an in-house legal team in 2020 would have received a call about whether it’s ok to pay ransoms, given the huge uptick in ransomware incidents in 2020. Official advice is not to pay, and the US government has even contemplated sanctions for those that do, though some companies appear to be rolling the dice 

And we expect many businesses will be calling on their privacy and legal experts in 2021, with the Government having kicked off a huge review of the Privacy ActWe’re expecting a consultation paper and call for submissions early in the year  

You gotta be nimble  

Just as a landscaping company suddenly found itself in the events management business, privacy and security teams found themselves in new territory this year.  

As the pandemic hit, privacy advocates were being asked to help us solve the question: ‘can we have both public safety AND information privacy? Throughout the year, and around the world, there has been tension around this issue, but continued public pressure to ensure that COVIDsafe is not leaking data has shown that, even in a crisis, people are concerned about privacy 

COVID-19 check-ins have also been in the spotlight, as businesses that don’t usually handle personal information scrambled to provide digital check-in services. This has led to some bad outcomes and some good ones too.  

Saving face after things go wrong  

Whether you’ve accidentally booked a landscaping firm for a press conference or you’ve accidentally released customer information – own your mistake. If you don’tat best you risk becoming an internet joke or, at worstlose customer/client goodwill and garner the displeasure of a regulatorAs seen with the quarantine stuff up at Sydney airport recently, quick acknowledgement of a mistake means a quick response and a faster up-take of lessons-learnt. 

With the OAIC reporting 518 breaches in January-June2020, and the Ponemom report showing that the average cost of a data breach is now $3.86million, 2021 presents an opportunity to further refine how we enhance trust and goodwill, even after embarrassing mistakes.  

We wish everyone a regenerating summer and hope 2021 brings a well-landscaped cyber security strategy and verdant growth in your privacy awareness

The elevenM team

Photo credit: Adam Frazier on Unsplash.