.au domain change

What is the new .au domain?

The .com.au country-specific web address has been in use for over 30 years. Like similar country codes such as .uk, it allows web users to identify Australian businesses and commercial entities quickly. In March of this year, .au Domain Administration Limited (auDA) launched a new shorter domain – .au.

The .au direct name is a general-purpose domain open for anyone with a verifiable connection to Australia who wishes to create or manage an online presence.

Unlike .com.au, which requires an ABN or ACN to verify that you are an Australian business to register, a .au domain does not have this requirement, opening it up to the Australian general public. If you currently own a domain name in any other .au namespace, you have priority registration to the .au direct equivalent of your existing domain until 20 September 2022.

What happens if I don’t register my organization’s .au domain before the cut-off date?

If you don’t request a .au domain via priority allocation by 20 September, the domain will become available for registration by the general public on 3 October. After this date, anyone that meets the requirements of registering a .au domain will be able to register one, regardless of whether a .com.au or .net.au equivalent already exists.

What does this mean for my business?

While this new domain offers businesses, organisations, and individuals opportunities to rebrand, extend or change their online presence, it can also pose a significant risk. Cybercriminals can also use this as an opportunity to commit fraudulent activity against your business. By registering your business’ .au name, a cybercriminal could impersonate your organisation by creating a fake online presence. This could include creating a copy of your website or using the .au domain to send phishing emails under your company’s name.

What steps should I take to protect my business or organisation?

While these changes will not inherently cause issues, you can take some steps to protect your organisation. The ACSC recommends that all Australian businesses, organisations, and individuals take advantage of the priority allocation process to register the .au direct equivalents of the existing domain names.

It is common practice for businesses to register the same names across multiple domains, for instance, gcit.com.au and gcit.net.au. When the .au direct namespace domain launched on 24 March this year, the Priority Allocation Process was created. This process allows existing registrants in the .au registry the first opportunity to apply for the .au direct match of their existing domain name/s. To qualify for priority access, you must have registered the domain name before the launch of the new .au domain.

How do I register for a Priority Allocation for a .au namespace domain?

To register the .au direct match of your existing domain name, you must apply for priority status by 20 September 2022 (23:59 UTC 20 September / 9:59 AM AEST 21 September). You can do this either through your current registrar or another accredited registrar. If you use a new registrar, you will need to retrieve a priority token from the Priority ID Token tool. This token enables a registrar to confirm that you are the owner of the matching existing domain name.

What can I do with the new domain once I have registered it?

If you have an existing web presence, one of the easiest things you can do is to create a redirect from the .au domain to your existing website. A redirect ensures that anyone searching for your business will find the correct site regardless of whether they use .au or.com.au. Of course, many businesses already do this with .net.au and .com addresses.

Another option is moving your website to the .au domain and redirecting your current .com.au address. Ultimately the web address you choose for your business will depend on the needs of your business.

To learn more about the new .au domain, visit auDA, the administrator of Australian .au domains.

The recently implemented Notifiable Data Breaches scheme imposes an obligation for entities to notify individuals whose personal information was exposed in a data breach if they’re at risk of serious harm.

If you don’t comply with the requirements of the scheme, the penalties can be quite severe. The Office of the Australian Information Commissioner can impose fines of up to $1.8 million for organisations, and $360 000 for company directors.

To find out how to assess a breach, as well as how to correctly notify any affected individuals, see this resource on the OAIC Website .

Which businesses need to comply?

While all businesses should take the privacy and security of customer data seriously, not every one needs to adhere to the NDB scheme.

If your business meets any of the following criteria, you’ll need to make sure you’re aware of the new requirements. Please note that this is not an exhaustive list. See the OAIC website for more information.

  • Any business with an annual turnover over $3 million dollars
  • Entities that are Tax File Number recipients, such as:
    • solicitors
    • tax agents
    • accountants
    • share registries and agents of ESS providers
  • Entities that provide any health services, such as:
    • traditional health service providers, such as private hospitals, day surgeries, medical practitioners, pharmacists and allied health professionals
    • gyms and weight loss clinics
    • complementary therapists, such as naturopaths and chiropractors
    • child care centres and private schools.
  • Organisations or small businesses that provide credit, such as:
    • a bank
    • a building society, finance company or a credit union
    • a retailer that issues credit cards in connection with the sale of goods or services
    • an organisation or small businesses that supplies goods and services where payment is deferred for seven days or more, such as telecommunications carriers, and energy and water utilities
    • certain organisations or small busineses that provide credit in connection with the hiring, leasing, or renting of goods.
  • Entities related to an APP (Australian Privacy Principles) entity.
  • Entities that trade in personal information. These are businesses buy or sell personal information for a benefit, service or advantage.
  • Employee associations registered under the Fair Work (Registered Organisations) Act 2009

How to make sure your business is protected

If your organisation is covered by the Notifiable Data Breaches scheme, it’s important to make sure you are taking appropriate steps to protect your customers data.

Our Security First Managed Services offering is designed to help address the requirements of the NDB and the incoming EU General Data Protection Regulation. Find out how.

Australia’s reported data breaches increased by 19% in the last quarter of 2019. In this short post, we break down what caused them and how you can protect your business.

Australian organisations are now subject to Notifiable Data Breach laws. These laws attempt to drive better security standards for protecting personal information, and they require organisations to disclose breaches to the Office of Australian Information Commissioner (OAIC).

Companies who fail to disclose may be subject to hefty fines which also extend personally to company directors.

 

Want to protect sensitive information in Microsoft 365? Download our free Microsoft 365 Data Protection guide.

 

How were Australian companies breached?

The OAIC releases a quarterly report on reported data breaches. The latest contains records up to December 2019 with a total of 537 reported breaches which break down into the following categories:

  • Malicious or criminal attack – 64%
  • Human Error – 32%
  • System Fault – 4%

Causes of Australian Data Breaches December 2019

To adequately protect your business against data breaches, you need to implement a system that addresses all three categories.

Protecting your organisation against malicious or criminal attacks

Let’s look at the methods hackers used to breach Australian businesses.

Methods Of Malicious Or Criminal Attack

Of the ‘Malicious or criminal attack’ category, 74% of breaches involved compromised credentials. These are known as identity attacks because they use a compromised identity to gain unauthorised access. According to Microsoft, by implementing Multi-Factor Authentication across all users, an organisation can defend itself against 99.9% of identity-based attacks.

Ransomware and Malware made up another 16% of ‘Malicious or criminal attack’ breaches. These can be prevented by implementing a capable desktop and email threat protection engine such as:

  • Office 365 Advanced Threat Protection
  • Microsoft Defender Advanced Threat Protection.

Protecting your organisation against human error related breaches

Of the ‘Human Error’ category, 42% of breaches occurred using email. An example of this might be sending sensitive data to the wrong recipient. Companies can prevent this kind of breach by implementing a system which scans outbound email.

If the system determines that the email contains sensitive information, it can immediately block the mail delivery or alert a team member.

Protecting your organisation against System Fault breaches

Protecting your organization against system fault breaches relies on a combination of luck and due diligence. According to the OAIC, these types of breaches involve ‘disclosure of personal information on a website due to a bug in the web code, or a machine fault that results in a document containing personal information being sent to the wrong person.’

To defend against system faults, we recommend storing your sensitive data with reputable vendors only and choosing an IT partner who will regularly monitor and maintain your systems.

How can we help secure your environment against data breaches?

We use a combination of Microsoft 365 Business Premium and Microsoft Cloud App Security to implement enhanced cybersecurity for small businesses.

It’s not enough to simply buy the Microsoft licenses and apply them to your users.

To be effective in the modern threat landscape, these systems must be configured and monitored with policies applied and adhered to.

Want to learn more about protecting your data against breaches in Microsoft 365? Download our free guide on which features you should configure, or get in touch today.

  • This field is for validation purposes and should be left unchanged.

GCITS - Dropbox Business Elite Partner

We’ve been providing Dropbox Business as a core part of our Managed Services for a few years now, and have received great feedback from customers for its simplicity and reliability.

Our customers get a seamless solution with Dropbox Business and Microsoft 365, with single sign on through Azure Active Directory, advanced protection via Microsoft Cloud App Security and an excellent integration with Office Online.

We’re thrilled to announce that we have completed the customer satisfaction and training requirements to become the first Dropbox Business Elite Partner in Australia and New Zealand. And we’re pretty happy with the smash cake too.