In today’s digital age, cybersecurity is an essential element that businesses can’t afford to overlook. Cyber threats are constantly evolving, and companies need to ensure that they are taking proactive measures to safeguard their data and systems.
The mining industry plays a significant role in the Australian economy, with a range of companies and organisations operating across the country. With this comes a range of cybersecurity risks that need to be managed effectively. Cyber attacks can result in financial loss, reputational damage and the loss of sensitive information, including proprietary technology, exploration data and trade secrets. The mining industry is as vulnerable as any other industry making them attractive targets for cybercriminals.
To ensure the security and integrity of their data are maintained, mining companies need to adopt a robust cybersecurity strategy. This includes implementing measures to prevent unauthorised access to their networks, systems and data. It also involves developing and implementing policies and procedures to ensure that employees and contractors are aware of the risks associated with cybersecurity and understand their roles and responsibilities in protecting company data.
Security at PX4
At PX4, we take the security of our system and all our client data very seriously. We know how important data security is to our clients and individual users operating within our system. To ensure the highest levels of IT security, PX4 operates as a cloud-based service that prioritises data security in all its operations. We have invested heavily in securing our systems and data. Our data is stored in a reliable, secure, and encrypted manner according to encryption standards, and we store our data in Sydney, Australia, hosted by globally recognised server provider Vultr. All data are backed up on external servers and copied in triplicate for redundancy in case of any unexpected system disruptions.
We conduct regular independent third-party system penetration testing, and our clients also regularly conduct penetration and security testing. We welcome all client penetration testing as part of our commitment to data security. We are well on the way to achieving recognised information security certification ISO 27001:2013, and we’re continually updating our information security framework.
At PX4, we also conduct annual information security and cyber awareness training for all our staff. This training helps keep our team updated on the latest cyber threats and refreshes in how to identify and respond to the latest potential security threats. We also conduct regular information and system security risk reviews and vulnerability scans over public interfaces and customer-supporting systems and infrastructure.
We maintain a flexible data storage policy that can be modified to suit our client’s business needs. We retain data for up to 60 days after the termination of a subscription. Our software and hardware changes are tracked using JIRA to ensure accountability and transparency.
To enhance access control, we use tokenised access for users with different tiered access (administrator/editor/viewer) and have company-level access control to all data. Passwords are set to high complexity and require multi-factor authentication to log in with a new device or IP address. We logically separate data from different customers to eliminate potential cross-over access, and we log all updates to data by any PX4 user in a comprehensive and reportable audit trail.
We guarantee no planned outages, and our software can be updated without the need for client outages. Customer data is only accessible on an operational ‘needs to know’ basis and access to distinct cloud storage areas and encrypted passwords are restricted by individual employees. This access is restricted and managed by senior staff, including routine review.
At PX4, we also conduct internal testing and security reviews like automated vulnerability scans to detect known CVEs, open ports, and application-level security weaknesses. We have also taken steps to cover public liability, professional indemnity, and product liability, including cyber security.
In conclusion, we understand the importance of data security and have taken several proactive measures to safeguard our systems and client data. Our commitment to data security is part of our company ethos, and we are continuously investing in new security practices to stay ahead of emerging cyber threats. If you want to know more about our security practices, please feel free to get in touch with us.