New Mandatory Data Breach Notification Laws

Catherine Higgins from Lawbase

New Mandatory Data Breach Notification laws came into effect during February. Catherine Higgins from Lawbase explains how these laws affect you, and what you need to do in the event of a breach.

Why are they needed?

Strong data management is integral to the operation of businesses and government agencies worldwide.  At the same time, data analysis has been widely recognised for its value as fuel for innovation.

This noted, one of the biggest risks organisations face with data management is a data breach.  A data breach involving personal information can put affected individuals at risk of serious harm and consequently damage an organisation’s reputation.

A change to the law

To support this protection, on 23 February 2018 and for the first time in Australia, those subject to the Privacy Act 1988 (Cth) (the Privacy Act) now have a mandatory obligation to promptly report eligible data breaches to both the Office of the Australian Information plainmissioner (OAIC) and any individuals who may be potentially affected by the data breach.

Mandatory data breach notification is designed to protect the individuals affected by a data breach so that they may take the necessary steps and measures to protect themselves from any harm or damage.

We believe notifying affected individuals is simply good privacy practice as it gives each person the opportunity to take proactive steps to protect their personal information and also helps to protect an organisation’s reputation by displaying transparency and openness.

Examples of an eligible data breach could be:

  • There is unauthorised access or unauthorised disclosure of personal information
  • Personal information is lost in circumstances where unauthorised access or unauthorised disclosure of the information is likely to occur
  • A reasonable person would determine that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.

Notification obligations

If you believe there is an eligible data breach, there is a requirement to provide notification as soon as practicable.

The notification obligation involves a two-step process.

  • The organisation must prepare a statement containing certain (prescribed) information about the data breach and provide it to the OAIC
  • The organisation must then notify the affected individuals.

The notification statement must set out:

  • The identity and contact details of the organisation
  • A description of the eligible data breach
  • The kind or kinds of information concerned
  • Recommendations about the steps the individuals should take in response to the eligible data breach.

Will the new laws affect me?

Organisations with a turnover less than $3 million a year will fall outside the legislation.

Noting this, however, the Privacy Act does apply to some types of businesses with an annual turnover of less than $3 million so the new laws may still apply.  These businesses can include health service providers, gyms, child care centres, private schools, businesses that sell or purchase personal information and credit reporting bodies.

We recommend you confirm your status with OAIC.

How do I prepare if I’m impacted by these new laws?

First of all, don’t panic!  Experts are reporting that as many as 44 per cent of eligible Australian enterprises are not yet ready to comply with the new changes.  This said, you need to get your business up to compliance as soon as possible.

Taking reasonable steps to minimise risk

Eligible organisations should be proactive and take appropriate and reasonable steps to ensure the security of personal information.  It will, of course, depend on the circumstances and be determined by the following:

  • The nature of the entity holding the personal information
  • The amount and sensitivity of the personal information held
  • The possible adverse consequences for an individual
  • The information handling practices of the entity holding the information
  • The practicability of implementing the security measure, including the time and cost involved
  • Whether a security measure is itself privacy invasive.

Noting this, as guidance, the OAIC has advised that reasonable steps would include:

  • Performing or conducting Privacy Impact Assessments
  • Implementing Privacy by Design principles
  • Performing information security risk assessments
  • Creating and maintaining a Privacy Policy
  • Having a comprehensive and up to date set of information security policies
  • Restricting physical and logical access to personal information on a "need-to-know" basis
  • Keeping your software up to date and current
  • Employing multi factor authentication
  • Configuring your systems for security
  • Employing end point security software
  • Security monitoring tools to detect breaches
  • Using network security tools
  • Penetration testing exercises
  • Vulnerability assessments
  • Having a data breach response process

The Guide

For those that have begun the above process or those that need to act quickly to become compliant, we strongly recommend you review the OAIC Guide.  It has been prepared to assist Australian Government agencies and private sector organisations prepare for and respond to data breaches in line with their obligations under the Privacy Act.

As an overview, it is broken into five key parts.

Part 1: Data breaches and the Australian Privacy Act

This section outlines the requirements of the Privacy Act that relate to personal information security and data breach response strategy.  The principles contained within the Privacy Act for the handling of personal information may be adopted by any entity to lower the risk of a data breach occurring and to effectively reduce the impact of a data breach.

Part 2: Preparing a data breach response plan

The faster you respond to a data breach, the more likely it is to limit any negative consequences.  A data breach response plan is essential to enable a swift response and ensure that any legal obligations are met following a data breach.

Part 3: Responding to data breaches — Four key steps

An effective data breach response generally follows a four-step process — contain, assess, notify, and review.  This part of the guide outlines key considerations for each of these steps to assist entities in preparing an effective data breach response.

Part 4: Notifiable Data Breaches (NDB)

This section outlines the requirements of the NDB scheme under the Privacy Act.  The NDB scheme contains mandatory data breach reporting obligations in relation to certain data breaches, and requirements to assess suspected data breaches.

Part 5: Other sources of information

The obligations of the Privacy Act in relation to data breaches co-exist with other reporting obligations.  This section assists entities in identifying where they can find information about other data breach reporting requirements

Are there any penalties if I don’t meet my requirements?

Yes.  If you don’t comply with the notification obligation, you may be subject to anything from investigations, or in the case of serious and repeated non-compliance, substantial civil penalties.

In saying this, we believe not acting to protect the information of someone in your ‘care’ is simply bad practice and penalties should apply.

If you have any questions on the new laws or would like to discuss any elements surrounding them, please contact the author, Catherine Higgins, at Lawbase (


FCR (Financial & Corporate Relations) is a leading Australian corporate, financial, and investor communications company, founded in 1985, assisting about 50 clients throughout Australia to communicate with their stakeholders.

They provide counsel and assistance to directors and senior management, combining skills in media and public relations, issues and crisis management, marketing, research, writing, graphic design, and online and print production.

Their contacts with financial journalists, analysts, brokers and fund managers are second to none among communication consultancies.

The Brief

FCR had been with the same IT support company for some years, but when their needs changed it was time to find a new provider which could help them move with the times.

They turned to iHelp IT in 2012 to provide quality technical support and service, to maintain and update their equipment, help their staff on an ongoing basis, and provide ongoing consultancy in all IT matters.

An initial, free consultation identified a number of areas of improvement.

The Solution

iHelp IT identified key areas where the business could improve it's IT, reduce risks, and streamline it's business.

Amongst the solutions provided were:

  • Multiple on-premise services were migrated to the cloud
  • Business continuity was ensured by implementing local and secure cloud backups
  • Security was improved via the removal of old user accounts
  • High-speed internet access was implemented, at a lower cost than the previous service
  • Network security was improved through new router equipment and directory integration
  • Support costs were fixed via iHelp IT’s iCare managed service product
  • FCR saved 45% on their phone bills by implementing iHelp IT’s My Cloud Phones cloud-hosted PBX
The Outcome

Today, FCR enjoys a smooth, integrated IT environment, with continuous updates and monitoring. FCR rests easy in the knowledge that their IT services are in good hands, and their IT dollars are well spent.

Their staff are able to call on iHelp IT's technical assistance without hesitation, knowing that having all their IT services under one roof means problems are quickly solved.

With significant savings on services like internet and phone systems, FCR is able to direct funds towards improving their IT investment and strategically planning for future growth.

Eastern Suburbs Anaesthetics

Eastern Suburbs Anaesthetics comprises fourteen specialist anaesthetists who are all registered in NSW, and recognised by the NSW Specialist Recognition Board.

All anaesthetists in this practice are highly qualified and skilled specialist doctors, having undergone extensive training.

The Brief

Eastern Suburbs Anaesthetics had migrated their office from Windows to Mac about 6 months before contacting iHelp IT.

Their current IT provider, who had done the migration, had proven unable to maintain the office Macs in working order, and had difficulty doing simple things like removing unneeded software, despite multiple requests.

The staff at Eastern Suburbs Anaesthetics felt the previous IT provider had over-promised and under-delivered.

The Solution

iHelp IT was brought on-board and Eastern Suburbs Anaesthetics immediately signed up to an iCare Managed Services agreement.

iCare meant the staff could call iHelp IT with any support requests without fear of blowing a budget. Support is delivered first remotely, and then on-site if required, for one fixed monthly fee. iHelp IT quickly fixed the most pressing issues, and has maintained the Eastern Suburbs Anaesthetics office ever since.

The Outcome

Eastern Suburbs Anaesthetics were so impressed with the iCare product that they renewed the initial agreement, and migrated the email hosting to iHelp IT.

Recently, Easter Suburbs Anaesthetics migrated their on-premise PBX to an iHelp IT My Cloud Phones PBX, resulting in a saving of around 75% on their office phone bills.

Highbury Partnership

Highbury Partnership is one of Australia's leading independent financial advisers.

They advise their clients on strategic and always highly confidential financial transactions, including recommending on takeovers, advising on the sale of assets, recapitalisations, IPOs, and mergers.

About a year after starting in a serviced office, they needed more space, and needed their IT to move with them, and be much more secure.

The Brief

When Highbury Partnership moved their corporate offices from ServCorp to their own address, they needed an IT solution for themselves and for their subtenant.

Due to the nature of their business and the sensitive work they do for their clients, security was a top priority, but they also needed flexible work arrangements.

The Solution

iHelp IT configured a Mac Mini server as the hub of their storage and security, and used the Mac OS Open Directory Architecture as the core of their security.

Building on the Open Directory architecture of Mac OS X, and using the Kerio Control router, iHelp IT deployed WPA2 Enterprise WiFi security. This means that only authorised staff could access the wireless network, and each staff member had their own unique access, whether using a Mac or Windows PC.

The Outcome

Staff could also work securely from anywhere in the world, allowing their team to work together no matter where staff were located. Highbury Partnership's subtenant was so impressed with the secure environment that iHelp IT implemented that they engaged iHelp IT to installed their network infrastructure as well.

Both companies enjoyed very secure, high-speed internet, with staff able to access the company's critical resources securely, satisfying their business needs.


Lightwell is a media design studio for museums and public spaces located in Chippendale.

They make responsive environments for exhibitions and public spaces, and story-driven media for cultural institutions, mobile devices and the web.

The Brief

Michael Hill from Lightwell contacted us in mid 2014, after being referred by the Apple Store Broadway.

They had significant IT infrastructure in place, but needed to integrate the security of their existing IT systems in order to bid on a large contract for a leading multi-national in the financial services sector, where security was of high concern.

The Solution

iHelp IT implemented Apple’s Mac OS X Server, using Open Directory as the core of the security measures.

The existing Kerio Control router’s VPN, the Apple Airport Extreme’s WPA2 Enterprise network (via RADIUS), and access to the various Synology NAS devices were all configured to authenticate against Mac OS X’s Open Directory. Additionally, the guest wifi network was configured to only allow access to the internet.

The Outcome

Access to network resources and data on servers were secured using a single directory, ensuring staff had to authenticate with their own account to access these resources, and allowing Lightwell to centrally manage security.

The solution allowed Lightwell to satisfy their client of the security of their infrastructure, and they won the contract.

Perfect password security

Your passwords are a tremendous security measure, but sometimes they seem to be no more than an inconvenience, designed to stop or slow you from accessing a computer or web site.

For decades (literally since the 60s) passwords have been the first line of defence to secure access to computer systems, and are increasingly important against a growing cyber threat; from the password you type to log in to your Mac, to the PIN you enter on your iPhone.

Even apparently fancier technologies like Apple's TouchID and FaceID have only one job; ensure access to the existing PIN on your iPhone. It's the PIN (or more complex password) which in turn actually unlocks the phone.

So passwords aren't going anywhere, and consequently it’s always a perfect time to review your approach to passwords, and find out how a few simple changes can give you an immediate security boost.

But, in this digital world, password are everywhere. Each time you login to your computer, iTunes, FaceBook, Google Drive, iCloud, work-based systems, DropBox, Zomato, Seek, Uber, Tinder, and (of course) the numerous financial systems which we take for granted these days. The list is almost endless.

So how do you effectively protect yourself?

Do you go the simplistic route, and pick one really good password and use it everywhere? No. Absolutely not. If someone gets that password then you're compromised everywhere.

But having secure, unique passwords to everything is unusually complex, and entirely impractical. So now what?

Fortunately, technology (the cause of the problem) also has a number of solutions. Below are 6 ways in which you can get the best of both worlds; security and simplicity.

This article should be viewed as essential reading, not just as a set of recommendations.




Go Long

Despite what all those prompts for unique characters and uppercase letters might have you believe, length matters more than complexity, as is elegantly displayed in one of our favourite geek comics, XKCD. The more characters, the more mathematically complex it becomes to guess a password, and the longer an attack would take.

Stringing together a sentence, and mixing in some symbols, numbers, and upper-case (think &, 4, U) makes a password much, much harder to assail.

“inever4getaface!” is a great, easy to remember but complex to guess password.

Let your Mac do the heavy lifting

Don’t trust foreign browsers. A convenient shortcut to remembering all those passwords, or getting a paid password manager account, is letting your browser remember them for you. You’ve seen the option yourself. You probably even use it on at least one site. Don’t! The option is convenient, but the underpinning security is often undocumented, and it doesn’t require that your password actually be, you know, good. If you need a free and easy option, go with a password manager like Dashlane instead of trusting everything to Chrome.

The only problem is that apps like Google's Chrome don't take advantage of the keychain, so you'll need to manually enter passwords from the keychain to Chrome, and Chrome can save the password in it's own database.

Use a password manager

Password managers like 1Password or LastPass create strong, unique passwords for all of your online accounts, and then store them for you to access across all your devices. So you have strong, unique passwords, and if one of your passwords does get caught up in a data breach, criminals won’t have the keys to the rest of your online services.

Now all you need to do is remember one master key.

The limitations with these applications is that, like all 3rd party software, you'll need to download a separate app, and then you'll need to install the appropriate browsers plugin for them to work.

Use keyboard patterns

A much-less-often used password mechanisms is using a keyboard pattern.

Instead of making up a sentence or using substitutions, you pick a pattern on your keyboard as a password. This has the advantage of being extraordinarily easy to type in, but hard for others to hack.

Of course, there's an obvious downside; if typing in the password on a foreign or virtual keyboard, the layout may not be exactly the same as your normal keyboard. Also, keys like the numbers and symbols (the top row) may not even appear on virtual keyboard - so you'll need to really remember this type of password.

An example... "cftyuijnbvc" makes so sense as a word, but you'll see how nifty it is when you type it out.

Single-serve passwords

What makes safety glass so safe? Simple... it's designed to stop little cracks becoming big ones, resulting in tiny, relatively innocuous pieces of glass rather than large, sharp, extremely dangerous shards of glass.

In the same way, using unique passwords means that if the password to one online service is discovered, then it means your other online services are not in compromised.

If you’re use a password manager then you’re already all over this. If not, then a midway solution would be to create 10 unique passwords, and evenly distribute their use, so that the exposure of any password is not entirely catastrophic. Don't believe that your passwords may have been compromised? See for yourself: The website Have I Been Pwned has nearly 5 billion compromised accounts on file - and yours may be one of them,.

Use multi-factor authentication

Increasingly, online services are using multi-factor authentication.

Users can be authenticated more than one way, including:

  • Something you know - a password or PIN
  • Something you have - a smart card, a SecureID token, a YubiKey USB key, an app like Authy, or a code via SMS
  • Something you are - a biometric measure like a fingerprint, voice pattern, or retina scan

The third factor is usually only used for physical access to something; a building, a research facility, etc.

But two-factor authentication is increasingly used for online services, and codes via SMS are by far the most popular. If an online service offers two-factor authentication then you should used it. The only down side is that you may not be able to receive an SMS code if you're overseas and don't have roaming turned on.

Backup your iPhone and save a world of pain

A long time ago, in a galaxy far far away, I used to work for the Apple Store Sydney as a Genius (note the capital "G" denoting this is a title, not a claim!)

We saw many things at the Genius Bar, but the one thing which consistently amazed me was the number of times people didn't back up their devices, whether Mac or iPhone.

In fact, the only time someone cried (literally) at the Genius Bar was when the Mac owned by a young couple had a failed hard disk. The couple didn't have a backup, and consequently they lost every precious photo they'd taken of their baby's first year!

What do you do in such a situation? There was nothing we could do but hand over a box of tissues.

The Future

Fast forward to a day in the future when you too lose all the photos on a device. I'm not saying this scenario may happen, I'm saying that in all likelihood this scenario will happen.


There are a myriad reasons. Phones get stolen, are dropped in the ocean, are forgotten on a train in a foreign city. Your ex could make off with your iPhone. Your roommate could make off with your iPhone. Your ex and your roommate could make out and then make off with your iPhone! And then everything on that iPhone which wasn't backed up is gone. Forever.

Avoid Pain

Apple, as the inventor of the smartphone, has looked into it's crystal ball to see this day, and has you covered. All you have to do is take advantage of what's available. So let's revisit how to back up your iPhone.

Firstly, some data doesn't need to be backed up separately. If you have your calendar, contacts, notes, reminders, and email in the cloud then your data is automatically synchronised, and in the event you need to replace your phone that information can be synchronised with your new phone in just a few minutes.

But what about everything else? Your game progress? Your Skype login? Your FaceBook account? And, more important than all of those - your photos!

Most people know that backing up their iPhone to their Mac or PC can be done via iTunes, but this only happens when you're on the same wifi network, and when your computer is on and iTunes is running. In some cases this is further restricted to happen only when your iPhone is physically connected to your computer.

But when you're out and about - the times you're most likely to be taking family snaps - your computer is nowhere near you. If you're on holidays it could be weeks before you get back to your computer!


Apple has a number of solutions to this, and they all assume you have an iCloud account.

  • A free iCloud account gives you 5 GB of storage
  • 50 GB of iCloud storage costs $1.49 / month
  • 200 GB of iCloud storage costs $4.49 / month
  • 2 TB (or 2000 GB) of iCloud storage costs $14.99 / month
  • These are Australian prices, and include GST
  • Prices may change, so click here for current information

If you have an Apple ID (for the iTunes or App Store) then use that to sign in to iCloud.

Once you've setup your iCloud account on your iPhone you're ready to use one of Apple's backup solutions.













iCloud Backup
  • What it is: A backup of everything on your iPhone to iCloud
  • Pros: Everything on your iPhone is backed up; a lost iPhone can be restored from the last backup
  • Cons: Backups can take up a lot of space, so you may need to pay for more iCloud storage
  • To activate:
    • Go to your iPhone Settings
    • Click on your name at the top
    • Click on iCloud
    • Scroll down to iCloud Backup and switch it on
  • Important: Backups only happen when your iPhone is plugged into power, locked, and connected to wifi; use a hotspot or your hotel wifi when on vacation.
iCloud Photo Library
  • What it is: A copy of your entire photo library on iCloud
  • Pros: Uses less storage than iCloud Backup, and photos can then be shared with Photos on your Mac, so all photos automagically appear on your iPhone and Mac
  • Cons: Only backs up your photos (you may need a paid iCloud subscription if you have many photos and videos)
  • To activate:
    • Go to your iPhone Settings
    • Click on your name at the top
    • Click on iCloud
    • Click on Photos
    • Switch on iCloud Photo Library
  • Important: Photos will upload via both wifi and cellular data, so be aware of any cellular data charges (especially when overseas). To enable or disable cellular data for Photos go to Settings > Mobile > Mobile Data on your iPhone.
Photo Streaming
  • What it is: A stream of the last 30 days of photos from your iPhone
  • Pros: Takes up the least storage on an iCloud account, so you may not need a paid iCloud subscription
  • Cons: Only the last 30 days of photos are stored in iCloud, so you'll need to download these to your Mac or PC or risk losing them, only works with wifi
  • To activate:
    • Go to your iPhone Settings
    • Click on your name at the top
    • Click on iCloud
    • Click on Photos
    • Switch on Upload to My Photo Stream
  • Important: Uploads only happen when your iPhone is connected to wifi; use a hotspot or your hotel wifi when on vacation.

Follow this guide and you should never need a box of tissues because you've lost your photos.

For the full Apple support document on backing up, go here or contact iHelp IT.

Spot phishing attacks like a pro

Is it the sense of familiarity, the intriguing subject line or just being in auto-pilot that compels you to click?

Phishing is a method often used by hackers and cyber attackers to steal your credentials and sensitive personal information, or to infect your system with undetectable malicious software. A phishing email claims to be from a reputable source – however it's designed, it's job is to convince you to click on a link within the email, or to open an included attachment.  Often the email will use emotions – such as urgency, a deadline, curiosity, fear, or greed to convince you to open the malicious attachment or click on the link.

Examples of these include scenarios where the emails claims you’ve got a speeding ticket, an ATO taxation fine or refund, that you've received an unexpected invoice or resume, or have missed a parcel delivery. Curious? That’s exactly the emotional trigger they try to use to make you click on the link or open the attachment!

If you do fall for it, you may end up with malicious software installed on your device (including your Mac). This is very bad news, as the malicious software lurks in the background doing something evil. It could be software that enables the attackers to covertly connect directly to your system, to encrypt all of your files and hold them to ransom, or steal your credentials which they then use as part of a bigger scam or attack.

The fake messages with the call-to-action that lure you use clever psychological tricks.

That’s what makes it so difficult to protect yourself against phishing. You know not to click links in shady emails. You know to think twice before clicking any link in any email. (Right?)

The same goes for downloading attachments and putting your personal information or login credentials into any form that you have any reason not to trust. And yet, phishers can just needle you forever, waiting for that one moment when you finally slip up. If you do, you instantly subject yourself to any number of unfortunate consequences, whether it’s identity theft, fraud, or malware that runs rampant on your device.

Three rules

Follow these three rules to keep from getting hooked.








Spot the Obvious

There are some obvious signs that an email might be a phishing attack:

  • Does the email use emotions to convince you to click on a link or open an attachment?
  • Are there some spelling mistakes or grammatical errors?
  • Is the text in the email not addressed directly to you, or use impersonal text such as “FirstName”?
  • Does the email have a strange “From:” address or a “Reply to:” address that is different to the “From:” address?
  • Does the mail have attachments or a link you didn’t ask for, or weren’t expecting?
  • Does the link look strange? Hover your cursor over the link without clicking –  does the address look unusual?
  • Is there an urgent call to action or deadline given?
Remember the basics

There’s a big difference between unwanted marketing & advertising emails (Spam) and phishing emails. If you suspect an email to be a possible phishing attempt you should contact iHelp IT immediately. We can quickly identify a email as phishing, and protect you and your employees from the same attack.

Following standard digital defense advice will help with phishing as well:

  • Keep an up-to-date backup of your data
  • Enable multifactor authentication to services if available
  • Close accounts you no longer use
  • Use unique, robust passwords for each online service
  • Use a password manager to keep track of these passwords

These steps make you a tougher target, but more importantly, they’ll help contain damage if you ever do get phished.

Listen to your gut

Your gut has a great sense for phishing scams, and you should look out for:

  • Unexpected emails (even from friends)
  • Emails with a link to click on
  • Emails asking you to check or update information
  • Emails which seem rushed or have a strange tone
  • A Facebook message when you'd expect a text message

If anything seems a little off, check with the sender on another platform to confirm the request. Also, consider why you might be receiving a message and whether it makes sense.

  • Most online services won’t asking you to make changes via email
  • Always log into sites via your browser, not an email link
  • Treat unexpected attachments with high suspicion and avoid opening them

Easily exposed

Look at the apparently authentic email below, and see how easy it is to tell that it’s a simple phishing attack, designed to get you to click on a nefarious link.

An apparently legitimate email, from ASIC.

Hover over the link to see the link doesn’t point to ASIC.

Real-life examples

Below are some real-life examples of phishing scams.


A man received an SMS from his wife, claiming she'd forgotten her PIN, and asking him to send it to her.

The man promptly did, and shortly thereafter received a call from another number. It was his wife. She told him that her handbag, with her wallet and mobile phone had been stolen.

After successfully obtaining the wife's PIN via SMS, thieves helped themselves to over $2,000 in withdrawals from ATMs, before dumping the handbag and all contents.

  • Don't immediately reply to odd requests for information
  • Always confirm the request is real
The urgent transfer request

The head of accounts for a large organisation was at an airport lounge ready to fly overseas on vacation, when she received an email request from her boss, asking her to urgently transfer $7,000 to a bank account.

Without considering if the email was legitimate, she transferred the money immediately, as requested.

It was only at the end of her 8-hour flight that her thoughts turned to how odd the request was, and a call to her boss confirmed she had been duped.

  • Emails can be faked
  • Consider if the request is typical of the sender
Identity theft

Unlocked mailboxes are a great source of information for phishing. In this case all it took was a stolen mobile phone bill, which gave thieves the account holder's name, address, and account numbers, and Facebook revealed the account holder's date-of-birth.

Armed with this information, the thieves managed to obtain a new SIM card, and somehow (we won't tell you exactly how) used this to transfer funds via phone banking.

Thieves got away with $13,000 before the bank's security systems stepped in and stopped further transfers.

  • Be aware of how you may be giving critical information away

A thousand used for your old iPod

If you’re like almost everyone in the world, at some point you had an iPod.

Which, at some later point, you replaced with a bigger and better iPod.

And both of them now lie idle, tucked away in a drawer somewhere… So, the clever folks at Business Insider have released a video with 5 uses for an old iPod.

And that’s nice… But I think we can do much better!

In addition to the 5 Business Insider uses, here are some that we thought of (maybe not 1000, but quite a few):

  • keep the kids entertained with games while at grandma’s
  • keep the kids entertained with movies on a long drive
  • take it out fishing; better to lose an old iPod at sea than your iPhone
  • attach it to portable speakers and play christmas carols under your christmas tree
  • donate it to a refugee, with english lessons, to give them a kickstart in Australia
  • attach it to micro speakers for some soothing, smooth background office music
  • keep thieves at bay by replaying a recording of an earlier party, while you’re away on holidays (think Home Alone)
  • regift it to grandma with her favourite old-time music; Christmas, sorted
  • watch Snakes on a Plane, and 6 other movies, on a plane, with no battery drain on your iPhone
  • use it for that little bit of extra storage for your 64 GB MacBook Air
  • empty out it’s innards and create a cool-looking cigarette box
  • bring it poolside for summer tunes with outdoor speakers, avoid possible water damage on your iPhone
  • dragged to a boring Opera House concert? bring your iPod and listen to what you want to hear instead
  • use it as prop for a video or play set way back in 2001
  • take it apart and learn a bit about electronics
  • install, boot, and run Mac OS X on your iPod classic… because, why not?
  • as a stocking stuffer for naughty kids (coal is so yesterday)
  • scrape out the insides and use it as a wallet when travelling; nobody steals old iPods!
  • make a hilarious “kids react…” video – it’s not a touch screen!!!
  • don’t unwrap it! instead hold onto it and sell it still in the box on eBay for $20,000!
  • grab a second iPod and turn them into a pair of speakers!
  • play really (really really) bad games

Seriously the list goes on an on… So enjoy the Business Insider 5, and then think of your own creative iPod re-uses.




Untangling domain names

A Tangled Mess

Most businesses start with one domain name. You’ve got one idea, you’ve found a domain name, you buy it, and you’re on your way with a web site.

Soon, though, you find the .com version is available, and decide to buy that one too. Then the .net version – just in case. You don’t want any cyber-squatting!

After a while you may branch out, starting an offshoot business, and an associated domain name with that. Then, you want to have a presence in another country so suddenly you have a .uk and a .nz version to add to your intellectual property toolkit.

Then one day you realise there’s an even better domain name for your business which you just have to have!

So one more.

Shortly after that you find out some of your clients can never spell your domain name, and often type something else, so you decide to buy the .com .net .uk and .nz versions of the misspellings.

Before you know it you’ve got 32 domain names racked up, which have been purchased from different registrars, using different credentials, are managed by different IT people, with domain name service, web, and email hosting ALL OVER THE PLACE!

And most of them aren’t even used any more!

A True Story

This recently happened to a client of ours, with over 30 domains in different countries, for different products and businesses, and with misspelled domains to cover all bases.

The problem was, when it came to changing hosting for some of the domains it was a nightmare to untangle this mess. There were primary registrars, their resellers, registrars which had been sold to other companies, and limited client knowledge as to login names and passwords.

In one case a registrar had two different sides to their business – one for the .au domains and one for the .com domains.

All up it’s taken about a day – on the phone to the client and suppliers, sending emails to registrars, on chat lines, lodging tickets for support, tracking down previous IT providers and previous hosting companies – to tame this awful mess.

The Lesson

This shouldn’t take so long, and is a doddle if you follow the 1-1-1 rule for domain names:

All domains should be managed by one IT provider, with one registrar, via one login.

It’s that simple.

Call Us

If you have a tangled domain nightmare call iHelp IT on 1300 469 622, and we can untangle it for you!

We will migrate all the domain names and domain name hosting to one account, with one login, so it’s easy to manage your intellectual property assets in the future.

All you have to do is reach out one time 🙂