New Mandatory Data Breach Notification Laws

Catherine Higgins from Lawbase

New Mandatory Data Breach Notification laws came into effect during February. Catherine Higgins from Lawbase explains how these laws affect you, and what you need to do in the event of a breach.

Why are they needed?

Strong data management is integral to the operation of businesses and government agencies worldwide.  At the same time, data analysis has been widely recognised for its value as fuel for innovation.

This noted, one of the biggest risks organisations face with data management is a data breach.  A data breach involving personal information can put affected individuals at risk of serious harm and consequently damage an organisation’s reputation.

A change to the law

To support this protection, on 23 February 2018 and for the first time in Australia, those subject to the Privacy Act 1988 (Cth) (the Privacy Act) now have a mandatory obligation to promptly report eligible data breaches to both the Office of the Australian Information plainmissioner (OAIC) and any individuals who may be potentially affected by the data breach.

Mandatory data breach notification is designed to protect the individuals affected by a data breach so that they may take the necessary steps and measures to protect themselves from any harm or damage.

We believe notifying affected individuals is simply good privacy practice as it gives each person the opportunity to take proactive steps to protect their personal information and also helps to protect an organisation’s reputation by displaying transparency and openness.

Examples of an eligible data breach could be:

  • There is unauthorised access or unauthorised disclosure of personal information
  • Personal information is lost in circumstances where unauthorised access or unauthorised disclosure of the information is likely to occur
  • A reasonable person would determine that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.

Notification obligations

If you believe there is an eligible data breach, there is a requirement to provide notification as soon as practicable.

The notification obligation involves a two-step process.

  • The organisation must prepare a statement containing certain (prescribed) information about the data breach and provide it to the OAIC
  • The organisation must then notify the affected individuals.

The notification statement must set out:

  • The identity and contact details of the organisation
  • A description of the eligible data breach
  • The kind or kinds of information concerned
  • Recommendations about the steps the individuals should take in response to the eligible data breach.

Will the new laws affect me?

Organisations with a turnover less than $3 million a year will fall outside the legislation.

Noting this, however, the Privacy Act does apply to some types of businesses with an annual turnover of less than $3 million so the new laws may still apply.  These businesses can include health service providers, gyms, child care centres, private schools, businesses that sell or purchase personal information and credit reporting bodies.

We recommend you confirm your status with OAIC.

How do I prepare if I’m impacted by these new laws?

First of all, don’t panic!  Experts are reporting that as many as 44 per cent of eligible Australian enterprises are not yet ready to comply with the new changes.  This said, you need to get your business up to compliance as soon as possible.

Taking reasonable steps to minimise risk

Eligible organisations should be proactive and take appropriate and reasonable steps to ensure the security of personal information.  It will, of course, depend on the circumstances and be determined by the following:

  • The nature of the entity holding the personal information
  • The amount and sensitivity of the personal information held
  • The possible adverse consequences for an individual
  • The information handling practices of the entity holding the information
  • The practicability of implementing the security measure, including the time and cost involved
  • Whether a security measure is itself privacy invasive.

Noting this, as guidance, the OAIC has advised that reasonable steps would include:

  • Performing or conducting Privacy Impact Assessments
  • Implementing Privacy by Design principles
  • Performing information security risk assessments
  • Creating and maintaining a Privacy Policy
  • Having a comprehensive and up to date set of information security policies
  • Restricting physical and logical access to personal information on a "need-to-know" basis
  • Keeping your software up to date and current
  • Employing multi factor authentication
  • Configuring your systems for security
  • Employing end point security software
  • Security monitoring tools to detect breaches
  • Using network security tools
  • Penetration testing exercises
  • Vulnerability assessments
  • Having a data breach response process

The Guide

For those that have begun the above process or those that need to act quickly to become compliant, we strongly recommend you review the OAIC Guide.  It has been prepared to assist Australian Government agencies and private sector organisations prepare for and respond to data breaches in line with their obligations under the Privacy Act.

As an overview, it is broken into five key parts.

Part 1: Data breaches and the Australian Privacy Act

This section outlines the requirements of the Privacy Act that relate to personal information security and data breach response strategy.  The principles contained within the Privacy Act for the handling of personal information may be adopted by any entity to lower the risk of a data breach occurring and to effectively reduce the impact of a data breach.

Part 2: Preparing a data breach response plan

The faster you respond to a data breach, the more likely it is to limit any negative consequences.  A data breach response plan is essential to enable a swift response and ensure that any legal obligations are met following a data breach.

Part 3: Responding to data breaches — Four key steps

An effective data breach response generally follows a four-step process — contain, assess, notify, and review.  This part of the guide outlines key considerations for each of these steps to assist entities in preparing an effective data breach response.

Part 4: Notifiable Data Breaches (NDB)

This section outlines the requirements of the NDB scheme under the Privacy Act.  The NDB scheme contains mandatory data breach reporting obligations in relation to certain data breaches, and requirements to assess suspected data breaches.

Part 5: Other sources of information

The obligations of the Privacy Act in relation to data breaches co-exist with other reporting obligations.  This section assists entities in identifying where they can find information about other data breach reporting requirements

Are there any penalties if I don’t meet my requirements?

Yes.  If you don’t comply with the notification obligation, you may be subject to anything from investigations, or in the case of serious and repeated non-compliance, substantial civil penalties.

In saying this, we believe not acting to protect the information of someone in your ‘care’ is simply bad practice and penalties should apply.

If you have any questions on the new laws or would like to discuss any elements surrounding them, please contact the author, Catherine Higgins, at Lawbase (

Perfect password security

Your passwords are a tremendous security measure, but sometimes they seem to be no more than an inconvenience, designed to stop or slow you from accessing a computer or web site.

For decades (literally since the 60s) passwords have been the first line of defence to secure access to computer systems, and are increasingly important against a growing cyber threat; from the password you type to log in to your Mac, to the PIN you enter on your iPhone.

Even apparently fancier technologies like Apple's TouchID and FaceID have only one job; ensure access to the existing PIN on your iPhone. It's the PIN (or more complex password) which in turn actually unlocks the phone.

So passwords aren't going anywhere, and consequently it’s always a perfect time to review your approach to passwords, and find out how a few simple changes can give you an immediate security boost.

But, in this digital world, password are everywhere. Each time you login to your computer, iTunes, FaceBook, Google Drive, iCloud, work-based systems, DropBox, Zomato, Seek, Uber, Tinder, and (of course) the numerous financial systems which we take for granted these days. The list is almost endless.

So how do you effectively protect yourself?

Do you go the simplistic route, and pick one really good password and use it everywhere? No. Absolutely not. If someone gets that password then you're compromised everywhere.

But having secure, unique passwords to everything is unusually complex, and entirely impractical. So now what?

Fortunately, technology (the cause of the problem) also has a number of solutions. Below are 6 ways in which you can get the best of both worlds; security and simplicity.

This article should be viewed as essential reading, not just as a set of recommendations.




Go Long

Despite what all those prompts for unique characters and uppercase letters might have you believe, length matters more than complexity, as is elegantly displayed in one of our favourite geek comics, XKCD. The more characters, the more mathematically complex it becomes to guess a password, and the longer an attack would take.

Stringing together a sentence, and mixing in some symbols, numbers, and upper-case (think &, 4, U) makes a password much, much harder to assail.

“inever4getaface!” is a great, easy to remember but complex to guess password.

Let your Mac do the heavy lifting

Don’t trust foreign browsers. A convenient shortcut to remembering all those passwords, or getting a paid password manager account, is letting your browser remember them for you. You’ve seen the option yourself. You probably even use it on at least one site. Don’t! The option is convenient, but the underpinning security is often undocumented, and it doesn’t require that your password actually be, you know, good. If you need a free and easy option, go with a password manager like Dashlane instead of trusting everything to Chrome.

The only problem is that apps like Google's Chrome don't take advantage of the keychain, so you'll need to manually enter passwords from the keychain to Chrome, and Chrome can save the password in it's own database.

Use a password manager

Password managers like 1Password or LastPass create strong, unique passwords for all of your online accounts, and then store them for you to access across all your devices. So you have strong, unique passwords, and if one of your passwords does get caught up in a data breach, criminals won’t have the keys to the rest of your online services.

Now all you need to do is remember one master key.

The limitations with these applications is that, like all 3rd party software, you'll need to download a separate app, and then you'll need to install the appropriate browsers plugin for them to work.

Use keyboard patterns

A much-less-often used password mechanisms is using a keyboard pattern.

Instead of making up a sentence or using substitutions, you pick a pattern on your keyboard as a password. This has the advantage of being extraordinarily easy to type in, but hard for others to hack.

Of course, there's an obvious downside; if typing in the password on a foreign or virtual keyboard, the layout may not be exactly the same as your normal keyboard. Also, keys like the numbers and symbols (the top row) may not even appear on virtual keyboard - so you'll need to really remember this type of password.

An example... "cftyuijnbvc" makes so sense as a word, but you'll see how nifty it is when you type it out.

Single-serve passwords

What makes safety glass so safe? Simple... it's designed to stop little cracks becoming big ones, resulting in tiny, relatively innocuous pieces of glass rather than large, sharp, extremely dangerous shards of glass.

In the same way, using unique passwords means that if the password to one online service is discovered, then it means your other online services are not in compromised.

If you’re use a password manager then you’re already all over this. If not, then a midway solution would be to create 10 unique passwords, and evenly distribute their use, so that the exposure of any password is not entirely catastrophic. Don't believe that your passwords may have been compromised? See for yourself: The website Have I Been Pwned has nearly 5 billion compromised accounts on file - and yours may be one of them,.

Use multi-factor authentication

Increasingly, online services are using multi-factor authentication.

Users can be authenticated more than one way, including:

  • Something you know - a password or PIN
  • Something you have - a smart card, a SecureID token, a YubiKey USB key, an app like Authy, or a code via SMS
  • Something you are - a biometric measure like a fingerprint, voice pattern, or retina scan

The third factor is usually only used for physical access to something; a building, a research facility, etc.

But two-factor authentication is increasingly used for online services, and codes via SMS are by far the most popular. If an online service offers two-factor authentication then you should used it. The only down side is that you may not be able to receive an SMS code if you're overseas and don't have roaming turned on.

Backup your iPhone and save a world of pain

A long time ago, in a galaxy far far away, I used to work for the Apple Store Sydney as a Genius (note the capital "G" denoting this is a title, not a claim!)

We saw many things at the Genius Bar, but the one thing which consistently amazed me was the number of times people didn't back up their devices, whether Mac or iPhone.

In fact, the only time someone cried (literally) at the Genius Bar was when the Mac owned by a young couple had a failed hard disk. The couple didn't have a backup, and consequently they lost every precious photo they'd taken of their baby's first year!

What do you do in such a situation? There was nothing we could do but hand over a box of tissues.

The Future

Fast forward to a day in the future when you too lose all the photos on a device. I'm not saying this scenario may happen, I'm saying that in all likelihood this scenario will happen.


There are a myriad reasons. Phones get stolen, are dropped in the ocean, are forgotten on a train in a foreign city. Your ex could make off with your iPhone. Your roommate could make off with your iPhone. Your ex and your roommate could make out and then make off with your iPhone! And then everything on that iPhone which wasn't backed up is gone. Forever.

Avoid Pain

Apple, as the inventor of the smartphone, has looked into it's crystal ball to see this day, and has you covered. All you have to do is take advantage of what's available. So let's revisit how to back up your iPhone.

Firstly, some data doesn't need to be backed up separately. If you have your calendar, contacts, notes, reminders, and email in the cloud then your data is automatically synchronised, and in the event you need to replace your phone that information can be synchronised with your new phone in just a few minutes.

But what about everything else? Your game progress? Your Skype login? Your FaceBook account? And, more important than all of those - your photos!

Most people know that backing up their iPhone to their Mac or PC can be done via iTunes, but this only happens when you're on the same wifi network, and when your computer is on and iTunes is running. In some cases this is further restricted to happen only when your iPhone is physically connected to your computer.

But when you're out and about - the times you're most likely to be taking family snaps - your computer is nowhere near you. If you're on holidays it could be weeks before you get back to your computer!


Apple has a number of solutions to this, and they all assume you have an iCloud account.

  • A free iCloud account gives you 5 GB of storage
  • 50 GB of iCloud storage costs $1.49 / month
  • 200 GB of iCloud storage costs $4.49 / month
  • 2 TB (or 2000 GB) of iCloud storage costs $14.99 / month
  • These are Australian prices, and include GST
  • Prices may change, so click here for current information

If you have an Apple ID (for the iTunes or App Store) then use that to sign in to iCloud.

Once you've setup your iCloud account on your iPhone you're ready to use one of Apple's backup solutions.













iCloud Backup
  • What it is: A backup of everything on your iPhone to iCloud
  • Pros: Everything on your iPhone is backed up; a lost iPhone can be restored from the last backup
  • Cons: Backups can take up a lot of space, so you may need to pay for more iCloud storage
  • To activate:
    • Go to your iPhone Settings
    • Click on your name at the top
    • Click on iCloud
    • Scroll down to iCloud Backup and switch it on
  • Important: Backups only happen when your iPhone is plugged into power, locked, and connected to wifi; use a hotspot or your hotel wifi when on vacation.
iCloud Photo Library
  • What it is: A copy of your entire photo library on iCloud
  • Pros: Uses less storage than iCloud Backup, and photos can then be shared with Photos on your Mac, so all photos automagically appear on your iPhone and Mac
  • Cons: Only backs up your photos (you may need a paid iCloud subscription if you have many photos and videos)
  • To activate:
    • Go to your iPhone Settings
    • Click on your name at the top
    • Click on iCloud
    • Click on Photos
    • Switch on iCloud Photo Library
  • Important: Photos will upload via both wifi and cellular data, so be aware of any cellular data charges (especially when overseas). To enable or disable cellular data for Photos go to Settings > Mobile > Mobile Data on your iPhone.
Photo Streaming
  • What it is: A stream of the last 30 days of photos from your iPhone
  • Pros: Takes up the least storage on an iCloud account, so you may not need a paid iCloud subscription
  • Cons: Only the last 30 days of photos are stored in iCloud, so you'll need to download these to your Mac or PC or risk losing them, only works with wifi
  • To activate:
    • Go to your iPhone Settings
    • Click on your name at the top
    • Click on iCloud
    • Click on Photos
    • Switch on Upload to My Photo Stream
  • Important: Uploads only happen when your iPhone is connected to wifi; use a hotspot or your hotel wifi when on vacation.

Follow this guide and you should never need a box of tissues because you've lost your photos.

For the full Apple support document on backing up, go here or contact iHelp IT.

Spot phishing attacks like a pro

Is it the sense of familiarity, the intriguing subject line or just being in auto-pilot that compels you to click?

Phishing is a method often used by hackers and cyber attackers to steal your credentials and sensitive personal information, or to infect your system with undetectable malicious software. A phishing email claims to be from a reputable source – however it's designed, it's job is to convince you to click on a link within the email, or to open an included attachment.  Often the email will use emotions – such as urgency, a deadline, curiosity, fear, or greed to convince you to open the malicious attachment or click on the link.

Examples of these include scenarios where the emails claims you’ve got a speeding ticket, an ATO taxation fine or refund, that you've received an unexpected invoice or resume, or have missed a parcel delivery. Curious? That’s exactly the emotional trigger they try to use to make you click on the link or open the attachment!

If you do fall for it, you may end up with malicious software installed on your device (including your Mac). This is very bad news, as the malicious software lurks in the background doing something evil. It could be software that enables the attackers to covertly connect directly to your system, to encrypt all of your files and hold them to ransom, or steal your credentials which they then use as part of a bigger scam or attack.

The fake messages with the call-to-action that lure you use clever psychological tricks.

That’s what makes it so difficult to protect yourself against phishing. You know not to click links in shady emails. You know to think twice before clicking any link in any email. (Right?)

The same goes for downloading attachments and putting your personal information or login credentials into any form that you have any reason not to trust. And yet, phishers can just needle you forever, waiting for that one moment when you finally slip up. If you do, you instantly subject yourself to any number of unfortunate consequences, whether it’s identity theft, fraud, or malware that runs rampant on your device.

Three rules

Follow these three rules to keep from getting hooked.








Spot the Obvious

There are some obvious signs that an email might be a phishing attack:

  • Does the email use emotions to convince you to click on a link or open an attachment?
  • Are there some spelling mistakes or grammatical errors?
  • Is the text in the email not addressed directly to you, or use impersonal text such as “FirstName”?
  • Does the email have a strange “From:” address or a “Reply to:” address that is different to the “From:” address?
  • Does the mail have attachments or a link you didn’t ask for, or weren’t expecting?
  • Does the link look strange? Hover your cursor over the link without clicking –  does the address look unusual?
  • Is there an urgent call to action or deadline given?
Remember the basics

There’s a big difference between unwanted marketing & advertising emails (Spam) and phishing emails. If you suspect an email to be a possible phishing attempt you should contact iHelp IT immediately. We can quickly identify a email as phishing, and protect you and your employees from the same attack.

Following standard digital defense advice will help with phishing as well:

  • Keep an up-to-date backup of your data
  • Enable multifactor authentication to services if available
  • Close accounts you no longer use
  • Use unique, robust passwords for each online service
  • Use a password manager to keep track of these passwords

These steps make you a tougher target, but more importantly, they’ll help contain damage if you ever do get phished.

Listen to your gut

Your gut has a great sense for phishing scams, and you should look out for:

  • Unexpected emails (even from friends)
  • Emails with a link to click on
  • Emails asking you to check or update information
  • Emails which seem rushed or have a strange tone
  • A Facebook message when you'd expect a text message

If anything seems a little off, check with the sender on another platform to confirm the request. Also, consider why you might be receiving a message and whether it makes sense.

  • Most online services won’t asking you to make changes via email
  • Always log into sites via your browser, not an email link
  • Treat unexpected attachments with high suspicion and avoid opening them

Easily exposed

Look at the apparently authentic email below, and see how easy it is to tell that it’s a simple phishing attack, designed to get you to click on a nefarious link.

An apparently legitimate email, from ASIC.

Hover over the link to see the link doesn’t point to ASIC.

Real-life examples

Below are some real-life examples of phishing scams.


A man received an SMS from his wife, claiming she'd forgotten her PIN, and asking him to send it to her.

The man promptly did, and shortly thereafter received a call from another number. It was his wife. She told him that her handbag, with her wallet and mobile phone had been stolen.

After successfully obtaining the wife's PIN via SMS, thieves helped themselves to over $2,000 in withdrawals from ATMs, before dumping the handbag and all contents.

  • Don't immediately reply to odd requests for information
  • Always confirm the request is real
The urgent transfer request

The head of accounts for a large organisation was at an airport lounge ready to fly overseas on vacation, when she received an email request from her boss, asking her to urgently transfer $7,000 to a bank account.

Without considering if the email was legitimate, she transferred the money immediately, as requested.

It was only at the end of her 8-hour flight that her thoughts turned to how odd the request was, and a call to her boss confirmed she had been duped.

  • Emails can be faked
  • Consider if the request is typical of the sender
Identity theft

Unlocked mailboxes are a great source of information for phishing. In this case all it took was a stolen mobile phone bill, which gave thieves the account holder's name, address, and account numbers, and Facebook revealed the account holder's date-of-birth.

Armed with this information, the thieves managed to obtain a new SIM card, and somehow (we won't tell you exactly how) used this to transfer funds via phone banking.

Thieves got away with $13,000 before the bank's security systems stepped in and stopped further transfers.

  • Be aware of how you may be giving critical information away

A thousand used for your old iPod

If you’re like almost everyone in the world, at some point you had an iPod.

Which, at some later point, you replaced with a bigger and better iPod.

And both of them now lie idle, tucked away in a drawer somewhere… So, the clever folks at Business Insider have released a video with 5 uses for an old iPod.

And that’s nice… But I think we can do much better!

In addition to the 5 Business Insider uses, here are some that we thought of (maybe not 1000, but quite a few):

  • keep the kids entertained with games while at grandma’s
  • keep the kids entertained with movies on a long drive
  • take it out fishing; better to lose an old iPod at sea than your iPhone
  • attach it to portable speakers and play christmas carols under your christmas tree
  • donate it to a refugee, with english lessons, to give them a kickstart in Australia
  • attach it to micro speakers for some soothing, smooth background office music
  • keep thieves at bay by replaying a recording of an earlier party, while you’re away on holidays (think Home Alone)
  • regift it to grandma with her favourite old-time music; Christmas, sorted
  • watch Snakes on a Plane, and 6 other movies, on a plane, with no battery drain on your iPhone
  • use it for that little bit of extra storage for your 64 GB MacBook Air
  • empty out it’s innards and create a cool-looking cigarette box
  • bring it poolside for summer tunes with outdoor speakers, avoid possible water damage on your iPhone
  • dragged to a boring Opera House concert? bring your iPod and listen to what you want to hear instead
  • use it as prop for a video or play set way back in 2001
  • take it apart and learn a bit about electronics
  • install, boot, and run Mac OS X on your iPod classic… because, why not?
  • as a stocking stuffer for naughty kids (coal is so yesterday)
  • scrape out the insides and use it as a wallet when travelling; nobody steals old iPods!
  • make a hilarious “kids react…” video – it’s not a touch screen!!!
  • don’t unwrap it! instead hold onto it and sell it still in the box on eBay for $20,000!
  • grab a second iPod and turn them into a pair of speakers!
  • play really (really really) bad games

Seriously the list goes on an on… So enjoy the Business Insider 5, and then think of your own creative iPod re-uses.




Untangling domain names

A Tangled Mess

Most businesses start with one domain name. You’ve got one idea, you’ve found a domain name, you buy it, and you’re on your way with a web site.

Soon, though, you find the .com version is available, and decide to buy that one too. Then the .net version – just in case. You don’t want any cyber-squatting!

After a while you may branch out, starting an offshoot business, and an associated domain name with that. Then, you want to have a presence in another country so suddenly you have a .uk and a .nz version to add to your intellectual property toolkit.

Then one day you realise there’s an even better domain name for your business which you just have to have!

So one more.

Shortly after that you find out some of your clients can never spell your domain name, and often type something else, so you decide to buy the .com .net .uk and .nz versions of the misspellings.

Before you know it you’ve got 32 domain names racked up, which have been purchased from different registrars, using different credentials, are managed by different IT people, with domain name service, web, and email hosting ALL OVER THE PLACE!

And most of them aren’t even used any more!

A True Story

This recently happened to a client of ours, with over 30 domains in different countries, for different products and businesses, and with misspelled domains to cover all bases.

The problem was, when it came to changing hosting for some of the domains it was a nightmare to untangle this mess. There were primary registrars, their resellers, registrars which had been sold to other companies, and limited client knowledge as to login names and passwords.

In one case a registrar had two different sides to their business – one for the .au domains and one for the .com domains.

All up it’s taken about a day – on the phone to the client and suppliers, sending emails to registrars, on chat lines, lodging tickets for support, tracking down previous IT providers and previous hosting companies – to tame this awful mess.

The Lesson

This shouldn’t take so long, and is a doddle if you follow the 1-1-1 rule for domain names:

All domains should be managed by one IT provider, with one registrar, via one login.

It’s that simple.

Call Us

If you have a tangled domain nightmare call iHelp IT on 1300 469 622, and we can untangle it for you!

We will migrate all the domain names and domain name hosting to one account, with one login, so it’s easy to manage your intellectual property assets in the future.

All you have to do is reach out one time 🙂




iTunes Error 53: The (in)convenience of security

Recently there’s been a lot of beat-up in the press about Error 53, an error which may appear in iTunes when the iOS software on iPhones or iPads which feature Touch ID is updated.

The ACCC has initiated an investigation to determine whether this error, which is triggered by a security measure, contravenes consumer protection and competition laws.

So what exactly is iTunes Error 53, and how do you avoid your iPhone or iPad becoming “bricked”?


Starting with the iPhone 5s, Apple introduced Touch ID. Touch ID is a fingerprint sensor and secure fingerprint information, used to unlock your iPhone and make purchases, in place of your security code. It increases security because it’s uniquely biometric and also because many people who choose to not use a passcode can conveniently use their fingerprint instead.

The fingerprint information itself is kept in a separate, secure part of the iPhone, and is only accessibly to the sensor. Apple, any third parties, and even the iPhone’s processor cannot access the fingerprint information. The only information the iPhone’s processor knows is whether a fingerprint attempt was successful or not.

To maintain Touch ID security the sensor is paired to the rest of the phone, and this pairing must be maintained. If this weren’t the case then a hacker could simply replace the Touch ID sensor, and use a bogus sensor to fake successful fingerprint results; essentially giving thieves an easy way to steal from you.

iTunes Error 53 explained


iTunes showing Error 53 for an iPhone

iTunes Error 53 occurs when the iPhone no longer recognises the Touch ID sensor.

It’s typically the result of a screen replacement which includes a sensor replacement without re-pairing. A while back I wrote about how long an iPhone screen replacement takes – and this is part of the reason.

Third party repair places may replace the screen and sensor without re-pairing, and that’s where the problem occurs.

If you are experiencing Error 53, then follow Apple’s official support advice.

Check if you are affected

Touch ID is included in a number of Apple devices, so you could be affected. Devices include:

  • iPhone 5s
  • iPhone 6 and 6 Plus
  • iPhone 6s and 6s Plus
  • iPad Air 2
  • iPad Pro
  • iPad Mini 3 and 4

If you’ve ever had a screen replaced on one of these devices, and it’s wasn’t via Apple, then back up your device, DO NOT run a software update, and head to your local Apple Store to have your device checked, as a preventative measure.

Once affected with Error 53 your iPhone or iPad will likely be “bricked” – lost for all time.

Always go to Apple for repairs

Our advice is to always go to Apple, or an authorised service agent, for your iPhone or iPad repairs. Not just for the great service which includes a warranty, but to protect your investment.

And one more thing… We’ve seen a lot of YouTube videos purporting to show how to fix Error 53. All of them involve extensive repairs on your iPhone, using parts you won’t have access to. As always our advice is to visit your local Apple Store.

*** Update 19 Feb 2016 ***

The Sydney Morning Herald has reported that Apple has released a software update to fix “bricked” iPhones. To apply the fix, do the following (see original SMH article here):

  1. If iTunes is open on your Mac or PC, quit iTunes.
  2. If your iOS device is plugged into your computer, unplug it.
  3. Make sure that you have the latest version of iTunes.
  4. Connect your iOS device to your computer with a USB cable.
  5. Open iTunes and select your device.
  6. When you see the option in iTunes to Restore or Update, click Restore.*
  7. When you see your iOS device’s Hello screen, follow the onscreen steps to set up your device.
    • If you previously backed up your device, you can set up from your backup.
    • When you see the screen for Touch ID, tap Set up Touch ID later.
  8. If Touch ID on your device didn’t work before you saw error 53, the feature still won’t work after you restore your device. Contact Apple Support to ask about service options for Touch ID.




Apple wall plug safety recall

Apple has recently issued a recall of wall plugs for power adapters, and you should gather all your affected wall plugs – a.k.a. “duckheads” – and get them replaced, for safety’s sake.

How to tell…

You can tell if your adapters are affected fairly easily. Look on the back of the duckhead – the bit that plugs into the wall socket – and if you see 4 or 5 numbers then it’s affected. If it says “AUS” or some other 3 letter code, then it’s not affected.


What to do…

Visit your local Apple Store, and they’ll be happy to exchange the affected part of the adapters. Don’t bring the entire adapter – just the duckhead. If you have a bucket load it may be better to contact your local Apple Store Business Team first; they’ll be able to direct you.

Numbers and reasons…

Numerically, it’s a large recall, spanning over a decade of adapters which shipped with iPhones, iPads, Mac portables, Airport base stations, and even sold individually – probably somewhere in the hundreds of millions.

But there have only been 12 documented cases of faults, so statistically, it’s tiny.

So why the recall?

Simple – it involves electricity, and the possibility (however remote) of Apple’s customers being injured or killed. Apple takes safety very seriously, and it’s a testament to their commitment to quality and safety, and (above all) the customer, which has led them to take this proactive measure.

More information is available on Apple’s web site.




Business IT Resilience

Like so many years before it, 2016 is set to be another transient year. We’re already in February, and before you know it we’ll be in May, then October will appear before you get a chance to pop your head up again.

While this transience gives us a great opportunity to reflect and plan, it’s not a word which should apply to the continuity plan of your business data and processes, including your IT systems.

You may have dodged some bullets over the past year, so it’s time to plan to avoid them altogether, by putting into place a business continuity and disaster recovery plan.

It’s time for resilience.

iHelp IT have a range of solutions to make your business IT resilient to both disaster and change.

Dramatic Disasters

The evacuations which took place as the 2014 Lindt Café siege unfolded are an extreme example of a disaster. Thousands were evacuated, and things didn’t return to normal in the city for almost 2 days. Less frequent but more devastating is a flood or fire. Recent extreme weather as the result of climate change demonstrate the random, uncontrollable nature of these events.

If your business premises were torn apart, razed to the ground, or swept away could you access your data? Could you answer your phones? Could you deliver work to your clients?

If your workplace was out for the count for 2 weeks would your business survive?

Common Catastrophes

While the scenarios above are possible, they occur far less frequently than the mundane, yet most business are not prepared for these common events either.

People want to work from home, staff travel for business, employees have babies, and (occasionally) the business moves location. Problems arise simply due to staff movements as they take knowledge with them. If Betty from accounts doesn’t have documented processes, how will her replacement, Bill, know where to start?

In these situations resilient systems become more vital, as money quietly slips out the door due to the loss of productivity.

Resilient Solutions

If your business can’t continue in the event of an unforeseen incident, or if everyday events present a challenge, then you are leaking money, and may not have a business after a disaster. You should consider better solutions.

iHelp IT can help you, with these solutions:

  1. DocumentSamePage is a system we’ve been using for years to document ( It’s cloud based, free, and accessible via your web browser.
  2. BackupTime Machine is built into every Mac, so a local NAS is perfect for daily backups. For extra security we use and recommend CrashPlan Pro ( – it’s only $11/m for your server.
  3. Cloud email – We offer Kerio Connect mail / contacts / calendar hosting ( We backup daily, give you 25 GB of storage per mailbox, and offer our personal touch for support.
  4. Cloud phones – Get rid of that clunky old physical PABX, and move to a cloud PABX with My Cloud Phones ( Setup takes under a week, costs are dramatically reduced, and you can connect all your offices to one system.
  5. VPN – Access your server from anywhere in the world with a Kerio Control router and super-secure, stable VPN.

Ready to be Resilient?

When you’re ready to create a business continuity and disaster recovery plan to make your business resilient give us a call on 1300 469 622.


Time to let Flash go

Today, the Sydney Morning Herald published an article entitled Why you should uninstall Adobe Flash Player. Without boring you with technical details, Operation Pawn Storm, a Russian cyber-espionage operation has exploited Flash’s Zero-Day flaw.

As of the current writing by Trend Micro, the US government and media, NATO, and opponents of Vladimir Putin, and governments in Europe, Asia and the Middle East have all been affected.

So it’s pretty serious.

So what have we learned?

Like so many security flaws, Operation Pawn Storm spreads predominantly a link in an email, which goes to a web page with a nefarious Flash app on it. Often, the aim is to steal some sort of login credentials, like your email login.

But that’s just a mechanism.

It’s easily defeated by either being vigilant when clicking on a link in an email, or uninstalling Flash.

Steve Jobs banged on about the dangers of Flash years ago, in his excellent, well-argue Thoughts On Flash article. You can read the whole thing if you like, but the key takeaway is this…


Like an old car

Flash is like an old car. It’s familiar. The mechanics who work on it are comfortable with it. It makes money (for advertisers, at least).

But just like an old car without airbags, high-mount stop lights, and crumple zones (to name a few safety features) it’s just too dangerous to keep using. Moreover, the world has moved on. There’s nothing Flash does that HTML5 and H264 (for video) doesn’t do. There’s no reason to keep it.

So, like your old floppy drive, CD player, and analog phone system, it’s time to let Flash go.

Turning a corner

At iHelp IT we are constantly trying to keep the data of our client’s computers safe from harm. There is no more important asset on your Macs that the data therein, and that includes the data you access which is stored on other systems: your email access, your bank account details, the photos of your kids on Dropbox.

So iHelp IT’s advice is to uninstall Flash. There’s less and less need for it, so it’s time to let it go.