If you’re one of the millions of Australians affected by a data breach in 2022, you might be wondering what to do next. It is undoubtedly a stressful experience but the right steps can reduce the risk of it turning into a catastrophe. Let’s take a look at the best ways to proceed.
A lot of people have asked us if major breaches, such as those disclosed by Optus, Medibank, and Uber, have been happening in the past. While it is certainly becoming more prevalent, there is also more pressure on businesses to report cyber incidents. This at least gives individuals and businesses greater knowledge of what they are up against, and those making announcements have largely been helpful in providing security suggestions. It will take the combined effort of individuals, businesses, software vendors, and governments to fight against the rising threat.
The first step is to read carefully the information provided by the organisation that advised you that your details were compromised. Many provide a level of emotional, practical, and technical support. They should be specific about exactly what information has been leaked. This awareness means you can be vigilant for anything suspicious.
Where possible, take the opportunity to get a replacement card. For example, the Queensland Government offered replacement driving licences, since this was a form of ID compromised for many individuals after using it to set up their Optus account. The government also instigated the use of both driver number and card number for subsequent identity checks to reduce the threat.
Here are 7 other ways you can protect yourself:
Don’t email personal information
While some businesses are still requesting customers to email identity documents, don’t do it. Email is not suited to this purpose and it is a high-risk action. Personal information should only be transferred via a secure portal. Likewise, in the workplace, if requesting emailed personal documents has been common practice in the past, go ahead and raise the issue with your management and IT leaders.
Take extra precautions
There is a rise in fake websites designed to look like a familiar brand. Visiting these websites can result in theft of more information, as well as money. Be careful of clicking links from email and text messages, which may well appear to be trying to help those already compromised – instead, navigate to those brands yourself using trusted information.
Be wary of unexpected visitors
With your information made public, you may also experience people turning up at your home, pretending to be from a company that you already know. The data might have been stolen online but that doesn’t mean that it won’t be used by organised or opportunistic criminals.
Be on alert for scam phone calls
Some, like the fake immigration department threats, may be more obvious, while others that appear to come from a company you subscribe to, such as Amazon, may seem more plausible on the surface. If you have any doubt at all, disconnect and access your account by typing the known website address into your browser.
Sign up for alerts
http://www.idcare.org/ is a service that monitors whether your ID has been fraudulently used, and offers support to those impacted by data breaches. In the case of Medibank and Optus, impacted customers were in many cases offered free access to ID Care. It is worth taking this extra measure so that you can identify any issues early and minimise the damage.
https://haveibeenpwned.com/ notifies you if your email ends up on the dark web. If you know your account has been breached, reset your password. Likewise, reset the password of any other known breached sites.
Get a password manager
This will ensure that you can create and safely store passwords that are sufficiently complex and unique for each website or application. Read our recent blog for more tips.
Use multi-factor authentication
Even if someone online has details of your account, they will not also have the additional information needed to access it. Almost every organisation you deal with offers multi-factor authentication, and it is quick and easy to set up. If you use it for all of your accounts, you will become a much tougher target.
Finally, check the federal government advice for up to date information on what to do if you have been caught up in a data breach.
Want more tips to help you and your business stay safe online? Connect with us on LinkedIn or chat with your TechPath account manager.