Odds on, you know someone whose data has been caught up in the recent hack of Optus’ systems. Over 10 million people – clients old and current – have had their data stolen in the biggest breach of data security in Australia’s history. It’s even a significant breach by international standards.
What is even more alarming is that this happened to an organisation that one would view as being a technology leader. It begs the question…
If Optus can get hacked and have data stolen, what about the rest of us?
The truth is we are all vulnerable, and hacking is a sophisticated dark art with cyber criminals developing new and evil ways to steal data; especially personal, customer information that can be used to access money.
What should you do to protect your customer data?
No system is infallible to global cyber threats and the only way to combat them is to be vigilant and ready at all times.
And this means a couple of things according to Daniel Borin from SCA (Qld) Platinum Sponsor, StrataMax.
“The very first thing I recommend is that you talk to your IT provider and ask them questions about how well your networks, computers and servers are protected. They need to ensure ALL your systems and devices are patched regularly and that you have firewalls and antivirus software in place. Funnily enough, these antivirus software companies have their products regularly tested by - you guessed it - professional hackers.” said Daniel.
“Education is also critical to protecting yourself from a data breach. Everyone across the company should receive regular cyber security training to keep it front of mind and be across the emerging threats. We recommend cyberhoot.com who offer automated training in bite size chunks with very little admin or overhead.”
“It is also worth considering how much data you actually need to collect to conduct business. One of the big questions to come out of the Optus situation is why do we need so much information and why is it stored infinitely? Consider your policies around lost buildings and how long you need to retain that data for – it can really accumulate’
“We also recommend that businesses have a plan for if something happens. We would highly recommend that you review or implement an emergency control plan for your team to act immediately on the notification of a threat.”
“Just like a fire alarm we need you to educate and train your team to act without question.”
Why is this important?
Laura Bos, General Manager SCA (Qld) believes that the liabilities and penalties surrounding data breaches are about to become much more stringent.
“Having worked in a number of sectors such as superannuation and health insurance, I have a heightened awareness of the issues surrounding the collection and protection of customer data.” said Laura.
“Protecting customer data is an important trust measure between you and your clients and I believe that in light of the Optus situation, there will be increased sensitivity from clients around how you protect their data.”
“The strata sector collects plenty of data on both clients and assets. Plus, there are the monetary transactions and links to finance institutions – all these gateways and the software that protects them should be reviewed to ensure you are offering the most secure service.”
“And if you believe the outrage coming from the halls of the Federal Government, the penalties for NOT protecting customer data are going to become much more severe, “she said “it is in your interest from many angles to get ahead of the curve.”
What to do now?
Talk to your IT and systems provider to make sure your systems are protected
Talk to your banking providers to make sure your gateways are secure
Develop a plan for if you get hacked. Your IT provider can help you with the systems end but you also need to seek some advice on how to notify your clients. The Australian Cyber Security Centre has some great resources to assist here: https://www.cyber.gov.au/acsc/small-and-medium-businesses
Have you been impacted by the Optus breach?
In light of the Optus security breach, we have listed below all the official links to the credit monitoring agency and how to sign up if you are impacted by the Optus breach
Official news from Optus - https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack
How to protect yourself - https://www.oaic.gov.au/privacy/data-breaches/respond-to-a-data-breach-notification