As news that the Medibank hackers have just released thousands of customer’s sensitive data, one of the most empowering pieces of knowledge right now is how to protect your information following a data breach.
What’s a data breach?
A data breach occurs when a company is hacked and information is leaked or used as blackmail in the process. There are numerous ways companies can be hacked: poor password policies, lack of cybersecurity training or even weak secure operating environments (SOE).
In the past month, three major corporations within Australia have all suffered data breaches in which thousands of customers’ data has been stolen and exposed. These companies include Optus, Medibank and Woolworths (My Deal).
Whilst this may just seem like bad luck, unfortunately there is a more ominous trend on the rise. A new study predicts that by 2025, the U.S. economy will have lost $10 trillion to cyber attacks and data breaches alone. The likelihood of being the victim of a data breach is ever-growing, so it’s best to know what to do in that case.
What do I do if I’ve been involved in a data breach?
The unfortunate reality is that you may fall victim to a data breach at some point – so it is best to be prepared.
If you are notified that your sensitive data has been compromised, it is imperative that you act quickly. Here are some things you can do if you’ve been alerted of a data breach.
Change passwords – Generally, data breaches expose emails and passwords. Once this data is exposed, hackers will attempt to access your other accounts. It’s best practice to change passwords on accounts that use the email that has been exposed in the data breach. Particularly accounts linked to banking and government organisations.
Initiate a fraud alert – If your payment details have been exposed in a cyber breach, it is imperative that initiate a fraud alert with your bank. This notifies your bank that your information has been leaked and to monitor suspicious transactions. In some cases you may need to cancel the affected card altogether. Getting in touch with your bank is best to receive the appropriate financial advice.
Replace your ID – In the case of the Optus and Medibank hacks, it may be best that you organise to replace your ID promptly. Given that things like passports and medicare cards are 100 points of ID, it is in your best interest to replace these to avoid identity theft.
Remain vigilant – One of the worst parts about having your data compromised is that your sensitive information is going to pass through hundreds of cybercriminals’ hands. You could be targeted for days, weeks or even months through dodgy emails, phone calls and event text messages. If you receive anything that seems suspicious after having your data leaked, chances are it probably is suspicious.
Keep these companies accountable
When you trust companies and large corporations with your data, there is an expectation that they will keep your data safe. Unfortunately, this is not always the case. A company’s negligence resulting in a cyber breach can be a nightmare for victims. If you were not notified of a data breach you can report these companies under the notifiable data breach scheme. Similarly, law firms have set up class actions for some of the larger data breaches that have occurred this year.
What can I do to prevent a data breach?
Sometimes there is nothing you can do to prevent your data being leaked from a company you use. However, here are just some of the ways you can soften the blow should this happen to you.
Use multiple, complex passwords – Passwords should be at least 10 characters long, using a combination of uppercase and lowercase letters, numbers and symbols. This is best password practice. It is also equally important that you do not reuse passwords across multiple accounts. Should a password be exposed in a data leak, if that password is unique to the compromised account, hackers should not be able to access your other accounts.
Regularly check for compromises – Websites such as haveibeenpwned.com can help you keep track of data breaches. Whilst there are laws that mandate companies to notify victims of a data breach, this does not always happen. Every so often, you can pop your email into haveibeenpwned.com which will tell you if your email has been compromised in a cyber breach.
Use a credit card with a dynamic CVV – Some banks such as Westpac have a ‘dynamic CVV’ which is a CVV that constantly refreshes. This means that should your credit card information be leaked, the CVV may be different and therefore unable to be used.
Cybersecurity should be at the forefront of businesses and consumers’ minds. Talk to Milnsbridge Managed IT today about our Managed IT Security plans for businesses on 1300 300 293.