In 2022 we are online more than ever before, and many services that were previously done in person, such as banking, booking appointments and paying bills, are now completed through websites or mobile applications. As a result, the risk of cyber-attack has never been higher.
In the circumstances surrounding the Medibank and Optus hacks, there is not a lot that current and previous Optus customers could have done to prevent the exposure of their personal data. However, some steps can be taken to minimise the risk of exposing confidential data.
1. Use Antivirus Software
An often-overlooked step antivirus is an essential piece of software that can reduce malware attacks on your system. Once installed, you can let it run in the background, and it will automatically conduct malware scans and removal. Most antivirus can also offer several other features, including scanning removable devices such as USB drives, blocking spam websites and advertisements and detecting spyware.
While paid 3rd party antivirus software such as Bitdefender and McAfee can achieve the best results by activating and using Microsoft Security features, you can still get a fundamental level of protection. For Business, Microsoft 365 Defender is also a great choice to detect, manage and remove cyber security threats from your devices.
2. Protect your devices with strong passwords
It is good practice to password-protect your digital devices, including computers, tablets, and mobile devices, through strong, unique passwords. These devices can hold some of your most personal information as they now have access to everything from email accounts, social media accounts, banking apps, and an assortment of other information. If these devices fall into the wrong hands, a strong password will make it harder to access your device.
When creating your passwords, use a mix of symbols, numbers, and letters. Don’t use easy-to-guess passwords such as ‘123456’ or ’password’ or include information such as your birthdate or home address. This may sound like common knowledge, but research suggests that there is still a worrying amount of people using these easy-to-guess passwords. Make sure to use different passwords for different accounts. If you use the same password across multiple accounts and a hacker gains access to one account, it may compromise many others.
3. Set-up Two Factor Authentication on your Accounts
In addition to using strong passwords, two-factor authentication further improves your security. In a worst-case scenario, where your login details are compromised, a potential hacker will be blocked from accessing your data as they will still need to use an additional authentication method.
Many financial applications, online accounts and government logins now have two-factor authentication as standard or have the option to activate it. You can either get your authentication code via an app such as Google Authenticator, which creates time-based codes that renew every few seconds, gain a code via an email or get an SMS code directly to your mobile.
4. Learn to identify and avoid phishing scams
According to the ACCC (Australian Competition & Consumer Commission), Phishing scams are ‘attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.’
These scams often pass off as legitimate businesses such as internet service providers, banks, or energy companies and try to gain your personal data by asking to confirm your details, login to your account or alert you to ‘unauthorised or suspicious activity on your account.’
As a rule, it is a good idea to never open emails from people you don’t know, and don’t download email attachments without knowing what they are. Never give out personal information when contacted by a business, bank or other entity and make sure your email spam filters detect phishing attempts.
Phishing scams may also appear as fraudulent websites, disguised to look the same as a legitimate website such as a bank, government agency or online shop. These are designed to gain your information, such as credit card information, login details, and personal addresses. Before you enter any personal data onto a website, be sure to check that it is legitimate. Signs of a legitimate website are an SSL certificate, a padlock icon, a green bar, or HTTPS at the beginning of the URL. Never enter personal information into a website accessed via a suspicious link from an email, SMS or social media message.
5. Setup alerts through your bank
Fraud alerts can be set up through your online bank account through emails, text messages or a phone call if your bank suspects suspicious activity may have occurred on your account.
Some banks, such as Commonwealth bank, also allow you to temporarily lock the use of credit cards if they have been lost to stop unauthorised use of your account. These measures have the ability not just to protect you against fraud but to save you money as well.
6. Follow the news to learn about data breaches.
As we have found in recent months, hackers don’t just target individuals. One of the ways your data can be compromised is when it is handled by a 3d party that becomes the target of a cyber-attack. Like the situation with Optus and Medibank, hackers will also try and often succeed in infiltrating businesses, government agencies, higher education institutions, health care facilities and any other organisations that gather personal or sensitive information.
When an organisation is subject to a data breach, they are legally required under the Privacy Act 1988 to notify affected individuals and the OAIC (Office of the Australian Information Commissioner). However, these situations can change rapidly, as seen with Medibank; initially, it was not known that personal medical history had been compromised. However, as the story developed, it was revealed that all customer personal data had been compromised. This is an example of why it is essential to keep informed about data breaches that may affect you, so you can be prepared to update or change any personal information or passwords asap.
To see the latest alerts, you can follow the ACSC (Australian Cyber Security Centre) on Facebook and Twitter, check out their alerts page on the website and sign up for email alerts.
7. Keep your devices and software updated.
Hackers will often try to exploit flaws in software and operating systems. They are looking for vulnerabilities they can use to insert malicious code. Microsoft and Apple regularly update operating systems with security patches, closing these vulnerabilities as they are found. Keeping your operating system and software up to date reduces how a hacker can access your device. As a best practice, updates should be applied within two weeks of release or 48 hours if a security exploit exists.
8. Use the GDPR (General Data Protection Regulation) to your advantage.
Many companies operating outside of Australian borders or with customers within the European Union must follow the GDPR. As a result, you may be able to get international companies such as Apple and Microsoft to delete your personal data based on this compliance. Be prepared for rejection however, as European Union laws do not apply to Australian Citizens, and companies can deny your request on this basis.
Not all security breaches can be prevented but taking steps to avoid violations and cyber-attacks can reduce the chances of them occurring and better protect your personal data in the long run, potentially saving you from the stressful or costly consequences of a cyber-attack.
At GCIT, we are specialists in providing Cyber Security services to numerous businesses across Queensland and New South Wales. Our Award-winning cybersecurity experts can take the stress out of IT Security and make sure your data is secure.
Contact GCIT to find out how we can help your Business protect against cyberattacks.