Australians love their smart devices. But these handheld gadgets leave us vulnerable to those wanting to steal our information – known as a data breach. PROTECT+ Cyber security Work Integrated Learning student from Curtin University, Sam Snowden explains the risk of a data breach and shares four tips to manage a breach and protect your data.
The rise of data breaches
More than 65% of reported data breaches in the first half of 2021 were driven by malicious or criminal intent. During that same time period, data breaches arising from ransomware incidents increased by 24%. That’s a huge demand for our personal information – and that’s in just six months. In a world where we’re all extremely online, data is currency so keeping ahead of the enemy is critical to protecting you and your loved ones from a potentially malicious cyber attack.
Here are my top insights about data breaches and how to protect your information should the worst happen.
RELATED CONTENT: Cyber hygiene: 4 easy tips to keep your data safe
What is a data breach?
A data breach is an umbrella term for any time that there is an unintended release of confidential data. The Office of the Australian Information Commissioner (OAIC) says: “A data breach happens when personal information is accessed, disclosed without authorisation or is lost.”
Legally, businesses must alert you if your information has been stolen and/or could cause you “serious harm”, which includes stolen payment details (financial harm) or information that could be used to commit identity theft. We strongly recommend to any new customer that they familiarise themselves with the OAIC’s reporting requirements to ensure they know how to respond when a breach happens. The broad definition means that things like video recordings of people playing video games such as Just Dance also count as breaches.
RELATED CONTENT: 8 cloud security tips to keep your data safe in the cloud
What data is stolen in a breach?
Depending on the situation, almost any piece of data can be hacked in a breach. Even more nerve-wracking is that during a breach a company may not know exactly what information has been compromised. The OAIC says contact information remains the most common type of personal information involved in data breaches, but deliberate attacks could also target usernames, passwords or payment data.
Malicious activity, like scam calls which are almost a daily occurrence now, can lead to breaches if you’re not careful enough. As smaller-scale data breaches are common, it can be hard to track whether you’ve been affected. Those potentially affected by a breach can check their details on the Have I Been Pwned website, which (safely) scours known data breaches and alerts you if it finds a match.
RELATED CONTENT: 4 tips for safe online shopping this holiday season
I’ve had a data breach! What do I do?
If you find out you have definitely been affected by a breach, here are four actions you can take to assess and manage the breach and avoid future attacks.
1. Change your passwords
Assess the situation and check specifically what data was exposed. While the report may say the breach didn’t affect your password, it’s still a good idea to either check your passwords to make sure they are strong or change them to make the account more secure. Even just your email address being leaked greatly increases the chances of your account being attacked or leading to further vulnerabilities.
2. Sniff out suspicious activity
Check your login history on affected accounts for any suspicious activity.
3. Get two-step security
Take advantage of multi-factor authentication (MFA). If your password is leaked, this two-step process will often prevent unauthorised access.
4. Remove the account
If possible, consider deleting/deactivating the account to remove the option of the account being hacked.
RELATED CONTENT: What is the most secure Multi-Factor Authentication method?
Head to our website to read more insights on cyber security and how to protect your data. Or get in touch with our team of experts at PROTECT+ for tailored recommendations to protect your crucial business assets against cyber threats.