So you’re an Optus customer…
How worried should you be? Well, worried, but so should everyone be – Optus customer or not.
What are the potential risks if your personal details have been stolen?
If someone has your name, address, email address, phone number, date of birth, drivers license, there are all kinds of potential scams the thief can pursue:
- create new accounts in your name
- buy goods and services in your name
- transfer your mobile phone number to gain access to password resets
- gain access to your bank account.
The Optus breach has made headlines around the world because its large and very high profile. But the theft of personal data in this breach is a drop in the bucket. Data breaches happen every day: from websites that are not secure, from badly protected networks ranging from local stores to government departments, from malicious attacks. Nearly all of them don’t make the news, but the personal data of millions of Australians is exposed every year. The Optus breach is a timely reminder that cyber crime is as real as the road toll: there are real consequences, and real people are impacted.
Are we helpless in the face of constant cyber crime?
Of course if your data is already stolen, you can no more un-expose it than you can put toothpaste back into the tube. You have to deal with the fall out. How? Be alert for unusual activity on any accounts you own. Here are a few examples I have seen from victims of identity theft:
- a new login or change of password on your Netflix account
- a letter notifying you your new credit card has been approved
- unusual activity on your bank account.
- notification your new Internet account has been setup
- your phone suddenly doesn’t work
What practical action can you take as an individual or a company?
Don’t share personal information unless you know where it will be stored, how it will be used, and what the security is of the organisation holding it. That might sound like a tall order, but its a matter of being suspicious, selective and asking questions. Here are some examples:
Don’t hand over your contact details unless you need to. A store asks for your email address to send you a receipt – why do you need that store to have your email address in their database? Say no.
Don’t allow your identity documents to be scanned. A club wants to scan your drivers license (which has name, date of birth, address, license number – enough to steal your identity). Hmmm… easy to scan it but how is that club storing, securing, using your data? You can say no.
Don’t email copies of your private data (passport, drivers license), upload them another way. Confirm any such data you provide will be permanently destroyed once it is no longer required. eg: a hotel can legitimately take a copy of your passport, but they have to have a way to permanently destroy this data when your visit is over. Guess what: there are many breaches where this data stored by hotels has been leaked.
Don’t respond to email or text message or phone requests for you to pay something, update credit card details, change your password, or confirm your login. These are ALWAYS scams. If you think a message you received asking for one of these things looks like it might be legitimate, then separately contact that company (not by clicking a link in the message) and confirm if there is anything real about the request.
Be proactive – get FooForce on-board to work for you. We will:
- Take your security seriously: you can’t become secure after an attack, you need to plan for it and put in place the controls that will stop an attack happening before damage is done. Yes, it is possible to improve security and seriously reduce your risk of attack, but it doesn’t happen by accident.
- Train your staff. The best protection from cyber crime is a high level of awareness. Every company should have an active, regular program of cyber security awareness training.
- Monitor all your staff for potential identity theft. We will scan the dark web for evidence of data breaches that may affect your staff, and warn you.