Risks from the huge data breach go far beyond the people directly compromised, your business may need to take further security measures.
The huge hack into Optus customer details in late September, is as already reported in many media outlets, the largest hack of customer data in Australia’s history. Beyond the personal impact for many people, what are the potential impacts for business?
The Optus attack has much more potential that other recent data hacks to cause damage due to the nature of the information that has been secured. Optus has admitted that names, dates of birth, phone numbers, email addresses and in some cases addresses, driver’s licence or passport numbers were compromised.
So whilst at first glance it may seem like the impacts are felt only at a personal level, this will inevitably flow through to business. When hacks like this happen, the hackers don’t just stop with trying to access your personal information – they use this information to try and access your business information. It is likely that cyber criminals would have been ready as soon as they got into the Optus system.
These are some of the scenarios hackers run through,
- They will run the names through a database like the ABR (Australian Business Register) or ABN, trying to find matches for business owners.
- Once they know that somebody’s an owner of a business and if they have their licence, passport and/or medicare information, they have everything they need and it becomes very easy to come up with some plot to get you to click on anything.
- Often when people click, the fraudsters can get complete access to the business’ system via malicious software.
- The hackers can then get into the communication that business has with other businesses and target them too. The hackers could gain access to the emails of small businesses with minimal cyber security, and set up scams from there. This can include trying to intercept the email traffic between say, a larger customer and the smaller organisation that they’ve just got into, and then try to intercept & redirect payments between those companies by changing the payment details on an invoice or by changing the bank account details in an email. These unfortunate events do happen already on an all-to-regular basis.
Ways to strengthen the security of your systems and help stop cyber criminals attacking your systems include:
- Calling the company in question to personally double check & confirm any bank account detail changes.
- Ensure that any new supplier is personally checked to ensure validity.
- Ensure 2-factor authentication has been set up wherever appropriate when logging into online tools.
- Change all your passwords and ensure you have an appropriate method of storing passwords and also creating complex passwords( for example using a 3rd party tool like LastPass).
- Ensure your email system has appropriate virus checking and spam controls in place.
The most important thing for individuals and business owners is to always be mindful that we are living in a digital economy and that being careful with the financial details of your business, your clients, your suppliers & your employees is good for everyone’s business!