Cybercrime on the rise just ask Optus: Tips for Small Businesses
Introduction
In what could be Australia's most serious privacy breach, Optus has been revealed to have left the door open for sensitive data to be stolen. Almost 10 million customers were affected in the breach, which has already seen opportunistic scammers cashing in on the confusion.
The government has called the breach "unprecedented" and blamed Optus, saying it "effectively left the window open" for sensitive data to be stolen. Clare O'Neil, Cyber Security Minister, said Australia was "probably a decade behind" other countries in terms of cybersecurity. She pointed to two areas in need of urgent reform: stronger penalties for companies that lose customer data and expanded cybersecurity laws that include telecommunications companies.
This blog discusses how companies can take steps to protect consumer data, including implementing security measures and training employees. Employees need to be aware of phishing attacks and should be educated to be cautious about any emails that request personal information.
It is also important to keep your computer up to date with the latest security patches. The blog also highlights the importance of encrypting data at rest and using strong passwords and multi-factor authentication. Reviewing and updating these security measures can help companies prevent major data breaches.
Classification of data for information security
Data classification is the process of organizing data into categories according to its sensitivity and importance. This helps organizations protect sensitive data by implementing the best practice security measures. There are three general classifications for data: public, confidential, and secret.
Public data is information that is available to the public. This includes things like company names, contact information, and product catalogues. With the shift in consumer sentiment, many people now consider personal contact information to be sensitive or secret. Company’s need to keep up with the changes in consumer sentiment and think about how to classify their data.
Confidential data is information that should not be accessed by unauthorized individuals. This would include things like customer records, employee records, and financial reports. Secret data is the most sensitive information an organization has, and it should only be accessed by authorized individuals. This would include things like passwords, credit card numbers, and social security numbers.
The changes in consumer sentiment towards what is sensitive information means that companies need to be reviewing their data classification on a regular basis. Classification changes should not only happen when there's a major change in consumer sentiment but also if there are changes in business operations which could affect how you handle sensitive information like credit card numbers
The need for data classification has never been more critical than it is now. With more businesses moving online, and organizations collecting digital data like never before the importance can't be understated enough that proper precautions are taken in order protect information from unauthorized access.
Protecting sensitive and confidential information
When it comes to sensitive information, companies can take several steps to ensure that the data is properly protected. This includes implementing security measures like firewalls and encryption, as well as training employees on how to handle sensitive information.
Employees need to be aware what is sensitive information and the importance of protecting this data, and they should be educated on how to spot a phishing attack. Phishing attack are one of the most common ways that hackers gain access to information.
Employees need to be cautious about any emails that request personal information, and they should never reply to an email that asks for sensitive and confidential data unless they are sure that the email is legitimate.
Another common way for hackers to gain access to data is through malware. Malware is software that is designed to steal information from a computer. It can be disguised as an innocent looking file or program, but when installed on a computer it can allow hackers access to everything on the device. Like phishing attacks these files can be added as attachments to emails, URL links in emails or USB storage devices.
Installing anti-virus software and keeping it up to date is one of the best ways to protect your computer from malware. You should also make sure that you have a firewall enabled and that your browser, software, and computer operating system are up to date. It is important to keep your operating system and software up to date as many of the latest updates include security patches that help protect your computer from malware and other online threats. Many of these updates will happen when your device is idle so leaving computers locked but running overnight is important on a regular basis.
Encryption at rest
There are two main types of encryptions at rest: disk encryption and file encryption. Disk encryption encrypts the entire hard drive, while file encryption encrypts specific files or folders.
As the cost of computer power continues to decrease, it is now more practical than ever before for encryption at rest of the entire disk drive of your device. This protects your information no matter what classification by locking down data while stored on the device - helping ensure that if someone steals or breaches one these devices, they won't be able read what was stolen from them.
Many PC and even mobile phones now come with the choice to encrypt all data on the device. There is a risk that is a password to access the device is lost then it will be impossible to access the devices data through any means.
Reviewing and updating encryption practices can help organisations stay ahead of the game and prevent major data breaches.
Password and Multi-Factor Authentication (MFA)
I am sure you have heard this before but to be on the safe side, make sure you create strong passwords and never use the same password for more than one account. The current thinking says that a longer 16-plus character password will keep your accounts safer than an 8-character password changed regularly. Current thinking may change and like all things cybersecurity it is necessary to stay on top of current best practices.
A password manager can help with managing many passwords, as it allows you to have unique and secure passwords for all your accounts without having to remember them all.
Multi-factor authentication is an extra layer of security that is used to protect a device or account from being accessed by unauthorized users. It requires the user to provide more than one piece of evidence bedside the password in order to prove their identity and gain access. This can be done by providing a password and a code that is sent to a mobile phone, or by using a fingerprint or by a code generated by an authenticate app (available on app stores for free). Multi-factor authentication is especially important for accounts that contain sensitive information, such as bank accounts and credit card details.
Conclusion
The Optus cyber incident serves as a reminder for all businesses to stay on top of their cybersecurity measures, especially as more and more organisations are collecting data that customers may classify as sensitive and secret. Taking the necessary steps to protect consumer data is now an essential part of business operations.
To protect consumer data, companies need to take a number of steps, including implementing security measures, training employees on how to handle sensitive information, and installing anti-virus software. Employees also need to be aware of the dangers of phishing attacks and should make sure their computer is up to date with the latest security patches.
Additionally, encryption at rest should be implemented to protect data if stolen due to a device being breached. Finally, strong passwords should be created, and multi-factor authentication implemented and never used for more than one account. Staying vigilant and constantly reviewing and updating security measures can help prevent major data breaches.