The Optus Data Breach: So What Now?

Cybersecurity

Following the recent Optus data breach, potentially millions of Australians have been left exposed to some very real threats. This attack has further highlighted just how exposed we all are, and how no-one is immune from the impact of a data breach such as this.

The personal details that have been leaked such as name, date of birth, home address, phone numbers, email, as well as driver’s license and passport numbers, means that the risk of identity theft has significantly increased for approximately 40% of Australia’s population.

“So what now…?” I hear you ask.

1. Look Out for Signs of Fraud

Over the coming months and even years, it will be important not just for Optus customers but all working Aussies, to pay close attention for any signs of identity fraud. Be sure to keep a careful eye on your email inbox, bank statements and transaction history to spot any irregularities.

Watch out for:

Unexpected emails asking you to confirm purchases or subscriptions you didn’t make.
Unfamiliar banking transactions or direct debits.
A new credit enquiry or loan on your credit report that you didn’t authorise.
Emails or text messages alerting you to account logins from a new device.
Unexpected mail or bills for new accounts you didn’t open.
Your expected mail or email, including bills and statements are not being received.

2. Strong Password Management

So much of our identity is online: social media, online shopping and investment platforms just to name a few. This means one of the first steps you should take is to ensure the passwords for all your online accounts are extremely robust, and NEVER use the same password for multiple on-line accounts. – if this isn’t the case, make sure to update them as soon as possible. (like today!!)

To help with this process there are some effective tools available that can assist you with your password management, checking for duplicate site passwords, and the creation of strong passwords/passphrases.

We highly recommend BitWarden to help businesses with effective password management. If you need assistance in this area, feel free to reach out to us.

3. Setup Multifactor Authentication

Multifactor Authentication or MFA / 2FA, operates by requiring additional verification when a password is entered, such as a fingerprint or a code sent to a trusted device. By adding this extra layer of security, you can prevent access to sensitive systems, networks and data even in cases where passwords have been compromised. In light of today’s cyber threat landscape, MFA is not just a suggestion but a necessity! There are a range of apps you can use to setup MFA on your accounts and many systems have them built in, but for those who haven’t mandated this YET, we recommend you look into using available apps like the Google Authenticator.

4. Protect Your Line of Credit

Knowing that your identity has been ‘stolen’ can be concerning – thankfully there are some powerful tools readily available to us that we can use to protect ourselves.

Enforcing a credit report ban works to prevent the bad guys from requesting new lines of credit. This strategy is a quick and effective way to minimise the risk that identity theft leads to fraudulent credit being taken in your name.

Credit Savvy is a renowned organisation, endorsed by the major banks, whereby members can setup a temporary credit report block in a matter of minutes. With SavvyShield the manual process of requesting a ban is simplified and puts a hold on all credit checks – effectively protecting your Credit Score from damage by anyone trying to impersonate you.

During a ban, a credit reporting body won’t be able to use or disclose any of your information to a credit provider. In the event someone tries to apply for credit under your name, the application will be blocked.

In the past, placing a ban on your credit report was a tedious process. With the Credit Savvy app, the ease of being able to turn on and control the ban makes this a no-brainer, especially if you know or suspect your identity has been compromised, and this service is FREE.

Conclusion

We know Cyber is a major topic that needs to be addressed now more than ever, but in light of recent events, it is obvious the narrative is no longer “how can I PREVENT an attack?” but “How can I MINIMISE the attack?”.

The answer lies in being proactive and putting in place measures now to ensure that when the time does come and you are impacted by a Cyber incident, you are ready to recover quickly and effectively with the least amount of exposure.

Unfortunately, prevention isn’t the option – the only option is minimisation.