With many Australian organisations becoming victims of cyber incidents over the recent years, the Australian Cyber Security Centre (ACSC) offered some tips that you can share with your clients when a data breach incident occurs.
Six top tips, according to the ACSC, include:
Direct notifications of a data breach include the type of information potentially breached.
ACSC advised customers to contact the affected organisation or visit the affected organisation's website to look for official announcements and steps to take. Consumers may also use the ASCS's “Have you been hacked?” tool, which tells the steps to take to secure finances, accounts, emails, and other personal information.
Scammers might take advantage of a cyber breach incident by posing as a representative of the affected organisation via email, text, or phone.
“For example, you may receive an email asking you to reset your password because it was compromised. Do not use the links or contact details provided in the message or email. Visit the official website and log in to your account, or call their phone number,” the ACSC said.
ACSC advised customers to change their passwords and review their security settings. If the password has already been compromised in the incident, affected customers must reset their other accounts that use the same password as soon as possible.
Data breach incidents could lead to identity theft. Therefore, ACSC advised customers to visit the website of IDCARE – the national identity support service of Australia and New Zealand – and complete the “Get Help Form,” or call 1800 595 160 to access IDCARE's Identity and Cyber Security Case Managers.
Meanwhile, customers whose identity has been stolen may apply for a Commonwealth Victims' Certificate, which helps support the affected individual's claim that they have been a victim of identity theft and can be used to establish their credentials with governments and financial institutions.
A data breach could impact personal and financial information.
ACSC said: “Contact your bank or financial institution immediately. Follow their guidance on securing your account and freezing any affected accounts or cards.
“If you are not satisfied with the response from your bank, you can seek free advice from the Australian Financial Complaints Authority (AFCA). If you have lost money, do not accept offers from third parties to help you get it back – this is a common tactic used by scammers to steal more money from you.”
ACSC advised customers to continue to check and monitor for unauthorised activity after receiving data breach notifications from the affected organisation.
Red flags include:
“Be aware that if a person accesses your account, they may be able to hide their activity, for example, by permanently deleting messages they sent in your name,” ACSC said.
Last month, Verizon Business's latest Data Breach Investigations Report (DBIR) warned that the frequency and cost of cyberattacks have been alarmingly rising, with over a third of Australian organisations (36%) having experienced a data breach in the recent months.