Data breaches are a recurring theme in this day and age. Equifax, Uber, Facebook and Cambridge Analytica are just some of the big names in the media for data breaches over the past 12 months – and these companies alone lost the personal information of more than 150 million users.
To introduce more protection for individuals’ privacy, the Australian Government introduced the Notifiable Data Breaches Scheme in February 2018. There are now disclosure requirements and financial penalties for organisations regulated under the Privacy Act 1988 if they have an ‘eligible data breach’ (where there was unauthorised access to, disclosure of, or loss of personal information, likely to result in serious harm, where the organisation has not been able to prevent the risk). There were 31 notified data breaches in the first three weeks of the legislation being in effect.
Whilst this is a wake-up call for businesses to implement better protection of their customers’ data, there are still vital steps for you to take as an individual to protect your personal information.
How cyber fraud happens
Online scams are big business for cyber criminals.
In 2015 Australians lost $229 million to scams. Nearly 40 percent of scam approaches occurred through email, over the internet or through a social network platform and accounted for 44 percent of losses.
Source: Stay Smart Online
The most common attacks are phishing/social engineering. This is where cyber criminals embed software viruses (malware or ransomware) in email/website links or attachments that can then infect and lock files. Sometimes, a ransom will be requested in order for the files to be unlocked.
Data breaches can result in personal information (email addresses, passwords, identity reference numbers) being sold on the dark web. Depending on the information exposed, this could enable people to create a false identity using your details, and obtain financial loans, credit cards, or open bank accounts.
How cyber fraud can be avoided
- Don’t click on links or attachments in suspicious or unsolicited emails/social media messages
- Don’t keep sensitive personal data on unsecured USB sticks
- Don’t use the same password across multiple accounts – always use a different password for every online service
- Password-protect your computers and laptops
- Encrypt and back up your hard drives
- Use multi-factor authentication on your accounts wherever it is offered as an option
- Read the fine print when signing up – who gets access to your data
- Be careful signing up to mobile apps that ‘Use your Facebook login’ (this can give the application full access to your Facebook account).
Ask yourself these questions before handing details over: What information am I giving out? Can I be identified with this? Who am I giving it to? Is it a trusted organisation? Why am I giving it away – is it really necessary?
How you can report and recover from cyber fraud
You can check if your email account has been compromised on Have I been pwned?.
You can Google yourself and delete unused public accounts.
Go into Security/Settings on your apps and check to see which accounts are connected to your personal profile, and check which information is public/private.
If you start to experience suspicious activity on your online accounts or with financial institutions, contact IDCARE. A not-for-profit organisation, IDCARE provides support free-of-charge to members of the community.