Data breach: Your guide to dealing with lost or stolen data

Rachel Smith interviews Nick McKenzie from cyber security firm Bugcrowd for Real Home and Contents Insurance.

We’ve all received a dodgy text, deleted a phishing email or answered a phone call from a scammer. In fact, Scamwatch estimates that Australians may have lost up to $4 billion to scams in 2022. Recent high-profile data breaches also have many of us on high alert.

So, could we do better when it comes to protecting our data? Experts say yes.

Data security is often an afterthought for many of us, says Nick McKenzie from cyber security firm Bugcrowd. “We use controls such as password management and multi-factor authentication, but tightening the hatches around the data itself can be just as important.”

What data security issues are we most concerned about?

The Office of the Australian Information Commissioner (OAIC) ran an Australian Community Attitudes to Privacy Survey in 2020 – and 70% of people said data security was a ‘major concern’ in their lives, with most worries around data security, breaches, identity theft and fraud.

It can be distressing to find out your details have been compromised, says Commissioner Angelene Falk. “Think about the damage that can be caused by identity theft, the time spent to re-establish [your] identity, the financial hardship and the anxiety that can flow,” she adds.

How do you know your details have been compromised?

Usually, you’ll be told that your data has been compromised – either by the organisation who’s suffered the data breach, or an agency related to them. Or, you may notice weird things happening, says Nick.

“You might spot odd usage of accounts that have been compromised,” he says. “Or you might receive strange notifications in your email about a change or action that has been taken that you need to validate, when you haven’t actually requested any change.”

Other signs your data has been hacked though could include:

• Your friends get messages via social media that you didn’t send.
• Your mouse moves between programs and makes selections you’re not making.
• Your online password to something isn’t working.
• You see frequent, random pop-ups.
• You get a ransomware message or fake antivirus message.
• Your online account is missing funds.
• You’re notified by someone that you’ve been hacked.

Bottom line: if it happens to you, it’s important to act fast.

If you’ve been told by the organisation that experienced the data breach, you can contact them or the agency to find out what information was involved, says the OAIC. Start keeping records of everyone you speak to and every action you take from this point.

Nick mentions that there are other steps to take:

1. Contact your bank or lender immediately: If you’ve given personal details to a scammer, contact IDCARE right away. Also, report scams to Scamwatch.
2. Change your passwords: Especially for the organisation where your account or data is being held, and as an extra measure, change your online banking passwords and PINs so it’s harder for someone to access your accounts.
3. Adopt extra security measures: Wherever possible, use strengthening password controls such as multi-factor authorisation (MFA).
4. Check your bank statements: Flag any purchases you don’t recognise and report them immediately to your bank.
5. Protect against further fraud: Ask if the company that got breached is offering online fraud protection, which will help detect and prevent further fraud misuse across any information stolen.
6. Check your credit report: Look for unauthorised loans or applications being taken out under your name and request a ban on your report if you suspect fraud.
7. Steps for identity fraud: If identity documents have been compromised, contact the agency that issued the document. If your tax file number was stolen, ring the ATO.

4 tips for protecting your data in the future

When it comes to data security, protection and prevention is key.  Here’s how to lock yours down going forward.

1. Don’t use the same password for everything: It’s a common mistake and one that’s easy to improve on.
2. Have a data inventory – keep a list: “You want to understand where all your data exists, and which third parties have been granted access to your data, or which data you’ve provided to them,” says Nick.
3. Practise good cyber hygiene: If you no longer need a service, ask to delete your data from the company’s database (known as data purging). Be stingy with what you sign up for. “Less of your data out there means less access to it and fewer opportunities to attack it,” says Nick.
4. Back-up and test: Backing up your computer is essential so there’s a way to restore your data if you do come under attack. But test this process, so that you are familiar with the steps required.

Steps to backing up your computer

1. Determine what you want to back up: Before starting the backup process, you should identify the files and data that you want to back up. This can include documents, photos, videos, music, email, and other important data.
2. Choose a backup method: There are various backup methods, including external hard drives, cloud storage, or network attached storage (NAS). You can choose one or a combination of these methods to ensure that your data is safely backed up.
3. Select backup software: To make the backup process easier and more efficient, you can choose a backup software that automates the process. There are many backup software options available, such as Acronis True Image, Carbonite, and EaseUS Todo Backup.
4. Create a backup schedule: To ensure that your data is always backed up, you should create a backup schedule. This can be done using backup software or manually. You should choose a backup frequency that works best for you, whether it’s daily, weekly, or monthly.
5. Perform the backup: Once you have chosen your backup method, software, and schedule, you can perform the backup. Depending on the backup method and software you choose, the process may vary. However, the general steps involve connecting the backup device, selecting the files to be backed up, and initiating the backup process.
6. Verify the backup: After the backup is complete, you should verify that your data has been backed up correctly. This can involve checking the backup device to ensure that the data is present and accessible.
7. Store the backup device securely: Finally, you should store the backup device in a secure location, such as a fireproof safe or offsite location, to ensure that it is protected from theft, damage, or other risks.

Having insurance policies in place can be important when setting up good financial practices. Consider talking to us about how we can help.