If you get notified that your personal information has been compromised in a data breach, the actions you need to take will depend on the details you think or know have been disclosed. And while you can’t control how well an organisation protects your data, there are things you can do to minimise or protect against the fallout of a breach.
How can I secure my own devices?
Hacking big corporations’ data systems isn’t the only way cybercriminals operate – your own devices are vulnerable, too. There are at least three things you can do to protect yourself.
- Keep your devices updated
Software updates feature security upgrades that fix glitches or weaknesses in operating systems or apps that make it easier for cybercriminals to get hacking. As well as regularly checking for – and installing – updates for apps and programs, you can enable automatic software updates for your phone and computers.
- Use security software
Install up-to-date anti-virus software on every device that you use to access your emails. This can help to protect you and your personal information if you happen to click on a suspicious link.
- Switch passwords for passphrases
Using four or more random words, passphrases are often easier for you to remember than intricate passwords, but harder for the hackers to crack. So use a passphrase instead of a password whenever you can, choosing four unpredictable words that take up at least 14 characters in total, making sure to use unique ones for each of your accounts.
5 things to do if you experience a cyberattack
1. Be extra vigilant about scams
Knowing how to spot a scam can be tricky business. If you’ve had an experience whereby your name and contact details have been involved in a data breach, take extra care. The Australian Competition & Consumer Commission’s (ACCC) Scamwatch has provided information about scams specific to the Optus data breach but is also applicable to most data breaches. The ACCC advises to never share personal information with anyone who calls you claiming to be from an agency or organisation, and don’t open attachments or click on links in unsolicited emails and messages. Even your own bank would have advised you to never interact with your accounts in that way.
2. Contact government agencies
If you’re informed that any of your government-issued identity document information, like your Medicare card, driver licence or passport number, has been used or breached, contact the agency that issued the document for advice around next steps or any action you need to take.
3. Change your passwords
This is particularly important for your email and online banking accounts – and change your banking PIN number, too. Consider also changing your password for other online accounts such as social media or membership accounts. And as well as making sure your new passwords don’t double up across accounts, make them strong – ideally a mix of numbers, symbols, capital letters and lowercase letters.
4. Contact your bank
Let your bank know you’ve been affected by a data breach so they can put extra security measures in place to help protect your funds. And keep an eye on your accounts, checking regularly for any unusual transactions.
5. Check your credit report
You can request a free copy of your credit report from all three credit-reporting bodies. Check if the report contains any unusual or false credit applications, debts or loans. You can even request a temporary ban on your credit report which ensures unauthorised loans or applications for credit can’t be made in your name for a certain period of time.