A data breach is a security incident in which information, such as usernames, email addresses and passwords, is accessed by unauthorised parties.
The average cost of a data breach to an Australian business is estimated at $3 million, as of 2018-19, per research sponsored by IBM Security and conducted by the Ponemon Institute.
Australia’s leading agency on national cyber security, the Australian Cyber Security Centre (ACSC), says credentials (usernames and passwords) are typically stolen when:
A user is tricked into entering their credentials into a page that mimics the legitimate site
A brute-force (automated trial-and-error) attack on username and password combinations is performed against a service, if it doesn’t prevent such activity
A service is compromised, and credentials are stolen and used to access the system or tested against other sites such as social media and email
A user’s system is compromised by malware designed to steal credentials
Steps to take
It’s important to remain vigilant of potential threats to your data, namely email phishing attempts.
Additionally, we recommend you conduct routine maintenance of your credentials. This includes:
Keeping your passwords and pin codes safe – use a password manager e.g. LastPass and 1Password to ensure you have unique passwords for all your different accounts. This ensures that if one of your accounts is compromised, the others are protected, and the impact is minimised.
Periodically changing your passwords.
Checking the security and privacy settings of all your essential services and make sure they have 2FA/MFA available. This provides an additional layer of security when accessing accounts.
Being aware of the ongoing scams so you know when something is not right (Scam Watch has a great list of ongoing scams in Australia and regularly updated).
How to check your data
https://haveibeenpwned.com/ is an excellent free resource which enables you to check if you have an email account that has been compromised in a data breach of an external party.
The tool will provide background on the details of any previous incident implicating your details. If a case is identified, considering reviewing your various login credentials and updating where possible
As always, if you have any questions, please reach out to myself or one of the PEXA Security team. Additionally, you can now subscribe to updates from PEXA Security. Visit https://community.pexa.com.au/t5/Security/ct-p/Security and click the options button in the top right corner.