Are you the next Optus? Don’t be a data breach villain
The Optus data breach has highlighted to the general public the importance of cybersecurity blah blah blah “here he goes again talking about cybersecurity…”
Yes, I am. With a cybersecurity attack occurring every 39 seconds, we need to continue to talk about this because have you considered what data you hold on your customers?
However, I’m not discussing this breach with you as the victim. Instead, I want to highlight some questions about how you stop your business from appearing like the villain. Don’t be the next Optus.
Here are some questions you need to ask yourself.
Cybersecurity and your data
- What data do we hold on our customers?
- Is it Personal Identifiable Information (PII)?
- Do I need to have all of that data?
- When was the last time I cleaned the data and removed old customers?
Now I doubt you hold 11 million records of PII, but you may store confidential information such as:
- Financial records
- Payment details
Action: You should perform an audit of your customer data
Cybersecurity and your systems
Which systems store your customers’ data? Are they in:
- CRM packages
- Accounting systems
- File sharing systems
- Your website
With these systems in mind, ask yourself:
- Are there ways you can better secure these systems? Using Multi-factor authentication is one example.
- When was the last time your systems underwent a security check? If you can’t remember, then it’s already been too long.
- Are we running the latest version of the software/system? Older versions tend to have security issues patched in new versions.
- Have you performed a penetration test to see how secure your systems are?
Action: You should perform an audit of your systems and their security
Cybersecurity and your people
- Have you informed your IT team that staff have departed?
- Are there accounts still have access to your system that should have been deactivated?
- Are there accounts with more access than required?
- Have you trained your staff to be vigilant against cybersecurity attacks and tested them?
Action: Remove access and train your staff
Cybersecurity and your partners
You may pass customer or client information to your suppliers, or you may grant your suppliers access to your systems.
- Are you aware of your suppliers’ security standards?
- Do they protect their data and systems that meet your standards?
- What would their answers be to all of these questions?
Action: Audit your partners and suppliers and ensure they are doing the right thing by you
Imagine what your data breach would look like
Have you considered what would happen if you suffered a data breach and a bad actor leaked this information?
Please remember that there is data breach legislation in Australia. You are required to inform the government when a data breach occurs.
Don’t hope that you won’t suffer a data breach. Instead, consider the thought that you already have a bad actor in your systems. Now, hopefully, you will answer yes to the following question.
Have I done everything possible to reduce the amount of data leaked (and damage) if a hacker was in my IT systems?
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.