Optus Cyber Attack - How to prevent an Optus-like data breach

Preventing An Optus-like Data Breach

Optus Cyber Attack - How to prevent an Optus-like data breach

In light of the recent Optus data breach we thought we’d take a moment to advise those who are not familiar with what has happened, how it relates to your business and what you can do moving forward.

On 22nd October it was disclosed that Optus had suffered a cyber attack, resulting in the unauthorised access to information of over 11 million users.

The impact of this breach is significant not only in the shear number of clients, but the type of information that was accessed. This included dates of birth, names, phone numbers and in some cases, addresses and drivers licence numbers.

Whilst Optus are describing it as a sophisticated attack, government and security experts are claiming that it was an error by the company that left the data accessible online.

The fallout from the breach will affect Optus for a long time, both in customer trust and financially.

Originally the hackers had requested a ransom of $1,000,000 USD paid in the Cryptocurrency Monero. Customer trust in the business has been eroded, with many already moving to alternative carriers.

The Optus Hackers Ransom Demand
The Optus Hackers Ransom Demand

The OAIC (Office of the Australian Information Commissioner) will be engaging Optus to ensure compliance with the Notifiable Data Breaches (NDB) scheme.

Lastly, Law firm Slater and Gordon announced it is investigating a class action lawsuit on behalf of current and former customers involved.

What can you do to prevent data breaches?

  • As an Optus customer, you may have already received notification from them about the best next steps to take, if not, see the media release for the next steps to take.
  • Monitor your accounts for fraudulent activity and be especially wary of unsolicited calls, emails and text messages. Optus will not be providing links on any of their correspondence as criminals are likely to use these as well.
  • If you haven’t done so already, ensure you have two-factor authentication on all possible accounts, including Optus, banking and social media. This will ensure an added layer of protection.
  • Use unique passwords for each of your accounts. Password managers such as LastPass, 1Password and Dashlane are great for this.

How does it relate to your business?

Any company that conducts business either online or uses online services could be the target of an attack. The more sensitive the data, the more valuable the target.

According to the latest OAIC report, the 3 most targeted industries are:

  • Healthcare service providers
  • Finance
  • Legal, account and management services

As we’ve seen from the Optus data breach, the consequences are not just in remediation.

There is the ongoing costs of managing the breach, any fines payable and loss of customer trust.

Cybersecurity Protection With Data Backup And Recovery Services Across Australia By Syntech It
Cybersecurity Prevention For Businesses

What can you do to stop the attacks?

The best thing any business can do, especially those in the top targets, is to harden your security to reduce the incentive of being targeted.

Criminals will typically target those with poor or no security as it enables the fastest turn around for the best reward.

Some items that can be addressed are:

  • Ensuring email accounts a properly protected – As the most common attack vector, it is essential that email security is implemented to prevent the distribution of Phishing emails and viruses which can lead to data harvesting and compromised credentials. This can be achieved through the use of 3rd party services and Two Factor authentication.
  • Implement a dedicated firewall – Replacement of service provider router to a purpose built Firewall gateway to prevent unauthorised access to your network – Service provider routers may have “built in” firewalls and security, but are by no means the best option. By implementing a dedicated firewall to your network, you are ensuring that your systems are hardened with a device that communicates to a global database of known threats and attack vectors and is built for one job, to protect your network.
  • Operating System Patches – By implementing scheduled patch management, you are ensuring that your operating system, whether it be Windows, MacOS or Linux, is protected against known exploits and vulnerabilities. With patch management, you can ensure that these updates are performed at a convenient time so as not to interrupt your business.
  • Managed Antivirus – By implementing a managed anti-virus solution, protection can be provided against “known” and “unknown” threats. Not all systems are equal, with top vendors now introducing sandboxing and Smart AI integrated into the new anti-virus engines enabling systems to detect “zero day” threats and mitigate the damage the may try to cause. By having a managed solution, any alerts can be actioned by a team of specialists, providing advanced detection and remediation.
  • Regular Backups – The backup of important data, software and configurations is critical to the continued running of any business. While many of the “cloud systems” take care of this, chances are most businesses have an application or service that does require the end user to backup.
  • Implement a Business Continuity and Disaster Recovery – In the case of “on-premise” servers, BCDR (Business Continuity and Disaster Recovery) is critical in ensuring that if your server was to become unavailable, either due to Hardware failure, OS corruption or malicious activity, that your recovery time is often minutes, not hours, days or even weeks. Backups should also follow the 3-2-1 rule, 3 copies of the data, in two different locations, with at least one of them offsite. This aids in preventing the accidental or malicious loss of backups. An example of this would be the Datto BCDR device.

The ACSC (Australian Cyber Security Centre) has introduced the “Essential Eight” maturity model designed to assist businesses with implementing proper security services to their business.

The aim is to mitigate the risks associated with customer / patient data.

Syntech It Support Team In Australia And New Zealand
It Experts Consulting Businesses On All Matters Around It Security, Business Continuity And Disaster Recovery

How Syntech IT Can help?

Here at Syntech IT, we recognize the importance of security to all business and have built a range of services aimed at providing protection to mitigate the risks associated with today’s digital workspaces.

Just some of the services we can provider are:

If you’d like more information regarding anything above or about how we can help, please reach out to us.

Continue reading

Purchasing a New Computer (7 Considerations to Make)

Have you ever purchased a new computer only to experience buyer’s remorse a few months later? Perhaps you’ve overlooked the storage capacity and ran out of space. Or you may have ignored memory and experienced frequent lagging and freeze-ups.

Read More »
9 Online Shopping Security Tips for Safer Shopping
Robert Giles

9 Online Shopping Security Tips for Safer Shopping

The holiday shopping season is in full swing. This means that scammers’ engines have also been revved up.

They’re prepared to capitalise on all of those online transactions.

Remember to use caution when shopping online during the holiday season.

A pound of cure is definitely worth an ounce of cybersecurity prevention.

It can also save you from a financial or personal disaster.

Read More »
Optus Cyber Attack - How to prevent an Optus-like data breach
Robert Giles

Preventing An Optus-like Data Breach

In light of the recent Optus data breach we thought we’d take a moment to advise those who are not familiar with what has happened, how it relates to your business and what you can do moving forward.

Read More »

Syntech IT

Need help making sense of your IT?

Here at Syntech IT we try to simplify IT for our clients – but never make it simplistic. Whatever questions or thoughts you have, we'd love to hear it.

Contact Syntech IT
Scroll to Top
Request a Callback Icon

Request a Callback

Simply enter your name and phone number, and one of our team members will contact you shortly to answer any questions you may have.

This is a free service, and your phone number will not be used for marketing.

Mobile numbers are preferred. If entering a landline, please include the area code.
This field is for validation purposes and should be left unchanged.
Please note we'll usually call you back during our business hours from Monday to Friday, 8:30am - 5:30pm (AEST)

Send Quick Message

Your Name
This field is for validation purposes and should be left unchanged.