The notifiable data breaches scheme started in Australia on 22 February 2018.
By the end of March, 63 breaches were recorded, 55 in March alone. The top industry sectors that experienced breaches were health; legal; and accounting & finance. While 28 breaches were malicious or criminal attacks, a staggering 32 were caused by human error.
Cybercrime has generated its own lexicon with terms like phishing, whaling and pharming. Phishing emails, used by criminals to steal financial details, have become increasingly sophisticated since they were first observed in 2003. While some emails are obvious, because of poor grammar or misspelt words, others appear legitimate, using corporate logos and links to genuine-looking websites.
Whaling attacks are more difficult to detect than phishing because they are highly personalised and sent to specific, high-level targets.
In pharming attacks, criminals hijack websites’ domain name system servers, redirecting users to imposter sites, where people unwittingly enter usernames and passwords, which criminals capture.
To improve your organisation’s resilience to threats it is important all staff are aware of online risks and educated on the importance of not providing confidential information by clicking on links or responding to email messages or via verbal conversations.
Here are some basic things you can do to protect your business:
• Never click: Don’t open links or attachments if a message is very appealing or threatens you to take suggested actions.
• Confirm directly: If you’re suspicious about a message, contact the sender direct to confirm they sent the message, but never use contact details provided in the email.
• Spam filter: Use a spam filter to block deceptive messages.
• Check email addresses: If an email appears to be from a known person, click on the address to ensure it’s not hiding a false address.
• Awareness: Financial institutions and large organisations never send links requesting confidential business or financial details. Search using names or exact wording of the email message to find references to scams – many scams are identified this way.
• Confirm website security: Look for the secure symbol. Genuine websites are usually encrypted to protect your details. A secure website can be identified by:
– use of https: rather than http: at the start of the address
– a closed padlock or unbroken key icon in your browser window.
• Do not provide sensitive information: If you receive a call purporting to be from a bank or other organisation, do not provide personal or credit card details or sensitive corporate information, including names and contact details of key personnel. Request the caller’s name and contact number and conduct an independent check with the organisation before you ring back.
To discuss your risk management and insurance requirements, please contact: