This is the first in a series of articles regarding scams, cybersecurity and securing your information in an increasingly digital world. Yes, the Optus data leak has just happened at the time I wrote this article, but this wasn’t the purpose of this article – this article was coming anyway.
If your data has been compromised – through his latest Optus hack or through any other way – here are some steps that I recommend that you should follow.
I cannot reiterate enough the importance of acting fast, and being proactive. It is vital that you take action, and also keep records of all steps that you take – hopefully you never have to refer back to any of this but it can be vitally important if you do have to do something.
- Use this as a prompt to change all your passwords – almost everyone I know is lazy with passwords, even those that should know better. You need to change your passwords and you need to make sure that you come up with passwords that are secure. Further, you need to become a person that regularly updates their passwords
- Set up 2 factor (2FA), or multi factor authentication (MFA) – It’s also time to make sure that you have set up MFA across the board for all of your important accounts. This added layer of security helps keep your accounts safer
- Where possible make sure you use an authenticator app, not text-based authentication – Text based MFA is an inferior product. Where possible you need to set up MFA with an app based solution. Google’s Authenticator app is the most popular. This lessens your risk of losing access to your phone number if someone ports away your phone number or spooks your sim card – both common ways to bypass 2FA or MFA. This becomes easier if the rest of your data has been compromised. If your bank doesn’t offer non text based MFA options, it might be time to consider switching banks.
- Notify your bank and other financial institutions – If you are concerned that your ID may have been compromised you need to be proactive in making sure that others know – and make appropriate notes. You should contact your banks and other financial providers and let them know that your data has been compromised. At the very least you want them to have a note on file in case something does go wrong.
- Check your credit file – There are 3 main credit reporting companies in Australia. You should check your credit files regularly to make sure no one is applying for credit in your name. It is possible to put a block on your credit file to stop anyone applying for credit using your details. If you have no plan to borrow money or seek credit anywhere else, it might be a goo idea to take advantage of one of these blocks.
- Consider a new phone number and email address – If you really want to take your security to the next level, you may want to consider a new phone number for any MFA requirements and you may want to look at setting up a new email address that you use purely for accounts with financial institutions and service providers.
- Consider a new passport and drivers licence (with new numbers) – You may also decide to look at applying for a new passport or drivers licence to stem the possibilities of your data being used inappropriately. (It’s harder to get a new drivers licence in Victoria unless you have actually been a victim of fraud.)
Here are some other things you need to consider.
You may see an increase in scam emails and scam calls if your phone number or email address have been compromised. You need to be vigilant and sceptical of every call and email you receive for a while. Don’t click on links and don’t automatically trust people calling you over the phone – verify everything by contacting the company that is allegedly contacting you directly first – this could include financial institutions, service providers or the ATO.
And finally, it is perfectly natural to feel anxious and angry if you have been subjected to your data being leaked. If you are feeling anxious, please seek support. This could be through family and friends, your doctor or calling through to a service like Lifeline on 131114.
If you have any questions about what you have read here, or you just want to chat about this hack and what it might mean for you, please don’t hesitate to get in touch.