optus. who dunnit?
optus’ cybersecurity breach. where did it all go so wrong?
(⏱️ 5 minute read time)
No doubt you’ve heard about the Optus cybersecurity breach. But maybe you’ve forgotten?
With all the headlines and fear mongering, it’s hard to make sense of what we can actually learn from their mistakes.
let us break it down for you.
Optus’ biggest failings were that they:
❌ didn’t have cybersecurity and information management practices appropriate for an organisation of their size and nature
❌ collected data from customers that they didn’t actually need to provide their products and services
❌ kept customer data for longer than they needed to
There’s a certain literacy around privacy and cybersecurity that a lot of us don’t have. It can seem so daunting that we often bury our heads in the sand, not knowing where to start.
But there are so many reasons why we just can’t. Interruptions to BAU operations. Stakeholder confidence. Exclusions in insurance policies. Potential personal liability of directors. The expenses that come with the clean-up. The list goes on.
so, where should you start? here’s some law-hanging fruit.
✅ Take stock. Map out what data you actually need to collect from customers to provide your products/services (forgo the ‘good to know’ mindset and collect just the essentials – think ‘less is more’). Know where the tipping point is that turns your data from an asset into a liability.
✅ Map out your data retention obligations against the data you collect and make sure your data disposal practices align with those.
✅ Offense is the best form of defence. Do a cybersecurity health check to see how safe your data is from unauthorised access. ASCS’s publicly available self-assessment is a great starting point, which will give you a good indication of whether you need to get the experts in to help you bolster your practices. But, because there’s no cybersecurity failsafe, you should also…
✅ Implement tailored cyber security, data protection and breach response strategies and policies within your business. Prevention is better than cure.
get your house in order.
Following the most recent privacy-related headlines, and in anticipation of the impact of the privacy reforms (including significantly increased penalties and extended rights of the Privacy Commissioner to investigate data breaches), we will be offering a privacy compliance kit to our clients very soon. If privacy compliance is high on your list of priorities for 2023 sign up to receive updates below.
How’d we do with this article? Send us feedback.
Not already a subscriber to on the house? Subscribe here.
