Key Lessons for business from the Optus data hack

Sarah Gee

Everywhere we turn right now, people are talking about the Optus data hack. Most of us are affected customers but what other lessons should we be taking from this?

Here are some of the key lessons for every business owner and manager.

Carefully consider your data protection strategy

This involves asking:

  • What data do you collect?
  • Do you need to collect that data?
  • How long do you hold it for?
  • How do you protect it?
  • Does your data protection strategy match the sensitivity of the data you are holding?

You may also have obligations under the Privacy Act, your privacy policy, or as a director under other laws.

So the lesson here is to know what you collect, why you collect it and how you protect it.

If you do nothing else after reading this article, turn on MFA on all of your devices. There is information about how to do this here.

Consider work from home issues

Do all of your staff really need access to all of your data or can you limit access?

Staff working from home continues to be one of the biggest risks to business data.

This is because unsecured devices, unsecured networks and remote access have all introduced vulnerability into IT systems.

So the lesson here is to audit your devices and systems. As we move out of Covid crisis management and working from home becoming a normalised part of most workforces, your technology and IT policies and practices need to be reviewed to make sure they’re up to scratch.

Carry out regular risk analysis

The risk of data hacking and being held to ransom is something that you should have planned for as part of your regular risk analysis.

Get a risk assessment on paper that records your vulnerabilities, your mitigation strategies and what your business would do if that risk materialised.

The lesson here is to have a routine risk analysis being done and have a plan on paper for worst case scenarios. This embeds resilience into your business and helps you keep a cool head in a crisis.

Manage your liability

If you’ve been watching all of this play out, you will have seen that Optus has offered free Equifax accounts to all of its customers to keep an eye on where their personal information is being used. (Note that many industry experts suggest you use CreditSavvy to block credit applications in your name instead.)

By offering credit monitoring to affected customers, Optus is trying its best to limit a big chunk of its liability for its customers if their identity is stolen.

The lesson here is if you do make a mistake, getting on the front foot with good legal advice can help manage your exposure.

We were already expecting changes to be made to privacy law but we can now expect that to be a quicker and more broad update. Importantly, we are hearing that there is likely to be a nationalised identification system.

Sign up to our newsletter via our Home page to keep informed of changes in the law.