Take the recent MediaWorks breach from March 2024 - the stolen data was collected from running online competitions.
Although the data may not have included health or financial information, it can still be sold for ransom or used for other identity theft.
This may seem relatively innocent as a standalone attack, but these thefts are not done in isolation.
With competition entries, certain responses could be used to pick answers to common security questions, matched up to passwords and usernames stolen from other data breaches, and used to defraud.
Unlike health providers or financial institutions, MediaWorks may not have been considered a high-risk target for cyber-attacks. Still, the data it held could be valuable when used in certain ways.
What does this mean for you?
Take cyber security seriously, no matter what line of business you are in.
Give some consideration to the data that you collect, how it is stored, and for how long. In the MediaWorks case, people’s data was held for several years after the competitions had ended, perhaps a lot longer than necessary.
Cyber security is not a one-and-done job. The digital landscape is (rapidly) evolving, and your security needs to keep up with the changes and continuously review and refine your systems and priorities.
Working with an experienced adviser is important as they can provide the right advice and tailor the approach to match your business’ size, complexity, and risk.
Speak to a Findex adviser to prepare your business and protect your customer’s data.
The views and opinions expressed in this article are those of the author/s and do not necessarily reflect Findex’s thoughts or position.
