New Zealand's Privacy Act 2020 has resulted in more and more Kiwis receiving letters from various organisations (like schools and businesses) notifying them that their personal data was compromised in a recent cyberattack, but few know what to do about it.
Author of the book 'She'll Be Right (Not!)—a cybersecurity guide for Kiwi business owners—and SMB cybersecurity expert Daniel Watson said today that the Privacy Act compels organisations to notify customers when their details have been compromised.
"For example, one customer of an adult education class at a local Auckland college that he had received a letter from the college notifying him of a cyberattack. Consequently, his first name, last name, email address, landline, mobile number, partial credit card number and credit card expiry are most likely for sale on the dark web."
He said the news comes as no surprise. Many medium organisations and colleges are vulnerable because they are trying to get things done, but like many SMBs, they don't have much in the way of internal IT or security resources.
"There may not even be somebody in the senior leadership with some cyber or information security oversight.
"This kind of thing is only going to get worse, and I cannot emphasise enough that complacency towards cybersecurity (particularly prevalent among medium-sized organisations in New Zealand) is sooner or later going to hurt both those organisations and their customers."
Watson said it was past time that medium-sized organisations understand that they are in positions of trust and need to take their duty of care for people's details seriously.
He said that people who receive a notification that a cyberattack has compromised their details should take the following actions:
- Sign up for a credit monitoring service
"We can assume that criminal elements who get their hands on your details will try to put it to malicious use, such as attempting to get credit in your name. Signing up for a credit monitoring service may help protect you from identity theft," Watson said.
- Change your passwords
Some credible apps like 1Password, Bitwarden and LastPass can help you manage your passwords better by relieving you of the need to remember multiple and advisably complicated passwords.
"One master password is all you need to remember. It's straightforward."
- Two-factor authentication
Businesses, in particular, should consider two-factor authentication methods.
"When it comes to valuable shipments and bank deposits, don't just rely on email to verify details because it is too easy to get funds misdirected. Pick up the telephone and confirm any changes verbally."
Watson said other measures might include changing bank accounts or credit card numbers.
"Cybersecurity can seem like a pain, but if it is well set up and managed, it isn't that hard. A bit of effort will save you a world of regret later on," he said.
For more information visit: Daniel Watson LinkedIn