Awkward if your brand image is a safe pair of hands. David Jones has had its computer system hacked and the private details of customers stolen by criminals. While DJs says that no credit card details or passwords were stolen, it was a reminder that cyber hackers don’t just go after the likes of Ashley Madison, Sony Music and the US Government. It came a day after K-Mart announced some of its customer data (names, addresses, contact details and sales data) had also been stolen.
Australia’s Privacy Commissioner says there’s been a huge jump in reported data breach notifications in the past year.
In response, the Federal Government recently released the first unclassified Australian Cyber Security Centre Threat Report (collective ooooooooooooooooohhhh). The Report provides information to Australian businesses about the threats their computer networks face from cyber espionage, cyber attacks and cyber crime. (Ever notice how ‘cyber’ makes any word sexy and scary? Cyberdyne Systems has a lot to answer for.)
We won’t bore you with the details, but the Report does provide some good tips on how businesses can reduce their exposure to cyber bad guys, or respond to a cyber attack. The Report lists the Top 4 things, which are all mandatory for Australian government agencies, which could prevent at least 85% of targeted cyber intrusions:
- Use application whitelisting, which is a fancy way of saying you should specify trusted/permitted applications that can be run on your computers to prevent accidental execution of malicious or unapproved programs by your staff.
- Patch (ie. install updates) applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office and, where possible, use the latest version of the application.
- If you become aware that an operating system may have vulnerabilities, promptly patch it. Also, if possible, stop using Windows XP and Microsoft Office 2003 as an operating system (they said it, not us).
- Restrict administrator privileges to those users who really need it to do their jobs. A lot of hacking is facilitated by rogue or careless insiders.