1. Use strong passwords

Use long, complex passwords that are hard to guess. Include letters, numbers and symbols. Do not use the same password for multiple accounts. Ideally use a password manager.

2. Update your software

Always update your software. Updates usually patch security holes. Have your computer set to update automatically, unless you have a very good reason not to. Ideally have this centrally managed for you.

3. Train your employees

Educate your employees on data security. Teach them how to identify fake emails. Inform them not to click on suspicious links. Ideally, enrol all staff in managed cybersecurity awareness training, with automatic re-enrolment following failed tests.

4. Use encryption

Encryption scrambles your data. Only people with the key can read it. Use this for all important information.

5. Limit access to data

Not everyone needs to know everything. Only give people access to what they need for their work. Implement a Zero Trust security strategy, based on the principle “never trust, always verify”. Do not assume that everything behind the firewall is safe.

6. Create backups of your data

Create copies of your important information. Keep these copies in a safe location. This helps in case anyone steals or destroys your data. Ideally, make use of a managed backup service, so that restoration of data can be easily managed following a ransomware incident, for example.

7. Use a firewall

A firewall acts like a guard for your computer. It blocks malicious sites and prevents payloads from getting in. Always have your firewall turned on. Ideally, have this centrally managed as part of your device management.

8. Be careful with emails

Almost every data breach starts with a trick email. Don’t open emails from people you don’t know. Be wary of emails which look like they’re from someone you know, but aren’t. Don’t click on links unless you’re sure they’re safe. If you think they’re safe, verify, and ideally find another way to get to the same location without clicking the link. Managed cybersecurity awareness training can run simulations of phishing emails, and provide feedback and training for those who are successfully tricked by them.

9. Protect your Wi-Fi

Use a strong password for your Wi-Fi. Do not leave the default password on. Update your Wi-Fi password frequently.

10. Have a plan

Prepare a plan in case of a data breach. Know who to contact and what to do. Run practice drills so you know that you and your team are ready if there is an intrusion.

Even with good plans, data breaches can still happen. If one does, take action quickly. Inform your customers about the breach ASAP, as well as any authorities or regulatory bodies that you’re required to.

Fix the problem that led to the breach. Then, use what you learned from that mistake to make your security better.

Get security advice, and follow it.

Security consultants recommended to Medibank that they implement multi-factor authentication prior to their data breach. This advice was not followed, and would have prevented the breach from occurring.