What to Do After a Data Breach

How to safeguard your business name and avoid going belly-up

Medibank, Optus, Toyota Australia and Ambulance Victoria were among the big-name organisations that made headlines recently after falling victim to data breaches.

Although these breaches affected nearly 20 million people combined, they’re just a drop in the bucket.

The ABC reported there have been over 2,700 recorded data breaches since 2020, with potentially hundreds more going unreported each year. The incidents range from relatively minor to some affecting tens of millions of people worldwide.

What is a data breach? A data breach occurs when sensitive, protected, or confidential data is accessed or disclosed without authorisation. That could be customer information, operational records, confidential documents, emails or other communications.

Owners of small to medium businesses (SMEs) might think they’re safe from these kinds of incidents. After all, hackers only target big brands – right?

Not quite.

As well as the handful of highly publicised data breaches, there were nearly 500 in 2022 that the media didn’t mention. Most leaks resulted from cybercrime, which disproportionately affects small businesses.

Data breaches are more than an inconvenience. They often lead to significant financial losses, reputational damage and operational disruptions.

More than 60% of Australian SMEs never recover from a data breach.

If you’re an SME owner, ask yourself: “Can my business withstand a $46,000 hit?”. If the answer is no, you’re not alone.

Nearly two-thirds of SMEs that suffer a data breach or cyber attack never recover. This alarming stat, from a 2022 report by the Australian Retailers Association, underscores the critical impact of cyber attacks and data breaches on SMEs.

The cost of data breaches isn’t just counted in lost dollars. In late 2023, telemarketing firm Pareto Phone collapsed after suffering a hack that leaked sensitive personal info of donors to several high-profile charities onto the dark web. More than 100 people lost their jobs. Tens of thousands of Australians still have no idea what’s happening with their data, including passports, police checks, child support documents, licences and tax file numbers.

Small business owners should prioritise data leak prevention in 2024. Not just to avoid the business’s name being dragged through the mud but, more importantly, to protect customers, safeguard trust and grow the business with confidence.

What to do if you suspect a data breach

Contain the breach

This might mean temporarily taking down your website, disabling email servers or changing passwords. Quick action here can limit the severity of the breach.

Assess the damage

Identify what type of data was breached, the number of people affected and the potential impact. This step is crucial in understanding the severity of the breach and communicating transparently.

Notify affected parties

This includes customers, employees and other relevant stakeholders. You should also report the incident to the Australian Cyber Security Centre (ACSC) via ReportCyber. Transparency is key to maintaining credibility and getting help after a breach.

Investigate the breach and implement corrective actions

Determine how the breach happened. Based on your investigation, implement data leak prevention methods to fortify your defences and prevent future breaches.

The ACSC can also help with tailored information on remediating after a data leak incident and link you with support organisations.

Should you seek professional help after a data breach?

It’s wise to seek help from a data breach consultant or law firm. These professionals can provide expertise and guidance specific to your situation, ensuring you navigate the aftermath of a breach effectively and compliantly.

Tips to proactively secure your online presence against a data breach

Local web hosting

Choosing a web host in Australia not only supports local businesses but also offers better legal compliance and data security tailored to Australian standards.

Our web hosting services keep all your data secure on Australian servers. As well as providing faster response times, your information is better insulated against hacking attacks.

Maintain SSL (Secure Socket Layer)

Most website hosting plans come with an SSL certificate that encrypts data transmitted between your website and users.

However, SSL certificates usually expire annually. Keeping on top of certificate renewal is important if you want to make life hard for hackers.

Educate employees

Australians are getting better at identifying cyber threats, but criminals still find a way in. Provide training and resources to employees on identifying cybercrime techniques, including phishing, social engineering, extortion and business email compromise.

ReportCyber publishes helpful free resources.

Regular security updates

Keep your website plugins and local devices up-to-date with important security patches.

Choose local business services

Do your research before sharing sensitive information with online business services. Some websites might seem legit at first glance, but it’s smart to look for credentials including:

  • Business registered in Australia (with an ABN or ACN)
  • .au or .com.au domain
  • Reviews from real Australian customers
  • Australian office location and contact details

From automating business name renewal to registering a .au domain for your website, partnering with an Australian service provider like Registry for essential services is always more secure.

Regular password changes

Use strong and unique passwords for all your online accounts. If you have staff, encourage (or even enforce) a policy of changing passwords regularly, as weak passwords are a common security soft spot.

Awareness and caution with personal information

Educate your team never to share personal information over email or chat, and to be vigilant about suspicious links. Dodgy links in emails or social media messages may be phishing attempts to steal sensitive information.

Registry Australia helps SMEs remain secure against data breaches

We’re committed to helping small businesses grow. That means offering industry-leading services to protect your business name from appearing in the headlines for the wrong reasons.

From web hosting to business name renewal and .au domain registration, we take your security seriously. We’re also an ASIC Registered Agent, meaning we adhere to the highest regulatory standards.

If you want to learn more about how we keep your mission-critical information secure, contact our local support team at 1300 070 000 or email info@registry.com.au.

Back to News


Related news

Let's get started

Your business starts here, get going today.