Pop up – Demo

Subscribe Form Popup

ShareThis

Microsoft-365-business-Popup

We're here to help Fill out the simple form below & one of our IT experts will be in touch
  • This field is for validation purposes and should be left unchanged.

Mercury IT Managed Services | Brisbane | Gold Coast | Melbourne Logo
1300 668 223 Client login

Cybersecurity

Home / Cybersecurity / Cyber Insights with Mercury IT- June 2024
Contact Us
13 JunCybersecurity

Cyber Insights with Mercury IT- June 2024

Cyber Insights June 2024

Welcome to the latest issue of Cyber Insights!  In this edition, we showcase some scam statistics, review the latest security breaches, and offer tips on privacy policies.

Current Scams 

Today, we thought we would do something a little different and look at some scam statistics for the first four months of the year, courtesy of scamwatch.gov.au

Scam 1

Scam 3

Scam 2

Scam 4

Age is an interesting factor, as the amount lost increases for those aged 55 and older. Therefore, it’s important to speak with family and friends about scams.

Latest Security Breaches 

Exploit: Ransomware
MediSecure: Prescription Platform
Risk to Business: SEVERE

MediSecure, an Australian provider of a digital prescription platform, has disclosed that it has experienced a ransomware attack on May 16. Bad actors gained access to the personal and health information of individuals in its systems. The company did not offer specifics. The company’s website and phone lines were also knocked offline. Officials from the office of the National Cyber Security Coordinator (NCSC) reassured the public that no current e-prescriptions have been impacted or accessed. Update: Medisecure has gone into administration since this event. Read more here.

 

Exploit: Hacking

Dropbox: Technology Company

Risk to Business: SEVERE

Dropbox has admitted that hackers gained access to its company systems on April 24, 2024. The company said it discovered that hackers initially gained access to the production environment of Dropbox Sign. The bad actors were able to access information related to users of Dropbox Sign, including account settings, names and emails. For some users, phone numbers, hashed passwords and authentication information like API keys, OAuth tokens and multi-factor authentication methods were also exposed. Dropbox said that there is no evidence that the threat actor accessed the contents of users’ accounts, such as their agreements or templates, or their payment information. Dropbox was quick to reassure users that this incident was limited to Dropbox Sign users. Read more here

Cybersecurity Tips

If you create an account on an organisation’s website, you may be prompted to read and accept a privacy policy. A privacy policy outlines the ways that the organisation can access and use your personal information. It’s important to read the privacy policy so that you are aware of how the organisation may use your personal information.

Before you accept the terms of the privacy policy, ask yourself the following questions:

Who Can Access Your Information?

The privacy policy should tell you who will be able to access your information. The organisation may just use your information to improve service, or they may plan to share your information with other third-party organisations. If the privacy policy informs you that other third-party organisations will be able to access your information, research these organisations and find out why your information will be shared with them.

What Information Will the Organisation Collect?

The privacy policy should also tell you what information the organisation will collect and why they will collect this information. The organisation may want to collect many types of personal information, such as your internet activity or purchase history. Be suspicious of any organisation that asks for information that isn’t necessary to operate. For example, don’t give an organisation permission to track your location if they don’t need your location to perform a specific task.

How Will the Organisation Collect Your Information? How Can You Change Your Privacy Settings?

Lastly, the privacy policy should tell you how the organisation will collect your information and how you can change your privacy settings in the future. If you know how the organisation collects your information, you may be able to figure out when the organisation will collect your information. For example, an organisation may collect information about you whenever you access their website so that they can remember your device in the future. You also need to know how you can change your privacy settings. If you decide you no longer want to share specific information with the organisation, you may have to change your privacy settings.

The next time you have to read a privacy policy, ask yourself the questions above. It’s important to know how organisations access and use your personal information so that you can protect your privacy.

Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here

About the author

Mercury IT