Earlier this year, in April, the ACCC reported that Australians lost almost half a billion dollars in 2018: “Total combined losses reported to Scamwatch and other government agencies exceeded $489 million.”
It’s no wonder cybersecurity has already proven to be a hot topic. On the heels of a number of high-profile data breaches in 2018 and the introduction of GDPR, cybersecurity is front of mind for many businesses.
But what can you do about it? How can you protect yourself and your firm against cyber fraud in an age where hackers are becoming increasingly more sophisticated?
1. Understand that people will remain the biggest threat to cybersecurity
The biggest threat to cybersecurity is you, your employees, your partners and your clients. It may only take one absentminded click or keying in the wrong email address and you could be facing a serious data breach. That’s why education and awareness are key. All businesses should have cybersecurity training and procedures in place to ensure vigilance and best practice.
To educate your employees and clients you can:
- Tell your clients what kind of communications they can expect from you and educate them about potential phishing scams so that they are aware.
- Include a disclaimer in your emails to further emphasise the importance of verifying account details
Remember: Your security is only as strong as the weakest link.
2. Use purpose-built technology to keep your firm safe
Password-only access will soon be a thing of the past. More and more businesses are implementing multi-factor authentication (MFA) to safeguard their data, particularly in light of the increased prevalence of phishing. While it might sound technical, MFA is an essential part of making sure we are protected digitally. What MFA entails is two or more steps to verify that you are who you say you are, so that even if a password falls into the wrong hands, there is an extra layer of security needed to prove who is trying to access your information.
MFA is used by many industries – think about online banking. You often need to log in and to transfer money, a secure code may be emailed or sent as an SMS to you. Once received, you can prove it is you making the transaction.
MFA requires additional credentials on top of a username and password to add an extra level of verification before providing access to sensitive systems or data. It may require approval from your device or biometrics. This means if someone does manage to get their hands on your login details, there’s an additional barrier to overcome before they can actually access your accounts.
There are other technologies purpose-built to keep firms safe. For example, Securexchange, is designed to stop the need to share trust account details via unsecured emails and protects the reputation of all professional parties involved in the property transaction. The key to the service is that only verified parties can view trust account and deposit information, streamlining communication between those parties and offering transparency over the progress of the exchange.
Coupled with the ability for lawyers to share Trust Account details securely with other parties, Securexchange provides legal and conveyancing professionals with a real answer to combat cyber-fraud, at no expense to their firm.
3. Be aware that fakes will only become more sophisticated
Hackers have come a long way from sending spam emails that are easily identified as fake. Now they can replicate the look of official emails including using logos to make the email seem legitimate. Scams are also coming through via SMS and phone call channels. There are scams around not paying ATO bills, being involved in a car accident and bill payments failing. There is also a new trend toward using artificial intelligence to create fake audio and video messages that are extremely realistic. This type of media can be used to add even more credibility to phishing tactics and help hackers to impersonate trusted people.
Furthermore, hackers aren’t just after your credit card details anymore, they’re focussed on infiltrating large value transactions. The property market is especially alluring as it involves constant high-value money transfers between several parties. Hackers become experts at breaking into email accounts and following transactions as they progress, so they can strike while the iron is hot. They know when you’re ready to transfer the deposit and they send a perfectly timed email from the hacked account with false bank details to redirect funds into their own accounts. There have been several recent high-profile property fraud cases in Australia involving these type of phishing schemes that have resulted in significant financial loss for buyers/sellers and reputational damage for service providers.
Cyber fraud has become a major problem for Australian businesses. Hackers are continually finding new ways to intercept email communications or mimic your clients. Your firm is only as strong as the weakest link in your information sharing. To protect your firm, invest in purpose-built technology services to keep you and your clients safe. It is crucial that you know who you are communicating with and always choose the safest method to do so. Always be smart with what information you share and how you share it.