After the high-profile data breaches of Optus, Medibank and Woolworths, businesses across the nation have been frantically reviewing their cyber security and protocols. Here are some top tips for protecting your business.
Cyber risks represent a major challenge for the financial system. That was the conclusion of the Reserve Bank of Australia’s (RBA) latest Financial Stability Review, at least.
The RBA referenced the recent Optus cyber incident, noting that it “demonstrated that there can be indirect implications for the financial system of cyber attacks”.
This content is available exclusively to
The Adviser premium members.
“This, along with a number of other large-scale cyber incidents over the past year, has highlighted the need for regulators and financial institutions to continue building cyber resilience,” the central bank said.
Indeed, an Optus-sized cyber attack on the finance sector has potential systemic implications, as an increase in fraudulent activity associated with the leaked information could undermine confidence in lenders and brokers alike.
The industry has already been busy educating brokers on the sophistication that cyber criminals can have nowadays. Whether it’s speaker sessions at events, online webinars, or podcasts, aggregators and associations have a plethora of materials at the ready to help brokers protect their businesses.
The Mortgage and Finance Association of Australia (MFAA), for example, recently hosted a webinar with Kaesim Cybersecurity’s Paul Hankin (a former mortgage broker himself) — who urged brokers to adopt two-factor authentication for email and social media ASAP — noting that small businesses are perhaps even more at risk of becoming victim to a hack than a large one.
Hackers are targeting small businesses that are “low-hanging fruit” as they are the easiest in “one of the biggest industries you may never have heard of,” he said.
“Essentially, cyber crime is now organised crime, and it’s fully industrialised,” Mr Hankin said.
“The revenues globally are three times greater than [US] Walmart, which is the largest retailer in the largest economy in the world.
“And it generates around $1.5 trillion a year in profits, which is more than the top five US tech companies combined.
“If there was a country, cyber crime would be the third-largest economy in the world, after the US and China, based on the amount of damage that’s done currently.”
In fact, Australia sits around being the sixth most targeted country presently, but it is unfortunately first place when it comes to “ransomware”, which is increasing, he stated.
Victims on average are asked to pay ransom close to $100,000 over a year, with a government hotline receiving a ransomware crime report around 60 times per day, he added.
But only around 10 per cent of cyber attacks are reported, which means the problem could be 10 times larger, Mr Hankin explained, and frequently takes weeks for businesses to recover.
What brokers need to do to protect themselves — and why
According to the cyber specialist, the Optus breach basically happened because there was “… an API endpoint with no authentication,” which in layman’s terms means there was a database with no password protecting it.
“That’s all it was — the database on the internet with no password protection,” he said.
“Basically I’ve just left the door open and left it unlocked for anyone to walk in — and that’s the definition of what we call low-hanging fruit.”
Mr Hankin therefore recommended the following anti-hacking tips and techniques for broking and finance businesses to mitigate the risk of a cyber security incident.
Use two-factor authentication (2FA) on everything that you’re logged into — this is ‘two step’ login, so it’s something you know (a password) and something you have physically (a code on your phone).
“Passwords are not enough anymore. They’re very easily hacked. So 2FA fixes this problem really well,” he explained.
“Check the security settings on all your software and all your websites — if there’s a 2FA option, switch it on!”
Switch on 2FA on all your apps — including all your socials like LinkedIn, Facebook, etc.
“Especially on your social media accounts. They’re very commonly hacked. Imagine as a broker — brokers rely heavily on Google reviews — if you lost all your Google reviews in one day that you’ve built up over years and years,” Mr Hankin said.
2FA pro tip — use a phone app to generate the codes (instead of getting text messages sent to your phone) and add anti-virus.
“It’s much more secure, as text messages are considered not secure. And also add any anti-virus protection to your phone because your 2FA is no good if your phone has been hacked,” Mr Hankin said.
Use a password manager
“It’s pretty much like you go out and lock your car doors when you’re parking your car so someone just doesn’t walk in the door and off they go,” he explained.
“Passwords? We all hate them, but we have to deal with them too. We know that 50 per cent or more [people] use the same or similar passwords for all their websites, which means if one of your websites has a data breach, hackers get that password and… can try that password, or variations of it, on all your other websites as well.
“Tip — use four unrelated words plus a number and that creates a phrase-relevant word — and make it unique, something you haven’t used before. So, four unique words plus a number.”
Ransomware — avoid crippling your business
“The strategy here is you need offline backup (not cloud) and any proper anti-virus, business-grade, enterprise-grade... Not the free stuff,” Mr Hankin said.
“You also need to encrypt all your data, and you need to have cyber insurance as well.”
And last but not least, ask for help. Broker associations, aggregators and even lenders have all been working to engage cyber security specialists and produce resources, tools and courses for brokers to shore up their protections, so make sure you reach out and ask about them if you need help.