Every year, thousands of Australians and Australian businesses fall victim to online crime, or ‘cybercrime’. In the first 3 months of 2018 alone there were 14, 189 reports made to the Australian Cybercrime Online Reporting Network (ACORN). That was just the ones reported!
The financial services industry will always be a prime target. Our IT systems, supplier contracts and internal policies place client data, as the single most important asset our business needs to protect. Each of these areas is reviewed on a regular basis and every staff member and supplier is bound by regulation, policies and rules of engagement in these areas.
We see instances of fake and suspicious emails several times each week. We have seen several, sophisticated examples in the industry in recent weeks that prompted us to remind everyone of the need to remain diligent in your interactions when providing any sensitive data and to reassure you that our diligence in this area with our clients and their data is of paramount importance to Profile Financial Services.
Common types of attempted cybercrime in our industry include:
- Online scams or fraud
- Issues with buying or selling investments online
- Identity theft
- Attacks on computer systems
- Email spam and phishing
- Illegal and prohibited content
There are several things you can do if you become aware of an issue or you think something is suspicious:
- Check all details on emails appearing to be from your trusted source. Fake emails often contain small yet critical errors in people’s names or domain names.
- Consider the language used. Does the email ‘sound’ like the person you are corresponding with? We have picked up several suspicious emails in the past because the language is not consistent with the client we know.
- Pick up the phone to verify the information or request.
- Do not respond to emails that look suspicious. This can allow additional information to be gleaned for malicious purposes.
We have several avenues available to us at Profile to help protect our clients’ data:
- Personally telephoning a client who makes a request to move money
- Setting up multi-factor authentication requirements with our suppliers
- Having appropriate internal policies and training for staff around the collection, storing and use of data, IT and password security and office security
- Using external IT consultants to track activity in and out of our systems
- Maintaining up to date and business relevant firewalls and security systems
- Blocking suspicious domain names and websites
- Reporting concerns to relevant authorities, such as ACORN and the Australian Cyber Security Centre.
If you believe that your financial data has been compromised, from any source, please take action immediately – for our clients we can undertake any and all necessary actions to protect you.
By Lena Ridley, Head of Operations