Online Safety: Secure today to protect tomorrow

The recent cyberattacks on major Australian superannuation funds, which compromised member accounts and led to the theft of hundreds of thousands of dollars, are a harsh reminder that our digital lives require just as much protection as our physical ones. We talked to Apt Director, Mark Bardzinski about how you can keep yourself safe in an increasingly digital world.

Revisit your passwords

Mark’s first piece of advice is a simple but important one: use complex, hard-to-guess passwords and don’t reuse them on multiple sites. And while it might sound obvious, a survey by YouGov for Telstra highlighted some telling statistics in the space.

“The YouGov for Telstra survey[1] found that 78% of Australians use the same password on more than one site, and an alarming 20% use their pet’s name as a password,” Mark explains.

“The superannuation attacks were a case of ‘credential stuffing’. This is when scammers steal credential information from one site and then use the information to try to get into other accounts. It only works when the targets have used the same passwords.”

Consider your social media privacy

Mark also cautions against participating in seemingly innocuous social media ‘games’ that may actually be harvesting personal information – the kind you use for security questions and passwords.

“These sorts of things pop up on social media framed as games, asking for pet names, parent’s names, maiden names, where you grew up, etc. We have so much information about us online today, and this is just adding to the jigsaw that scammers can use to access your accounts.”

While on the topic of social media, Mark warns that our profiles are sharing a wealth of information.

“Take a Facebook account, for example. You may be connected to family with your maiden name. You might be in an alumni group for your high school. You might post pictures of your pets with their names. Your birth date may be visible. You might post about your children’s birthdays. All of this is seemingly harmless, but actually, you are also providing a lot of information that could be used to guess passwords or answer security questions.”

Mark highlights that it doesn’t mean you have to stop sharing all of these things with loved ones, but it’s good hygiene to revisit your security settings and privacy and make judicious decisions.

“Most platforms offer options to lock your profile and keep anything you share within your network. And if you have anyone you don’t know in person on your pages, it may be worth reconsidering the connection,” he says

Enable multifactor authentication

Multifactor authentication, whereby you receive an additional code on your phone or email when using your password, may feel like an unnecessary step. But it could save you significant financial loss and personal loss.

“It may be a little annoying when you are asked to enter an additional code to access your own accounts, but it also prevents unauthorised access. Multifactor authentication (or MFA) should be switched on for all your accounts. That way, you’ll get a notification if someone attempts to gain access and can take any necessary steps such as changing passwords and notifying your financial institution,” Mark explains.

Protect your devices

On the topic of authentication, Mark acknowledges that this means your mobile phone is potentially a gateway to your accounts.

“If you lose your mobile phone, it can be a gateway, so ensure you have a PIN or, where available, biometric (fingerprint, face, etc.) security on your phone. Many apps will allow you to add an extra layer of security to open the app itself, and that can be a good idea for your banking, government accounts, email inboxes or any other apps that hold significant personal data.”

He adds that for some phones, data can be locked or wiped if it is stolen, but there may be steps you need to take before it happens that will enable it in the event of theft or loss.

“Make sure you know what provisions are in place if your phone is lost or stolen. You may need to enable certain settings today. It might seem like overkill, but it can be a lifesaver if you lose your device.”

He also says it’s critical to update your phone, tablet or computer when prompted to do so.

“These updates often contain code to patch up any potential security risks that the company has identified. It’s critical that you do them at your earliest convenience, or you may be leaving yourself vulnerable.”

Mark adds that it is important to have cyber security software on your devices and to keep this regularly updated, too.

“Cybersecurity companies update their software regularly to protect you from emerging threats. Make sure you have adequate protection to keep you safe online,” he says.

And when it comes to staying safe online, Mark recommends avoiding public WIFI networks.

“Public WIFI networks that don’t require a password or credentials are vulnerable to attack, allowing scammers to see what you are doing online, so they are best avoided, even if the organisation offering you access is one you trust.”

Monitor your accounts regularly

Most of us regularly look at our main bank accounts, enabling us to recognise unauthorised transactions quickly. However, accounts like your superannuation may not get as much regular attention.

“Make sure you know what should be in your accounts, and you make use of any warning or alert systems your institutions offer.

“Much like multifactor authentication, it can be annoying to get a barrage of notifications on your phone when you are making legitimate transactions. But it will alert you in real time if someone else has accessed your cards or accounts,” Mark explains.

Stay safe on email and phone calls

Mark highlights that ‘phishing’ emails are on the rise across the globe and that some scammers go to great lengths to make their emails look legitimate, even purporting to be from your bank.

“These emails can be a direct request for your information, which is then harvested and used to access your accounts. Once a link is clicked or an attachment opens, they may download malware without you ever noticing a thing. This malicious software can enable the scammer to see what you are doing on the computer, potentially giving them access to all your usernames and passwords,” he says.

So, how can you avoid getting caught out? Mark says it’s about taking the time to consider whether a request is genuine and, if you aren’t sure, checking before you act.

“Never click on an attachment or a link that you don’t trust or is from a sender you don’t recognise. And if it pertains to your banking, finances or personal data, stop and ask yourself if this looks legitimate. If you have any doubts at all, call the provider on the customer service line listed on your card or on the website. Never use the contact details on the email, even if they look legitimate.

“If the request is genuine, the provider or institution will be happy to verify that and take you through what is required. If it is not, you’ve potentially saved yourself a lot of emotional turmoil and financial loss.”

He adds that the same goes for phone calls.

“Your bank will never ask for your online login details. If you receive a call from your bank, a good rule of thumb is to tell the caller you will call back on the mainline number. If it is genuine, the caller will be happy for you to do so.

“Often, these scammers use urgency or threats to get you to act. They may say, for example, that your accounts will be locked or you will incur a financial penalty if you don’t act right now. These are emotional tactics to get you to respond before you have time to think. Always stop and double-check.”

Keep communications secure

“When discussing financial matters with Apt or anyone else, use secure channels. Avoid emailing sensitive information like account numbers or passwords. We use encrypted platforms to protect your details–make sure any third parties you deal with do too,” says Mark.

“Cyber threats may be evolving, but so are the tools to defend against them. With a few mindful practices, you can dramatically reduce your risk,” he concludes.

If you’re worried you may have compromised your data or your accounts, speak to your financial institution immediately. If you have more general questions on the safety of your accounts online, discuss them with a trusted family member, friend or your Apt adviser.

Committed to securing your data

Apt is committed to keeping your information and data secure. We continue to invest in tools that protect your privacy and financial wellbeing.

We ensure that your data is protected by:

• advanced encryption methods to safeguard your personal information
• having our systems protected by multi-factor authentication to prevent
unauthorised access
• conducting regular security audits and vulnerability assessments to identify and address potential threats
• undergoing continuous training on the latest cybersecurity practices.

[1] YouGov for Telstra Survey, 2023. https://www.telstra.com.au/exchange/almost-half-of-australians-use-a-weak-password--here-s-what-that

General Advice warning

The information provided in this blog does not constitute financial product advice. The information is of a general nature only and does not take into account your individual objectives, financial situation or needs. It should not be used, relied upon, or treated as a substitute for specific professional advice. Apt Wealth Partners (AFSL and ACL 436121 ABN 49 159 583 847) and Apt Wealth Home Loans (powered by Smartline ACL 385325) recommends that you obtain professional advice before making any decision in relation to your particular requirements or circumstances.