What’s a financial planner doing talking about cybercrime? While we typically focus on financial risk management, cybercrime is certainly a risk we encourage our clients – especially business owners – to be aware of too. To remix the old military saying that an army marches on its stomachs (if you disable supplies then the troops will falter), it could be said that modern businesses march on their data management.
While there are a lot of very advanced approaches you can implement, it’s important to remember defense against the basics first.
Which basics am I talking about?
- Making sure devices and intellectual property are physically secure – all staff should lock computer screens when leaving for breaks, keep servers and backups in a locked/separate location
- Keeping passwords and networks secure. We assume nobody is guilty of reusing “Password123”, but the bigger, less-spoken-of sin is reusing passwords at all or not changing them. If you do reuse them, then once one login is compromised then all logins are if they’re using the same or similar passwords. If you use a shared login between multiple employees, consider when an employee leaves as a good time to change the password. Businesses are statistically most likely to be victims of crimes by disgruntled current and ex-employees so this is a simple thing to avoid. What would happen if a competitor bribed a former staff member for your server login? You’d be in for A Very Bad Day, no doubt.
- Control traffic and storage. Got wifi? Secure and restrict access to it. Use cloud services and backups? Know how those companies protect and encrypt your information.
- Establish risk controls and protocols. New staff induction should include some intro training on best-practices within your business. You should also have a response plan ready in the unfortunate situation of a risk event occurring.
In practice, the main attacks to be vigilant against are:
- online scams. That unknown exotic foreign lover suggesting you meet up probably doesn’t have sincere intentions,
- identity fraud – especially easy over phone and email so keep your and your clients’ personally-identifying information secure!
- malware and ransomware – usually sneaks in with a compromised file/webpage you download or open so make sure to visit trusted sites and keep antivirus software up to date,
- phishing – especially effective when a fraudster pretends to be contacting you from a bank or government department and asks for your personal details. If you don’t trust a caller, ask for the department they’re calling from and look up the organisation and tell them you’ll call them back after contacting their main contact line.
So while it’s easy to be impatient when, for example, calling to ask a question about your accounts and being asked to identify yourself, please remember that it’s just one thing businesses should be doing to keep your information secure.
Oh, and one last tip: hover your computer cursor over a link before clicking it to read the outbound link and make sure it matches up with what’s being talked about.
If you want to learn more on this topic, the Australian Government’s “Stay Smart Online” site is full of more information.