Keeping client data safe from hackers, verifying identification, whether to use password managers and the risks of using public wifi were among the cyber security topics that generated the most discussion at BT’s Cyber Security and Financial Crime Masterclass.
BT’s cyber security experts delved into these topics and more during the masterclass, which attracted over 900 registrations, making it one of BT’s most popular professional development events.
During the webcast Merryl Tidyman and Vicki Misitano from BT’s Fraud and Financial Crime team shed light on how advisers can identify and prevent fraud-related financial crime, and protect their clients’ and their business’ information.
Their cyber security tips for advisers are outlined below.
1. Train advice teams to be vigilant about risks, especially fraudulent activity
Advice practices should conduct a regular review of their risks and controls, and keep up to date with cyber trends. The Australian Cyber Security Centre’s ‘Exercise in a Box’1 is a handy reference and includes tutorials and simulation exercises.
Fraudulent activities online come in varying levels of complexity, and can include phishing emails and texts, as well as hacking of websites and the publication of fake websites that replicate banking and payment sites.
Training advice staff on IT security and fraud awareness is strongly recommended by BT. Simulations on phishing can help advice teams become familiar with what to look out for, such as whether an email that appears to be from a client is in fact from a slightly different email address, firstname.lastname@example.org vs email@example.com
2. Have robust processes in place for checking identification documents
The Commonwealth Attorney-General's Department estimates that identity crime costs Australia upwards of $1.6 billion per year, with the majority lost by individuals through credit card fraud, identity theft and scams.2
In the superannuation sector, identity fraud is the most common type of fraud.3
Even if only a small amount of personal information is obtained, for example, from stolen mail such as a superannuation fund statement, perpetrators often use ‘open source’ information to piece together other information such as date of birth and contact details. Social media is often targeted by criminals for this additional data, so they can impersonate their victim and access accounts.
When verifying clients’ identification, advisers should ensure they are capturing accurate customer details – for example, their name should match the ID document exactly, including middle names.
Red flags include multiple changes to a client’s profile within a short period. Advisers should watch out for irregularities in ID documents such as different fonts and font sizes, spelling errors, and borders or lines where there should be none. Photos should also be checked diligently; for example, ensure that the photo in the ID document lines up correctly and does not look out of place.
3. Use biometrics to log into apps on your mobile and other devices
BT’s cyber experts encourage the use of biometrics across all devices, where available, especially mobile phones. On the BT Panorama mobile app, advisers and clients can log in by using face ID or fingerprint verification or a passcode.
Two-factor authentication (2FA) is another measure implemented by businesses to increase security. 2FA requires users to provide two factors, such as biometrics plus a password.
BT Panorama requires 2FA for important steps such as to: register to use the platform, use the forgotten password process view, update personal details, add billers, link bank accounts and pay anyone. In addition, adviser notifications, behavioural pattern analysis and robust bank-grade security measures help to protect advisers and their clients, and BT continues to focus and invest in this space.
Advisers may also wish to consider talking to customers about cyber security and keeping their systems or devices protected. It may help to explain that biometrics and/or 2FA can keep their account and identity more secure, compared to using a password alone.
4. Do not postpone system security updates
Advisers are encouraged to keep security programs up-to-date. Every time new malware or a trojan is discovered, security firms put out a patch that users need to download and install. It’s incumbent upon users to update their programs.
5. Avoid connecting to public wifi – but if you must, use a VPN
BT’s experts warn that using public wifi is a cyber security breach waiting to happen. Using a Virtual Private Network (VPN) while on a public wifi connection allows you to access the internet through a private network, so that your browsing is protected and that nobody can see what you're doing.
6. A password manager is not a panacea
Password managers are targets for hackers, and a few have suffered from data breaches in recent years. It’s best to remember your passwords – one way to do this is by writing down clues. In regard to the password itself, don’t share it, don’t write it down, and don’t capture it anywhere in your system.
Jason Brown, BT’s Head of Platforms Distribution, said: “Businesses large and small have been impacted by cyber security breaches, and an increasing number of Australians have been victims of identity theft or know someone who has. It’s understandable that keeping client data protected is a priority for advisers. We share this concern at BT – cyber security is of utmost importance, and we are pleased to share the expertise of our dedicated team to help advisers navigate this fast evolving area.”
2 Australian Federal Police: https://www.afp.gov.au/our-services/community-events-engagement/national-identity-fraud-awareness-week (no longer online)
3 AUSTRAC: Australia’s Superannuation Sector, money laundering and terrorism financing threat update 2022, refer to figure 4, p.18: https://www.austrac.gov.au/sites/default/files/2022-09/AUSTRAC_2022_SuperannuationCTEUpdate_0.pdf
Media Relations, BT
M: 0432 933 796