Cyber Security for Your Finances
Written by Chamila Jennycloss
In the past three months, how many times did you visit the local branch of your bank? During the same period, how many times did you use your mobile banking app to view transactions, pay bills or transfer money? From banking and investments to shopping and bill payments, our financial lives are integrated with the digital world; simplifying the way we do things, adding convenience to our transactions and opening doors to a wide range of financial products and services hitherto inaccessible to many. According to the Reserve Bank of Australia, in 2022-23, an Australian, on average, made 730 electronic transactions in comparison to 330 a decade ago. This unprecedented increase in digital activities, especially in the post-Covid era, highlights the need for robust cyber security measures, not only for businesses but also for the consumers.
From phishing attempts to malware to identity theft, a myriad of cyber threats is seeking to exploit vulnerabilities in our cyber activities. As the technology evolves, so does the complexity and sophistication of the cyber threats, requiring the everyday consumer to be continually vigilant in addressing these threats. While seemingly daunting, there are several simple steps we all can take in managing and reducing our exposure to a cyber-attack.
Strong passwords
This is a key step in minimising the risk of a hacking attempt. We all have at least a dozen different logins we use regularly and the compulsion to use the same password for everything is tempting. However, creating unique random passwords for your various logins will exponentially reduce the risk of being hacked. When creating passwords, it is important to avoid using personally identifiable information such your date of birth, names of your children or partner or even the name of the street you live in, as these can be easily guessed by a hacker trying to gain access. Instead, put your creativity to work to produce unique, yet easy to remember passwords. Try using a mnemonic or the first letters of a phrase and use a combination of upper- and lower-case letters, numbers and symbols; for example, ‘Big Brown Fox Jumped Over The Lazy Dog’(B8FJ@t7d). A recent study by Hive Systems calculates that it would take a hacker 17 years to uncover a unique, 8-character password such as this. Most hackers wouldn’t bother to waste that much effort, they will simply move on.
Multi-factor authentication (MFA)
This is another extremely effective mode of protection against a cyber-attack by requiring two or more independent verifications of your identity before granting access. Most financial institutions now require you to enter a one-time password (OTP) sent to your registered mobile number as a second identification point and other options include authenticator apps, physical tokens etc. MFA operates as a dual security checkpoint (think of it as needing a key as well as an alarm code to enter a house) and requires the combination of two or more factors (Australian Cyber Security Centre 2022):
· something you know (a PIN, password or passphrase)
· something you have (a smartcard, physical token, authenticator app, SMS or email)
· something you are (a fingerprint, facial recognition or iris scan)
While this may seem excessive or inconvenient to some, enabling MFA provides you an extra layer of protection against cyber-attacks and credential stuffing (using a stolen password across multiple logins in an attempt to gain access).
Regular software updates
Having updated software on your devices is of critical importance as software providers regularly review their systems to identify any vulnerabilities and take corrective measures to bridge any gaps they identify (Australian Signals Directorate). Additionally, they continually upgrade their systems to address new and emerging trends in cyber threats. These modifications are then transmitted to the end user through software updates and patches, generally requiring the end user to authorise/activate the updates/patches. How many times have you logged into the laptop to be told that there are updates waiting your authorisation? It is tempting and convenient, especially when in a hurry, to cancel these so that you can continue with your work, however, it could leave the security of your device severely compromised and your data at risk. Instead, schedule your updates to a time you are not using the device, such as in the night, to minimise the disruptions to your activities. This will ensure that your devices are protected with the latest upgrades the providers have launched.
Secure internet connections
This is a connection that uses encryption protocols to protect the data. A secure connection, such as a VPN (Virtual Private Network) protects data from unauthorised parties, identifies and authenticates the recipient of the data and ensures that the data has not been tampered with. Using a VPN allows you to mask your IP address while browsing, preventing your activity and data being tracked. Additionally, avoid connecting to public wi-fi hotspots regularly; especially if you are accessing personal or sensitive information. If you need to access sensitive information away from your trusted network, use your mobile hotspot instead, as it requires an encryption key to access the data and this key is unique to your device. Invest in a malware protection software or activate the features offered by your operating system and regularly check the threat reports they provide to understand any threats you are exposed to or have the potential to be exposed to.
Beware of scams
According to the Australian Competition & Consumer Commission (ACCC), in 2023, Australians are estimated to have lost approximately $2.7 billion to scams. These scams are largely orchestrated by offshore criminals using phone calls, text messages, emails and social media to access financial information. Other forms of scams regularly used are honey-traps, threats and extortions, job/employment scams and impersonation (Scamwatch). ACCC has also warned of an emerging trend where the victims of a previous scam are targeted by scammers offering to recover the previously stolen money for an upfront fee (ACCC 2024). Australians aged 65 and over were the most commonly targeted victims of scams and scammers also target vulnerable members of the community such as Indigenous Australians, members of culturally and linguistically diverse communities and people with a disability (AUSTRAC 2024). Scammers have mastered the art of appearing legitimate and may even target you at times you are most vulnerable; tired, busy or overwhelmed. Hence, staying alert and vigilant is vital in thwarting these criminal activities and protecting yourself. Check your bank and credit card statements regularly for any unusual charges, be aware of who has access to what information regarding your financial, medical and other sensitive data, be mindful of what you share on social media as scammers use all this information to create a persona that will appear authentic and trustworthy to you.
The threats posed by cyber criminals are real and ever evolving, but by understanding the risks and implementing best practices, individuals can create a vigorous defence against these crimes and significantly reduce their vulnerabilities. Remember, cyber security is not a one-time effort but an ongoing process in safeguarding your financial well-being. As technology evolves, so must your defences against criminal activity to ensure that your wealth and your family’s wellbeing remains secure.
Read More:
Reserve Bank of Australia – Payments System Board Annual Report – 2023 – https://www.rba.gov.au/publications/annual-reports/psb/2023/the-evolving-retail-payments-landscape.html
Hive System – Are your passwords in the green – https://www.hivesystems.com/blog/are-your-passwords-in-the-green
Australian Cyber Security Centre, Protect yourself: Multi-factor authentication – https://www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-security-guides/protect-yourself-multi-factor-authentication
Australian Signals Directorate – Update your device – https://www.cyber.gov.au/learn-basics/explore-basics/update-your-devices
Australian Competition & Consumer Commission – Targeting Scams: Report of the National Anti-Scam Centre on scams activity 2023 – https://www.accc.gov.au/system/files/targeting-scams-report-activity-2023.pdf
Scamwatch – Types of Scams – https://www.scamwatch.gov.au/types-of-scams
ACCC – Criminals targeting victims of previous scams promising financial recovery – https://www.accc.gov.au/media-release/criminals-targeting-victims-of-previous-scams-promising-financial-recovery
Australian Transaction Reports and Analysis Centre – Money Laundering in Australia – https://www.austrac.gov.au/sites/default/files/2024-07/2024%20AUSTRAC%20Money%20Laundering%20NRA.pdf