Yet another news headline of a cyberbreach and a new cybercrime victim. This time an 83 year old property buyer in Perth’s Western Suburbs. The recent “man in the middle” breech has left a customer without $550,000 and a helpless property conveyancer trying to placate an awful situation. More details here
What could have been done to prevent this?
Unfortunately there is no silver bullet but a heightened awareness of cyber security risks goes a long way to combatting the hackers. Businesses involved in such property transactions can’t control everything a customer does directly but they can help by making cyber security a business priority.
According to a report by Oxford University’s Global Cyber Security Capability Centre, there is a need to move from awareness to tangible behaviours.
At BankVault we believe the act of conducting your banking using SafeWindow rather than your potentially infected browser is such a tangible act. Every experience increases your awareness of the risk and reminds you to share the risks with your customers. We want to change banking behavior from thoughtless to thoughtful.
You can extend this practice beyond the act of banking to your payment policy. Reach out to the community by inviting customers and suppliers to apply the same due diligence, when making payments. Much like washing your hands the simple act reminds you of the risks and sets you on a course of improved behavior.
Our desire is not to incite fear but to offer a tangible behavioral activity, which will have knock on effects. Just like making your bed every morning, this heightened due diligence will flow through your business and onto your customers.
According to the experts: to achieve cyber resilience we should focus on developing habits that eventually lead to good cyber hygiene.
Here are our recommended policy habits for BankVault customers to achieve heightened security:
- Day 1 – change your banking password when inside BankVault or SafeWindow..
- DO NOT login to do banking from any other device. This applies to all staff with bank access.
- DO NOT enter a login ID/password from a wireless keyboard. Use our SafeKeyboard.
- DO NOT click an email hotlink to your bank. Always type the web address.
- Always use BankVault to examine potentially hazardous email attachments, online folders or websites. Then logout to ensure a fresh new BankVault browser is created on next login. N.B. Complete online banking first before opening any other websites.
- DO NOT pay, give out or clarify any information about your business until you have looked into the matter thoroughly.
- Beware of supplier “change of account” details. Always phone using a trusted phone number (not one in the email) to verify. DO NOT verify via email. Create a policy all transfers over $5,000 are confirmed by a phone call.
- Beware false invoices. Follow business protocol internally to verify payments.
- Beware overpayment scams. Always ensure money has cleared in your bank before issuing refunds or products.
- Beware “The Fake Boss” scam. Don’t accept urgent or desperate email demands from the boss while traveling. Phone and verify.
For customers and consumers:
- DO NOT click an email hotlink to your bank. Always type the web address.
- Online bank account transfers. Always phone using a trusted phone number (not one in the email) to verify. DO NOT verify via email.
- Consider using a secure banking solution. Never transfer money via public Wi-Fi unless using a security solution.
- We do not recommend large money transfers via your mobile phone.