Cybersecurity just became the sexiest term in town.  

Since the successful hackings of Optus and Medibank consumers are starting to ask appropriate questions of the companies and institutions they deal with. Specifically, about the measures taken to protect the data they share with them.  

I was fortunate to be a part of a global innovation tour with Macquarie to the USA recently. As part of the tour, we visited Google HQ in Silicon Valley, where during one presentation, data was provided to us showing that 94% of all malware (intrusive software that is designed to damage and destroy computers and computer systems) originates from emails and attachments. 

Further to this, 80% of security incidents are phishing attacks. Phishing attacks are when scammers send communication, usually an email, but can also be a phone call or SMS, disguised as being sent from a trusted sender. The purpose of this attack is to steal confidential information or make it unavailable. 

Hackers successfully infiltrated Medibank’s system by obtaining the credentials of a senior Medibank executive, and while Optus reported their attack was sophisticated, Australia’s Home Affairs Minister has suggested the attack was in fact basic and has accused Optus of leaving their systems vulnerable. 

The point is, most cyber-attacks are not sophisticated at all. They mainly stem from a basic scam where someone clicks the wrong link or attachment or unwittingly shares sensitive information. Unfortunately, in many cases, there is no easy fix.   

At Hewison Private Wealth, we are acutely aware of our responsibility to protect the sensitive information our clients provide us with, and just as importantly, have appropriate measures in place to ensure client assets, including cash accounts, are protected. 

Here are just some of the measures we take to protect client data and assets: 

• We have a culture of compliance, including cyber security. That means, we constantly discuss examples of cyber-attacks and what to look out for, such as checking the email address of the sender, and regularly display examples of phishing emails at weekly team meetings. 
• We ensure that all third-party, cloud-based software providers, such as Salesforce, meet global standards around data encryption, and we ensure that all data is housed on cloud servers here in Australia. 
• The systems that house the most sensitive client information all require two factor authentication. That means, when a Hewison Private Wealth team member logs into the system using their password, they also need to authenticate the login attempt via an authenticator app on their mobile phone.  
• As a client, if you request a cash transfer from a Hewison Private Wealth managed bank account, you are required to provide your password over the phone to a Hewison Private Wealth staff member. Emailed cash transfer requests are also confirmed by one of our team members over the phone. 
• We balance our client bank account daily, to ensure all transactions are verified. 
• Share trades can only be executed by our office after approval from you, the client, and trades must settle through the linked bank account. 
• Hewison Private Wealth staff members are required to change their software passwords consistently. We will soon be moving to a password manager that generates complex passwords on behalf of staff. 

Remaining resilient to cyber-attacks and fraudulent activity will continue to be our most significant priority above everything that we do. 

We are relieved that to date, we have avoided a serious attack, but we know it is coming and will do our absolute best to be prepared. The attacks on Optus and Medibank are very timely reminders to us all that cyber-attacks are a part of life. Remaining vigilant and on high alert is very much part of daily life.