Security: Personal before Professional

Monday, July 22, 2019 10:00 AM

Security: Personal before Professional

Cybercrime hits organisations around the world indiscriminately, affecting small and large businesses alike.

The one thing that all organisations have in common, no matter what they do or where in the world they are, is that they are made up of people.  Extraordinary, average, and regular people, from all walks of life.

It is these people that are an organisations greatest asset.  However, these same people may be even more likely to be personally targeted by cyber criminals than the business itself, despite what they may think.

You ARE a target

Many people believe that they aren't viable targets for cyber criminals. "I'm up to my eyeballs in debt, and have no money in the bank.  Good luck to them getting anything out of me!".  Unfortunately, thinking that criminals are only targeting the money in your bank account is a dangerous, and incorrect assumption.

The first rule of cyber crime is: 'EVERYBODY is a target'.

You might not have large amounts of readily accessible cash, or valuable assets, but that is not the criminals immediate concern.

The key commodity that cyber criminals trade in is information.

It is this information that can be the key to generating illegitimate gains, and why it is valued so highly by criminals.

What information do they need?

You may be surprised to know that the amount of information required to cause devastation to a person's life is extremely minimal, and all too often, readily available.

With just your full name and date of birth, two items often freely given out to anyone who may ask, or simply gives you a form to fill out, cyber criminals can go to work and wreak havoc on your life.

In many instances where people have had their identity impersonated, most of the information used has been incorrect, but as long as the name and date of birth is accurate, they have managed to get away with it.

What sort of havoc could they possibly cause with just this information?

How your information can be used against you

If you don't have money in your bank, or cash laying around, how could they take your money?

While you may not have money right now, it is likely that you do have a credit rating that is good enough to allow you to qualify for a small, unsecured loan, perhaps up to $10,000.

With just your name and date of birth, cyber criminals can take out a personal loan IN YOUR NAME, take the funds, and leave you with the debt.  You may not even be aware that this has happened until much later.

Many people actually have large sums of money, they just don't have ready access to it.  Superannuation funds.  These funds are in your name, and access may be locked away from you for years via legislation, but you can usually move these funds around, especially if you are self-managing your superannuation.

With minimal information, cyber criminals can impersonate you and transfer these funds to a place of their choosing, often through many different accounts, taking this hard earned money away from you forever.

But I have security measures to stop this!

As criminal attacks change over time, security must adapt to protect against them.

One modern security measure, that I highly recommend, is two-factor authentication.  This usually involves a username and password, and a second step where a security code is emailed or sent via sms to your phone, which you can then enter, ensuring that it is you attempting to gain access.

While this method is much more secure than simple username and password only, what happens if you have lost control of your phone or emails?

Using just your name and date of birth, again, cyber criminals can sometimes transfer control of your phone account away from you, to a sim of their choosing.  Once they control your phone account, where do the text message codes for the two-factor authentication get sent?  Directly to the new owner of the phone account.

While they have your phone account, it can be a simple matter to change the address on the account, run up charges, upgrade the phone, and any number of other, costly endeavours.

All of which will, eventually, be charged back to you.

This wouldn't really hurt me

Yes.  It would.

The lasting impression I have taken from my time as a police officer, is the devastating effect on the victims of crime.

The impact cyber crime can have on an individual and their family can not be overstated.  I have spent countless hours and days talking directly with victims, as they relay how their life has changed since they were attacked, since they lost their money, their home, their job, their identity, unable to stop crying.

Often, the money taken can never be recovered.  Credit scores can be devastated.  Your financial future put in jepoardy.

Lives have been ruined by small bits of personal information in the hands of skilled and ruthless criminals.

How can you stop this?

While it may seem that I am painting a bleak picture here, all hope is certainly not lost.

Safeguarding your information is important, and should be treated very seriously.  Simple changes can make a world of difference.

If you are joining a gym, or signing up for a website newsletter, or opening a social media account, ask yourself - do they really need my middle name, or my exact date of birth?  I would suggest they do not, and you don't need to supply it, despite what they ask for.  Tell a little white lie, and keep your information safe.

If you are talking about your tax returns or signing up for a superannuation fund, then, by all means, tell the truth and give your details fully and accurately.  But, use your discretion when giving out your information.

The Australian Government has some excellent resources available to help with understanding how to avoid being caught out, and to help victims of cyber crime.  I highly recommend that you take a look at what they have to offer.  I have included links to some of these resources at the end of this article.

How does this effect your business?

All of the victims of cyber crime are people, and their lives are often changed forever.

Invariably, these victims have regular jobs, and the serious impact on their personal life also, to a certain degree, impacts their professional life as well.  At the very least, and without trying to sound callous, their performance at work can suffer, sometimes dramatically.

This is where 'Personal Before Professional' comes in, and the benefits of this approach are many.

When good habits protect the individual, they don't suffer from the losses mentioned, and the inevitable problems they bring.  This means the organisation they work for doesn't suffer from the effects as well.

But it is more than that.

When people develop secure habits, as result of understanding the consequences and importance of their information and their actions, they become more careful, and safe with their own information.  These habits filter through to their actions in the workplace, manifesting in a more attentive and conscientious staff member, who is less likely to divulge that guarded information, or click that risky link, or fall for that telephone scam.

By encouraging individuals to develop their personal safety skills, organisations are not only protecting their people, they are also protecting themselves, and their future.

Presentations

The video series below was captured at a RIMPA (Records and Information Management Professionals Australia) conference in 2019, where I made a presentation to the attendees on the importance of the Personal B4 Professional approach, and outlined some of the cases and incidents I have worked on.

If you would like to arrange your own presentation on this topic, or any other related Information Security area, please contact us today via our website contact page or email us at contact@wyldlynx.com.au to discuss.

Resources

Government resources and their offerings for prevention, and assistance for victims of cyber crime:

staysmartonline.gov.au

• Has guides on how to protect yourself and your business
• Has an excellent alert service

• Run by ACCC, supplies information on all scam types, not just cyber related
• You can report scams here and has an alert service
• Has an excellent 'Get Help' section, including how to help family members affected by scams

• Offers a 'Cyber First Aid Kit' and self-help guides
• Includes a learning centre, prescription and treatment page
• Has trained councillors that offer phone or email support for affected persons

• Run by eSafety Commissioner, receives complaints relating to cyber bullying and online image abuse
• Offers support and educational links for online bullying and image abuse

About the Author

Michael Leboydre has served with the Queensland Police Service, culminating in his time as a Detective with the QPS Cyber Squad. During more than two years with the Cyber Squad, Michael conducted investigations and liaised with other state, national and international Agencies on many cases involving fraud, identity theft and other cyber crimes, including many originating in Queensland and heading interstate or overseas, and coming back the other way.

As a result of witnessing first hand the impact these crimes have on unsuspecting members of the general public, through investigations and victim statements, Michael has since devoted his time to educate all who will listen on how they can reduce their risk and exposure to these serious crimes and their devastating consequences.