With a brief pause for thanks and a nod to fortune I have to say that we are pretty careful in our office. So when one of the team received an email that has been made to look like it was from me, but asked for details of how much money was at hand, and whether an urgent transfer could be made today, they immediately suspected it was a con. It was brought to my attention and will feature as a good example - we like to catch people doing things right, and celebrate them - in our next team meeting. It is also a reminder that even small businesses need good processes: the way our financial management is set up this kind of attack could not be successful, it did not rely solely on a human identifying the problem - we have systems. Systems can operate even with people being absent-minded, away, or replaced with an inexperienced person.
There has been an incredible increase in cyber attacks in New Zealand. An inflection point has passed with more than 100 businesses per week suffering the encryption - ransom attack. I hope that more effective counter measures can be develop and in the meantime suggest that you practice good general security, and read this: link.
Craig Richardson, CEO of Wynyard Group wrote this article on LinkedIn 'Five High Consequence Crime and Security Trends for 2016'. Richardson wrote a similar article in January of 2015 and uses this article to reflect on is assumption.
Here are his list of high consequence crime mega-trends for 2016 (in more detail here):
- Decline of traditional crime in developed countries
- Growth of trans-national and serious organised crime
- Globalisation of new generation extremism
- Rise and proliferation cyber warfare
- The path to fifth generation warfare will be defined and exploited
It is easy to see these trends in action. Take a look in your spam email folder and you will see dozens, if not hundreds, of attempted frauds and scam attempts. Every few weeks we have one of those idiots phone our landline and offer "Windows Support". I have never reported to the Police a single attempt, yet if someone had broken a window in my home and run off when the alarm was tripped I would have done so. I therefore believe that only a fraction cyber crime (attempts) are actually reported, and many minor scams will go unreported too.
But what about your business? The IT manager of a mid-sized adviser business said that they were subjected to an attack on their servers recently. It was amateurish and easily repulsed, but it is real. These attempts will get more sophisticated. We need to keep working on this issue across the industry. The banks and insurers that invest a lot more in security than smaller advice businesses in their value-chain could be sharing more information to help advisers make their systems more robust.
Hat tip, Mark Solomon on LinkedIn for the article.
According to the UK's Money Advice Service (MAS):
UK consumers have lost more than one working day dealing with the fallout from online crime and nearly £134 per person, according to Norton Cybersecurity.
Here in New Zealand there is some dispute as to the number, this source reckons about $288 million a year, and this source says it is more like $463 million to $625 million. A rough average means that on a per adult basis we are experiencing similar levels of cyber crime to the UK. That makes sense, house-breaking is rarely international, but cyber crime is routinely international.
But what really surprised me was what MAS had to say next:
Despite this, 42% of us that have had our security compromised haven’t taken the time to change our account passwords afterwards.
Wow... so perhaps one of the most valuable things a financial planner can do for a client is probably really simple: to get them to change their passwords on all financial accounts accessed online. Insist they make them strong and unique, using an approach like this one.