With the recent Optus data hack, and last week’s cyber-attack on Medibank, it is all too apparent that there is a dark side to living in the digital age. But there are so many great advantages too, and in a post-Covid environment, not many of us are willing to give up the freedom and convenience of being able to access and manage our life admin electronically.
The following information highlights the many ways both we, and key supplier Macquarie (who’s infrastructure we predominantly use to manage investment monies), employ to keep your assets safe and protect your identity.
Forrest Private Wealth
At a practice level, our security policies include the following measures:
Two Factor Authentication (2FA). For an additional layer of protection against unauthorised access, our security is enhanced through 2FA when logging into all our internal software systems (Microsoft 365, Xplan, Adobe Sign). Moreover, and where able to, this extends to the various financial product provider online portals we often frequent to obtain your account and policy detail.
As shown in the image below, 2FA asks you to provide something you know (i.e. your password) plus something you have (i.e. a mobile phone or authenticator app).
Let’s break this down further. When you log into a website, you are asked to enter your password. This is known as single factor to access an account. With 2FA, a second identification code is required, and provided to you via an SMS text or rolling code from an Authenticator app (for example, Microsoft or Google Authenticator). A hacker trying to access an account set up with two-factor authentication would need both our staff member’s password and their mobile phone to access our systems successfully.
Password Manager
A password manager is an online tool that stores, manages, and fills in the passwords we use via an encrypted database that each staff member can access with one master password. It also helps each team member build unique passwords for their account access and notifies us if a website has had a security breach. In addition, our password manager tool also recommends and advises our team if they need to update their passwords.
Personal ID
From next month, we will use the services of Australian financial services company, One Click Life, for all clients where we are required through legislation to verify your ID. This will be done using One Click Verify to assist us in raising the bar when it comes to implementing tighter controls in the digital identity verification space. Through using the service of One Click Verify your identity is maintained in a safe, secure, and fully encrypted environment outside of our ecosystem. All the while ensuring full compliance with Australian Privacy laws, and the KYC & AML/CTF requirements all reporting entities such as us are required to complete. The following link shows how One Click Verify can deliver verify you in less than two minutes.
Document Protection
Any document we send via email containing personal information is password protected. We understand this can be a nuisance when accessing. However, we believe the benefits of protecting your personal information far outweighs the inconvenience of an extra step.
Fingerprint technology
One final protection we have is physical. Those of you who have come in over the past 12 months may have noticed a requirement to knock or use the doorbell to enter. This is due to the fingerprint security systems we have in place. Put simply, no one can access our office without authority. The system allows us to look back at a history log if needed. Importantly it provides an additional layer of protection to our office and the resources we keep on site.
Because each entry is unique, unlike a passcode where every employee uses the exact numbers, it is easy to go back and identify who entered a controlled area and when.
Schemers and scammers have been around for centuries. And it should be no surprise that they too have moved into the digital world. While the above measures are tools critical suppliers, and us, employ to stay protected, there are many things you can do to protect yourself.
These bad actors are incredibly talented and are evolving their techniques to become even more convincing with sophisticated emails and carefully crafted imitations.
Macquarie
Failed Login
Let’s start at the most basic level. Failed login attempts. Macquarie will email you if there are three failed consecutive login attempts on your Macquarie Online Banking or your Macquarie Mobile banking app when initially registering your Macquarie ID. These emails are always sent from [email protected]
Forgotten Macquarie ID or Password
Retrieving your Macquarie ID is done through Macquarie Online Banking or the Macquarie Mobile Banking App – using your last name, date of birth, and having access to your registered email address. Like failed logins, these emails are always sent from [email protected].
Changing your Macquarie Password is also done Online or via the App – using your Macquarie ID and your registered mobile.
Macquarie Authenticator for Adviser-Initiated Payments
Many of you would have requested an ad hoc withdrawal from your Macquarie account over the years. Currently, Macquarie uses SMS codes for your approval, and you need to call us through your secure code for processing. While SMS is one popular option for two step (or factor) authentication, Authenticator apps, such as Macquarie Authenticator, is another two-factor authentication approach and have proven to be more secure, reliable, and even quicker as well!
From next month, Macquarie’s Authenticator will be Macquarie’s preferred verification method. Where you are registered, Authenticator only requires a tap button from your mobile to approve a transaction – so there is no more need for you to call through your secure code to us!
Schemers and scammers have been around for centuries. And it should be no surprise that they too have moved into the digital world. While the above measures are tools critical suppliers, and us, employ to stay protected, there are many things you can do to protect yourself.
These bad actors are incredibly talented and are evolving their techniques to become even more convincing with sophisticated emails and carefully crafted imitations.
If something feels wrong, your instinct is probably right.
PAUSE Were you expecting this call, email or offer? Take a second, breathe, and think. Does this feel right? If in doubt, don’t act. |
PROCESS
Have you been asked to respond to something urgently such as a delivery notification or request for bank details? Before actioning, take some time to think through whether this is a legitimate piece of correspondence. If you’re unsure, ask someone you can trust. |
PROCEED Always navigate to the organisation’s website yourself to log in. |
At Forrest Private Wealth, we never ask for sensitive account information to be provided via email or text. In line with our security procedures, a follow-up voice call and appropriate processing will always take precedence.
We’re here to help
If you have any questions or concerns, please get in touch on 9382 1866 or email [email protected]