By Steven Castelletto
It is that time of year again where we step away from the numbers and tax legislations to discuss cybersecurity.
2020 was an interesting year from an IT perspective. While us accountants were scrambling to assist clients with JobKeeper and what feels like a few hundred other Job[AgentNoun] subsidies, the IT world was in chaos struggling to set up remote desktop infrastructure for their client-base running 10-year out of date hardware.
The demand for remote access was unprecedented. It pushed the limits on the NBN network as well as the patience of its users while they were on hold with their internet providers trying to work out why their previously green light was now a red flashing light.
With this demand came a world of opportunity for the humble online scammer. So many employees were pushed off their securely monitored workstations onto the same computers their kids have use to download Minecraft game mods from flashing ad banner infested forum boards. Computers outside of the walled gardens of secured business networks were ripe for the picking.
As we got further into the year, in most states (Sorry Vic, and more recently SA), many of us began physically returning to work and relying less on remote desktop, reducing opportunities for online scammers to target business data as we started working behind secured networks again.
Now as we approach the holiday season, many of us are distracted trying to finish as much already backed up work as possible before the holiday break. This makes us more prone to making mistakes in areas that we feel are not an as important as what is right in front of us.
For example, we may be more prone to:
“Oh, it’s asking for a copy of my driver’s license to verify my identity for re-delivery. Well I was expecting my son’s Christmas present in the mail this week and I do not have time to pick it up myself. Please see attached.”
- Victim of identity theft, 2020
“Just my bloody luck that someone would scam me. I have bills to pay, so cannot afford to lose access to my account. Lucky the bank notified me.”
- Victim of bank fraud, 2020
We like to think we are not gullible enough to fall for such scams, but human nature trumps. Most of us when focused on what we deem to be most important tend to more readily trust information put in front of us for things that seem less important. It is these lapses of attention that can unfortunately result in disproportionately harsh consequences occurring in our everyday lives. Scammers thrive on these minor errors.
So, what can you do about it?
Honestly, you could have the best computer security in the world, and it would still only be the second-best tool at your disposal. Well, aside from moving to the mountains, destroying all technology you own, and wearing a tin foil hat for the rest of your life.
The greatest weapon you have at your disposal to combatting scammers is a healthy level of skepticism.
Skepticism allows you to stop, think, and analyse the situation before acting. It allows you to seek alternatives to what is immediately in front of you.
In the examples before, had these victims picked up the phone with the post office or their bank and sought to verify the emails authenticity, or had they spent an extra minute looking closer at the finer details of the email such as the poor grammar, bad quality logos, odd looking website addresses, they would have known these were not legitimate.
So, before you click that link from your bank requesting urgent action, or open that attachment from a random company claiming you have an unpaid invoice, or return that phone call from a number with an overseas phone extension, take a minute to decide whether you trust the origin of the contact at all.
If not, just delete it.