Cybersecurity and the Dangers of Distraction
By Steven Castelletto
It is that time of year again where we step away from the numbers and tax legislations to discuss cybersecurity.
2020 was an interesting year from an IT perspective. While us accountants were scrambling to assist clients with JobKeeper and what feels
like a few hundred other Job[AgentNoun] subsidies, the
IT world was in chaos struggling to set up remote desktop infrastructure for their client-base running 10-year out of date hardware.
The demand for remote access was unprecedented. It pushed the limits on the NBN network as well as the patience of its users while they were
on hold with their internet providers trying to work out why their previously green light was now a red flashing light.
With this demand came a world of opportunity for the humble online scammer. So many employees were pushed off their securely monitored
workstations onto the same computers their kids have use to download Minecraft game mods from flashing ad banner infested forum boards.
Computers outside of the walled gardens of secured business networks were ripe for the picking.
As we got further into the year, in most states (Sorry Vic, and more recently SA), many of us began physically returning to work and relying
less on remote desktop, reducing opportunities for online scammers to target business data as we started working behind secured networks
again.
Now as we approach the holiday season, many of us are distracted trying to finish as much already backed up work as possible before the
holiday break. This makes us more prone to making mistakes in areas that we feel are not an as important as what is right in front of us.
For example, we may be more prone to:
- Click that Australia Post link advising you have an undelivered package.
“Oh, it’s asking for a copy of my driver’s license to verify my identity for re-delivery. Well I was expecting my son’s Christmas
present in the mail this week and I do not have time to pick it up myself. Please see attached.”
- Victim of identity theft, 2020
- Click the link in an email with your Bank’s logo claiming your account was compromised and you need to log in to secure it.
“Just my bloody luck that someone would scam me. I have bills to pay, so cannot afford to lose access to my account. Lucky the bank
notified me.”
- Victim of bank fraud, 2020
We like to think we are not gullible enough to fall for such scams, but human nature trumps. Most of us when focused on what we deem to be
most important tend to more readily trust information put in front of us for things that seem less important. It is these lapses of
attention that can unfortunately result in disproportionately harsh consequences occurring in our everyday lives. Scammers thrive on these
minor errors.
So, what can you do about it?
Honestly, you could have the best computer security in the world, and it would still only be the second-best tool at your disposal. Well,
aside from moving to the mountains, destroying all technology you own, and wearing a tin foil hat for the rest of your life.
The greatest weapon you have at your disposal to combatting scammers is a healthy level of skepticism.
Skepticism allows you to stop, think, and analyse the situation before acting. It allows you to seek alternatives to what is immediately in
front of you.
In the examples before, had these victims picked up the phone with the post office or their bank and sought to verify the emails
authenticity, or had they spent an extra minute looking closer at the finer details of the email such as the poor grammar, bad quality
logos, odd looking website addresses, they would have known these were not legitimate.
So, before you click that link from your bank requesting urgent action, or open that attachment from a random company claiming you have an
unpaid invoice, or return that phone call from a number with an overseas phone extension, take a minute to decide whether you trust the
origin of the contact at all.
If not, just delete it.
Steven Castelletto
Accountant