An ACCC report found that last year, in 2023, Aussies lost over $2.7 billion in scams. I’ve known some very smart people who got caught as some of the scams are very sophisticated. Plus lots of info is getting hacked by organisations we should trust. See the article at the bottom.
Here are My Top Tips on How To Be Sensible About Sharing Personal Info and What You Put Out There
Critical Details Like Your DOB
Your DOB (date of birth) is a critical component or piece of information about your identity, but how often do people have bits of info online about themselves. Their social media profiles, say they are born 15th September without a year, but then when they have a milestone birthday, say a 40th, 50th etc, then they share that. It’s not that hard to do the math and guess the year of birth. The same goes for people with email addresses like mary72@hotmail.com. Sure, she could have been the 72nd person to select Mary, but I often think it’s their year of birth. Don’t you think scammers would too?
Check What You Email
Other critical things like personal addresses or TFNs (tax file numbers) are critical too. Never ever email this sort of info. Accountants block out the TFN on tax returns they forward, but I know an insurance broker not that long ago who sent out my policy details with my address and DOB on it. I gave them a very clear instruction to never do that again and remove that email from their system (which I did as well). Email is one of the easiest back doors for hackers to gain access to your personal information.
Loyalty Cards
Truly, does the clothing shop you’re accepting a loyalty card with really need your true date of birth? It’s just so they can send you a birthday gift; if your birthday is say 5.9.72, you could advise them 31.8.71 … it won’t really make a difference. You have no idea how great their data security actually is and who within their organisation has access to that data!
Educate Clients re Business Bank Details
Be sure to educate your clients to ensure they don’t just change bank details because you emailed them to do so, or because the details became different on your invoice. I say to my clients that I’ll never change my bank details without telling them about that during a business coaching session. Likewise, I will never pay a new supplier any amount over a certain level without verifying their bank details personally. I do this both in business and personal and whilst it takes a minute or two extra, it’s just done once in the beginning and gives me peace of mind.
Online – How Do We Protect Ourselves?
- Use multi-factor authentication
- Have a PO box, so mail can’t be stolen
- Don’t leave important info around, even at home
- Have up-to-date security on your computer
- Don’t use public wifi
- Use a spam filter on your emails
- Be super careful what you download
- Don’t open emails which look dodgy
- Never click on a link you’re not 100% sure about
- Be 1000% careful about the emails you receive; even if you have your electricity account coming from Energex, don’t assume the next one is legit; be diligent; is it from the same sender at the same time as always?
- Ensure devices have the latest security updates.
Requests for Personal Details
Recently, Trustpilot asked me to verify myself (and I understand why, to ensure my review was genuine) but they wanted my Driver’s License. No thank you – I’m not giving out that piece of info unless it’s absolutely critical. Even consider where you’re providing your face (biometrics) … is it a genuine and trusted site, or perhaps a fun site where you can try out different hair colours or test sunglasses.
Banking Tips
- Some banks allow you to ‘lock your cards’ when not in use
- Don’t buy from a site you don’t absolutely know
- If it’s too cheap to be real, it’s probably a scam
- Take care with some of the online overseas cheapo stores – I won’t mention a name, but I know a bank that has that particular site marked as risky. If you are going to buy from such a site, then use a debit card which has little money on it – so if things go astray, you won’t lose much at all.
- Monitor your accounts. Often it starts with a 10c transaction, or $5, then becomes more. Banks often notice this and will text you, however, the challenge is that they text from a number which is NOT on their website, so initially you don’t even know if the text is legit. Contact your bank through official channels and liaise with them.
AI Sites Are Not Without Risk
I get it, using AI to do tasks and help you be more productive is very tempting, but be very aware of what is going to happen with your data. Many AI platforms use your info to teach the system and that information can become less than secure. It wouldn’t matter if you used it to get some ideas for blog topics, but would you want AI sorting your emails or perhaps sitting in on a confidential online meeting? Zoom recently added an AI feature for its users and did stipulate that your data won’t be used to teach its AI system, but I have concerns. At the very least, before you use that, ensure your clients or meeting partners are ok with what they say being summarised and tabulated by an external party. Technology is advancing and embracing it is often the way to success, but first do your due diligence and ensure your data is safe.
Official Sites Like Medicare/ATO/Centrelink etc
Here is an interesting article (I’m giving you the link BUT perhaps it would be better to Google the article, rather than clicking on it 🙂 https://au.finance.yahoo.com/news/centrelink-ato-medicare-accounts-hacked-through-side-entrance-235927280.html As far as these organisations go, I really cannot give advice about how to protect yourself, other than the above. I read through the ATO site about being hacked and their advice was based on what you can do to protect yourself; but didn’t specifically cover how they will protect you – other than they say they are safe … but well, I’m not entirely convinced. I do know the ATO has implemented strategies with tax agents etc to tighten up things … so at least they are trying. So, on that note, I recommend you request from your accountant a RBA (Running Balance Account) on both your business and personal profiles (perhaps quarterly) to check everything looks right. If you see a dodgy transaction, then take action ASAP. It also allows you to check if you’re current and up to date as the ATO’s communication isn’t always great.
Remember, there are cyber security regulations for certain industries (regardless of size). If you’re a medical practice (health services) and are hacked, you legally have to report it. If you’ve a business over $3M in turnover, you have to report. This can affect trust, Government tenders and your reputation. So, the smart thing is to take care and avoid being hacked. This comes in 5 steps:
- Consider cyber security insurance if you’re a business
- Audit your system and work out your security gaps
- Put policies and processes in place
- Educate your team to ensure all staff and contractors know and follow the system
- Re-audit and ‘rinse and repeat’ to ensure you remain on track. This is absolutely an ever-evolving area that constantly needs updating and refreshing.
If you need help with getting systems in place, or staff education, or any aspect of business coaching, please feel free to reach out to me here.
