Recently, while dabbling on my personal laptop at home, I decided it was time to delete my spam folder. I clicked on the folder and waited for the emails to flood in. As well as just clearing for the sake of clearing it, I was looking for a specific email that I hadn’t yet received, despite the sender assuring me it had been sent.
And then I found something that made my heart leap outta my chest and my eyes pop wide.
Right there, spelled out exactly and staring back at me, was an email showing one of my passwords. It was an old password that I had once used for social media accounts, but I’d updated since I began working at AMCouncil and became increasingly aware of my personal data as an asset. The email stated that the sender had gained access to my laptop, all accounts, and my webcam, and was demanding a bitcoin payment. I yelled to my technical and IT adviser (AKA the husband), who promptly ran a malware program as I deleted the entire spam folder.
It got me to thinking though, about how phishing campaigns prey on people’s trusting nature. According to the Australian Competition and Consumer Commission (ACCC) Australia is about to reach a new, yet highly unenviable record: huge losses in money due to scams. Losses reported to ACCC and other government agencies are expected to equate to over $500 million by the end of 20191.
How does this happen?
An alarming number of people still use the same username and password for multiple accounts. Equally, many people simply believe they’re too clever to fall for a scam; and a vast number of us still hold a stereotypical image of a lonely, socially awkward male working out of a room in his mother’s house (as in Die Hard 4.0). These three foolhardy and naïve mindsets make it very easy for cyber crooks to hack—with unrestrained glee and near-unrestrained access—into our accounts. We just don’t see cyber criminals as a highly organised, professional operation with numerous people working for them. But that is exactly how they are set up these days and therefore precisely how we should perceive them.
A scam comes in many different forms. It can come as a direct threat, as per the email I discovered in my spam folder, or an offer of a whirlwind romance (and who amongst us isn’t a sucker for a love story?). There are fake charities, inheritances and prize money, as well as emails or phone calls from banks, the police, and the Australian Tax Office.
Cyber safety is everyone’s business. At our recent symposium, James Price from Experience Matters spoke on information assets and defined them as data, records, documents, content and knowledge in all forms, such as paper, digital, film and headspace2.
Businesses need to be acutely aware of data as an asset and the gaps where that data can fall through; often those gaps are found in third-party involvement, those connections and digital transfers of information between organisations. Third-party involvement for businesses is like opening the door of your home and inviting thieves in to take whatever they like. Give them the keys to your new Audi while you’re at it.
It’s not all bad news, though. Many industries, particularly our critical infrastructures such as power and water are taking information assets and their security seriously. Certainly the government and our banks are on board with data security too. For all industries and businesses though, securing data is not something that’s done once, ticked off and filed away. It’s an ongoing audit on the business’s security and risk measures. It’s the ongoing classification of information assets and technology and understanding how they are important to your business. Don’t let cyber criminals come knocking.
How is your business protecting its data? Maybe you know someone who’s fallen victim to a cyber scam. Let us know your thoughts by leaving a comment.
Please consider joining our Data in Asset Management Special Interest Group to learn from those in roles similar to yours.
Linda Kemp, Communications Specialist, Asset Management Council
2 Price, J. (2019), ‘Research Findings: the challenges to and benefits in managing your data, information and knowledge as a strategic business asset’ Experience Matters Pty Ltd, South Australia