NEWSLETTERS ARCHIVE

2020_APRIL

Protect yourself.
Don't abbreviate 2020.

Chris O’Connell

Head of Marketing & Communications.

Midland Insurance Brokers Australia.

As we roll into a new year and a new decade, the 'twenty-twenties' has provided scammers with a unique opportunity to forge documents and potentially defraud you.

Even though it’s common practice to shorten the year when writing down a date, doing the same abbreviation in 2020 could leave you open to all sorts of legal ramifications.

For example, adding a '21' to the end of an old / out-of-date cheque marked 01/02/20 could potentially reinstate its value. Similarly, an agreement to pay someone a monthly amount could be back-dated to 2018, meaning you might be liable to pay considerably more than actually required.

Scam 'artists' are aptly named for a reason - they're a clever bunch and will find loopholes to manipulate you where they can. So, don't take the risk for a fix that requires minimal effort. Err on the side of caution. Get into the habit of writing the year in full when signing and dating any legal and financial documents, such as contracts and cheques.

WHERE ARE THE BIGGEST PROBLEM AREAS?

Employment contracts

Abbreviating 2020 to 20 in your employment contract could cause problems when it comes to your entitlement to certain benefits if the date were to be amended to a year or two later. This is because a lot of benefits, (e.g. annual leave, sick pay, maternity pay), are determined by your length of service and your employer could get away with paying you less than what you’re entitled to.

Loan & payment contracts

Write the date out in full when entering into any new financial contracts. If a loan contract states repayment is to start 12 months from the date it was taken out (01/03/20), the year could easily be changed to 2019 by the lender or another party. This could lead them to demand repayment straight away.

Another way you could be caught out is if they backdate the contract, making it look like you’ve had the loan for a longer period of time so they can charge you more in interest.

Vehicle transfer documents

If you buy or sell a vehicle within 2020, it’s crucial you write the full date on any ownership or transfer documents. This is because the new owner could change the date on the documents to make it appear as if you were the owner of the vehicle at a time of any motoring offence, such as speeding, red light cameras, parking fines, or even criminal activity.

Tenancy documents

If you start a new rental tenancy this year, make sure you write the date in full when signing the rental contract. Problems could occur if the landlord were to change the date on the agreement to make it appear as if you lived in the property before you actually moved in, or even after having actually moved out. This could make you liable for damages to the property that occurred before or after you were living there.

Insurance documents

It’s important to make sure that all documents to do with any insurance policies show the right dates in terms of cover start and expiry dates. Writing an abbreviated date such as 03/03/20 could be easily altered by somebody else, leading to a lot of unnecessary problems should you need to make any claims.

Personal agreements & contracts

If you loan a friend some money and enter into any personal agreements or contracts with them, include the full date by which the money should be repaid by. If the date was abbreviated, then it could potentially be changed by the other party in order to add an extra year or two on to the repayment term.

Take a little extra caution this year and write out the year in full as 2020 wherever it calls for it, because it will go a long way in ensuring you and your business are protected from back-dated fraudulent transactions and identity theft risks.

date abbreviation

Credential stuffing.
Hacker tactic a real threat to Australian SME's.

Cybercrime and hacker ingenuity continue to grow at an alarming rate, which is why effective cyber security is so challenging these days. New vulnerabilities and exploits are constantly being found, with each attack more sophisticated than the last.

However, one rather rudimentary yet effective hacker tactic that has seen a recent surge in Australia is called ‘credential stuffing’, and it poses a serious threat to Australian businesses.

WHAT IS CREDENTIAL STUFFING?

Credential Stuffing is where a hacker obtains already stolen user names and passwords, then “stuffs” them into other website logins in order to gain access to sensitive and valuable data. This type of attack is emerging as a critical new data breach risk in Australia and is considered among the top threats for web and mobile applications in 2019.

In fact, Australia is now the 5th most targeted country in the world for credential stuffing attacks.

It's a frightening stat, especially considering Australia's population in comparison to the four countries above us – US, India, Canada and Germany. We also don't rank in the 'Top Attack Sources' list; only the 'Top Attack Destinations' list, meaning we are incredibly popular with international hackers.

There were more than 100 million credential stuffing attacks made in Australia in 2018, ranking us fifth in the world. And with up to 87% of consumers reusing their passwords online, hackers have easy access to millions of credentials, often for free.

Once a hacker gains access to your accounts, they can perform a wide range of illicit actions, from data theft through to a complete account takeover. Some examples include:

withdrawing your account balance

transferring funds or points

selling access to your social media, retail store and even bank accounts on the dark web

taking multiple free trips using your Uber account

ordering food from sites like Deliveroo

accessing your company’s WordPress site in order to take control over it and use it in
other malware distribution campaigns

WHO'S MOST AT RISK?

Small to medium sized businesses (SMEs) need to be wary the most, with the finance, retail and gaming sectors particular hot spots for hackers. SMEs often have a lower security capacity due to smaller IT budgets and staff, making them prime targets.

HOW CAN I PROTECT MY BUSINESS?

TWO-FACTOR AUTHENTICATION

Two-factor authentication (2FA) is one of the most effective controls an organisation can implement to prevent hackers from gaining access to sensitive information.

It also means increased productivity. With most employees now being able to work on their mobile devices outside the office, 2FA becomes particularly helpful by securing their devices so they can safely access company-owned applications, data, and shared documents without putting your company at risk.

Users simply need to provide two different authentication factors to verify themselves, such as a primary password, plus a secondary authentication like a PIN, smartcard, or fingerprint.

It is one of the top safety practices recommended by The Australian Cyber Security Centre (ACSC) and you can read more about it here: http://bit.ly/2KXikr5.

PASSWORD MANAGERS

Password managers basically generate, retrieve and keep track of unique, long and random passwords across countless accounts for you.

They’re effective, easy to use, and businesses really need to encourage staff to use them. There are several free password manager sites, and you can check out the best of them here: https://bit.ly/2MAU3aE

CYBER INSURANCE

There’s unfortunately no silver bullet that can keep your business 100% protected from a data breach, whether the attack is driven by a professional hacker on the other side of world using credential stuffing tactics, or by one of your own staff who accidentally attaches sensitive credit card information to an email. However, a tailored cyber insurance policy is there to fill all the gaps that traditional liability and risk policies do not protect, ultimately providing you and your business with peace of mind if trouble ever strikes.

Currently two-thirds of Australian SMEs operate without cyber insurance cover, leaving them vulnerable to potentially irrevocable damage. On top of the significant direct damage costs – which average around $276,000 per attack – the indirect costs to a business can also be considerable:

A cyber-attack using credential stuffing tactics could seriously compromise your financial viability in more ways than one, so a robust cyber insurance policy is a must. At the very least, it will cover risks such as financial loss arising from lost revenue, customer churn, privacy fines and legal expenses.

Cyber-attacks can happen without much rhyme or reason these days, and with Australia being one of the top destinations of choice for hackers, why take the chance of putting your business, your data and your employees at risk.  Because at the end of the day, all it takes is one successful attack to bring your business to a screeching halt....or to put you out of business altogether.