Cybersecurity is a real and present danger for the superannuation sector and while the recent attacks have been on big funds, self-managed super funds (SMSFs) should also be aware of the damage that can be done and how to prevent it.
Australians lost over $2 billion to scams in 2024, according to the latest National Anti-Scam Centre’s targeting scams report. The majority of the losses were from investment scams, amounting to $945 million, followed by $157 million lost to romance scams.
In the age of Artificial Intelligence (AI) and the increasing prevalence of both voice and video deep fakes, it’s more important than ever to be diligent when it comes to cybersecurity around your SMSF.
Some financial institutions, like the National Australia Bank, provide free online webinars, but you can also conduct your own cybersecurity check.
To get you started on your own SMSF cybersecurity audit – something you should conduct on a regular basis – we have put together the following eight-question quiz.
Free eBook
SMSF investing essentials
Learn the essential facts about the SMSF investment rules, how to create an investment strategy (including templates) and how to give your strategy a healthcheck.
"*" indicates required fields
SMSF cybersecurity questionnaire
1. Do all your SMSF programs and platforms have two or multi-factor authentication?
Multi-factor authentication is an important cybersecurity safeguard. This involves having more than a single password to get into any program or trading platform you use to hold or transact SMSF funds.
Multi-factor authentication requires a combination of two or more proofs of identity to give you access. This could include something you know (pin or secret question), something you have (like a token) and something you are (like a fingerprint). You might already be familiar with authenticator apps and physical tokens, which are also used in multi-factor authentication.
2. Are you using hard-to-detect passwords (not birthdates/family member names and the like)?
It is vitally important to be diligent with your passwords and not use names, numbers or dates that could easily be traced back to you.
The Australian Cyber Security Centre (ACSC) says that while it may be tempting to reuse a password, it can put all your devices and accounts at risk if compromised.
One option is to use a password manager that can randomly generate a strong password for you and remember it, along with all your other passwords. Password managers can be local to one single device or be held in the cloud.
“To access a password manager, you only need a single master password, key, PIN and/or biometrics,” the ACSC says.
3. Are you automatically updating all your software and apps as prompted?
Those annoying little reminders and prompts about the latest software or app update are there for a reason. They very often include updates to security protections, but ultimately, they should make your programs and your computer more secure and harder for scammers to access once you complete them.
4. Are you backing up data regularly?
Backing up your data will stop important information and files from being lost. The Australian Taxation Office (ATO) asks SMSF trustees to keep many records for a minimum of five years and some documents for much longer. So, it’s important that vital information won’t be lost or corrupted and it’s also important that the backed-up data is stored responsibly and is protected from scammers too.
5. Do you delete emails or any correspondence with unknown or suspicious emails, texts or social media messages?
Questionable emails from unidentified senders should always be deleted as soon as possible. Even if it looks like it’s from a regulator such as the ATO, be very wary if it is asking for important and confidential information. One way is to check the email address itself, not just the sender’s name that pops up. Even so, scammers are getting increasingly sophisticated. NAB’s webinars explain how to spot phishing emails.
6. Are you careful what you share on social media?
You may or may not be a social media user, but if you are, be careful what you share. Even if it seems innocuous, a picture of your SMSF’s holiday house investment, for example, could alert someone to the fact that you have an SMSF and that could begin their search for further details. Posting information about holidays also lets scammers know you’re not home and other personal information could offer clues for deciphering your password. Potential identity thieves could also glean enough information to impersonate you to your financial providers.
Scammers can also target you through social media messaging and requests for information or to complete an online quiz. So be wary of any unsolicited messages and make sure you have strong privacy and security settings.
7. Are you aware of current cybersecurity threats and how they could impact you?
The ACCC’s Scamwatch website is a good place to start your cybersecurity review. They offer an alert service you can sign up for that will notify you of the latest scams. The Australian Cyber Security Centre (ACSC) also has a list of common cyber threats and what to watch out for.
8. Have you asked your service providers whether they have professional indemnity and cyber insurance that covers cybersecurity threats?
Most reputable SMSF and financial service providers will have relevant insurance but that does not mean you should not ask. The question may be a timely prompt for them to check their existing policies to make sure they include all potential cyber threats.
Supercharge your SMSF
"*" indicates required fields
You should also ask them if they provide cybersecurity training for employees. And always remember, you can take your business elsewhere if you don’t like the answer they give or if they are unwilling to answer.
Leave a Reply
You must be logged in to post a comment.