Media

LMG help brokers stay cyber safe this selling season

Written by LMG | Sep 16, 2024 2:24:26 AM
One of the biggest cyber threats facing brokers today is phishing undertaken by ‘bad actors’ looking to build deeper connections in order to steal personal data about their business and clients, cyber experts at LMG said.

The aggregator has focused on an increasingly common ‘social engineering’ approach, with LMG helping their brokers protect themselves against these hoax emails and other tactics cyber criminals are using via dedicated cyber and compliance education sessions held around Australia.

LMG’s Chief Risk Officer, David McQueen, said large diversified brokerages through to sole broker businesses are all targets for cyber criminals due to the volume of home loans brokers are handling.*

“When brokers are being sought-out for three out of every four home loans, it’s critical that everyone in their business can recognise threats while busy and under pressure,” said Mr McQueen.

LMG hosted its first joint cyber safety and compliance education session for brokers in Brisbane last week. 

“Criminals are employing social engineering to trick businesses and individuals into making mistakes,” said Mr McQueen. 

“We recently detected a phishing email where the criminal posed as a struggling first home buyer, trying to psychologically manipulate the broker into assisting them finance a property.”

The email tried to direct the broker to a folder which hosted false payslips and information about a bogus property.

“Attacks are becoming more sophisticated with attackers building trust with brokers, encouraging them to break security practices, offering up their own or their clients’ data,” said Mr McQueen.

“At LMG, we have the industry’s first dedicated cyber security coach as part of our broader compliance and safety strategy.

“We’ve invested in a tech framework that allows our brokers to share data securely, but we’re also committed to help them identify threats which are becoming more pervasive in the financial ecosystem.”

Mortgage brokerage Loan Market reported a 23% increase in pre-approval volumes leading into the spring selling season while Australia’s largest real estate network, Ray White, recorded a 16.2% uplift in the number of properties auctioned last Saturday compared to last year.

Simple tips brokers should follow include:

Multi-factor authentication

Multi-factor authentication (MFA)requires two or more proofs of identity to access information and adds another barrier of protection against hackers.

If one of your pieces of ID is compromised, having a second proof of identity barrier adds further protection.

Subscribing to a Password Manager

A password manager makes it easy to create strong passwords that are essentially impossible for an attacker to figure out, helping brokers manage their use by auto-filling login details to sites and services businesses use.

Know their data

Regular employee training and awareness to recognise and respond to cyber threats effectively. Implement these practices across everything (even smart phones) . It's as simple as Know, Assess, Implement, and Review.

Know where their data is

Recording what data brokers have, and where it is stored (for instance, Google Drive, laptop, USB, etc.). Create a list of all the data they use or store, such as:
  • Customer records including credit/debit card details, personal details, account numbers, orders and payments;
  • Business records such as the business strategy, banking details, marketing database and accounting records;
  • Intellectual property (IP), such as market research or product development plans.

Assess how vulnerable each item is to a cyber attack

  • Can the information be accessed by someone outside the business? Is information not securely stored on employees’ devices, including laptops, phones and tablets?;
  • Where is all the data stored? If it’s all in the same place - either on physical storage media or virtually in the cloud - businesses risk losing everything;
  • Is data backed-up regularly and has it been tested for recovery regularly?

Implement technical controls to help secure data

  • Block unauthorised access to networks by installing a firewall;
  • Set PINS/passwords/patterns on all devices (avoid something that’s too easy, like 123 or your first name and birthday);
  • Protect computers and laptops by setting up auto-updates on antivirus software, applications and operating systems;
  • Check cloud storage for its security standards;
  • Ensure sensitive data is encrypted, both at rest and in transit;
    Conduct regular security audits and vulnerability assessments to identify and address potential security gaps.