Security Safety Tips

At LMG we’re committed to keeping our brokers and their clients' information security safe. We take the protection of our customers' personal and financial privacy information very seriously. Here are some tips for keeping you and your business safe.

Elevate your account security — subscribe to a Password Manager today.

Credential theft is a major challenge in today’s ever-changing digital landscape, with cyber criminals employing diverse tactics like fake login pages, phishing, malware, and social engineering to steal usernames and passwords.

That’s why we believe in using a password manager — making it easy for you to create, remember, and use strong passwords across all your devices. Here’s how a password manager can benefit you further:
You can securely share passwords with your colleagues, ensuring everyone has access to the passwords they need without compromising security.
You can access your secure passwords on any device you use, enhancing both security and convenience.

LMG partners with an industry-leading password manager to make acquiring one of these services easier and cheaper for our community. If you would like to get discounted access to an industry-leading password manager, speak to your LMG Support Manager or ask@lmg.broker today.

How does a password manager keep you cyber safe:

A password manager makes it easy to create strong passwords, generating passwords that are essentially impossible for an attacker to figure out with a brute-force attack, and helping you manage their use by auto-filling login details to sites and services you use. It is also essential to regularly update your passwords, and a password manager can remind you to do so.

It makes it simple to manage unique passwords for every account. Imagine you signed up for a new site or app then, six months later, it was breached and every user’s password was leaked. If you use the same password for everything, a criminal will discover your leaked password and could try to use it to access other accounts you own.

A password manager will not populate your credentials into a malicious site, it will recognise the difference between a site or service you use, like your financial institution, and one that has been built by an attacker to trick you.

Know your data

To keep your business data safe you need to implement safeguards across your technology, processes and people. This includes regular employee training and awareness to recognise and respond to cyber threats effectively. We recommend you implement these practices across everything (yep, even your phone) . It's as simple as Know, Assess, Implement, and Review.

Know where your data is

This simply means recording what data you have, and where it is stored (for instance, google drive, laptop, usb, etc.). Create a list of all the data you use or store, such as:

Your customer records including credit/debit card details, personal details, account numbers, orders and payments.
Your business records such as your strategy, banking details, your marketing database and accounting records.
Your intellectual property (IP), such as market research or product development plans.

Assess how vulnerable each item is to a cyber attack. To do this, ask yourself:

Can the information be accessed by someone outside your business? Think about information that may not be securely stored on your employee’s devices, including laptops, phones and tablets.
Where is all your data stored? If it’s all in the same place - either on physical storage media or virtually in the cloud - you risk losing everything.
Is your data backed up regularly, and have you tested for recovery regularly?

Implement technical controls to help secure your data:

Block unauthorised access to your network by installing a firewall
Set PINS/passwords/patterns on all your devices (try to avoid something that’s too easy, like 123 or your first name and birthday. You can ‘auto-generate passwords, which are a random selection of numbers and letters) .
Protect computers and laptops by setting up auto-updates on your antivirus software, applications and operating systems.
Check your cloud storage for its security standards.
Ensure sensitive data is encrypted, both at rest and in transit.
Conduct regular security audits and vulnerability assessments to identify and address potential security gaps.

Review the Essential 8

The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help organisations protect themselves against various cyber threats. The most effective of these mitigation strategies are the Essential Eight.

Check out the Essential 8 here.

Be cyber security aware

Phishing

Phishing is designed to trick you into giving out your personal information, such as address, bank account and credit card numbers and passwords.

Usually these messages pretend to be from a legitimate business, such as a bank or large retail, and they will entice you to click on a link or download an attachment.

The links will take you to fake websites that look very similar to the ones they’re copying but are designed to get your personal information by encouraging you to complete application forms or surveys. Attachments in these emails contain viruses or other forms of malicious programs that can infect your computer.

While phishing is usually sent via email, phishing also occurs via phone, SMS, and social media (like Facebook marketplace).

Tips for spotting a phish

Name of senders can trick you	Email addresses and from domains can easily be faked, it is a good idea that you check where emails are coming from on suspicious emails, even if they appear to come from a trusted sender.
Is it too good to be true?	If it sounds too good to be true, it probably is! Phishing attacks use fake rewards to tempt victims into taking action.
Check for typos	Attackers are often less concerned about being grammatically correct. This means that typos and spelling errors are often evident in messages. Such errors in an email could be a good indication that the message is not genuine.
Do not share sensitive information	Any email that asks for sensitive information about you or LMG is suspicious, and no bank will ever ask for personal information over email.
Do not fall for urgency	Phishing attacks use scare tactics such as urgency and authority to trick victims into taking immediate actions. Emails that ask to share personal information, make cash or gift card transactions, or request an immediate password change to maintain access to an account are ‘phishy’.
Hover but do not click	Hover over any links, if the alternative text does not match the display text, or if it seems strange do not click.
Attachments can be dangerous	Similar to links, hover over attachments to check for an actual link before you click on them or download them. But if you are still unsure of the sender, do not click on the link.
When in doubt, alert us	If you suspect that the security of your work device or data has been compromised, inform the InfoSec team, Scamwatch, or IDCase immediately.

Know an impersonation scam

An impersonation scam is where scammers pretend to be government officials, well-known companies, law enforcement or even family and friends in order to gain money or access to your sensitive information. An impersonation scammer could even be trying to convince a client they represent a solicitor or the broker in a lodgement process in order to gain access to a loan deposit.

What to do if you receive a scam message?

If you think you've been a target or victim of a scam, report it to the Australian Cyber Security Centre

Additional Resources and Feedback

For more information on our cybersecurity practices and to stay updated with the latest trends as an LMG customer, check out the MyCRM knowledge base. Your feedback is crucial in helping us improve our security measures. If you have any questions or suggestions, please contact us at ask@lmg.broker.