Keep safe with multi-factor authentication


With news of cyber attacks on a global scale hitting the headlines this week we spoke with Chief Information Security Officer for the White Family Group, Simon Horn, about how business owners can stay safe and how Loan Market is combating potential threats.

Q: Why is proper password security so important?

A: As threats to password security have increased in recent years, hackers are lurking behind browsers and apps ready to attack. Just take the recent attack on Australian governments and companies for example. There's no shortage of threats out there, including: malware, hacking, phishing, and social engineering. These tactics often lead to account compromise and credential theft - and with so much personal information being shared, the mortgage broking industry is a prime target. In the last 6 months of 2019, the Office of the Australian Information Commissioner received over 530 notifications of data breaches within Australia, of which 74% were the result of compromised credentials.

Q: What are the common attacks you see in our industry?

A: Some of the common attacks we see are: 

  • Phishing emails or websites which often urge you to click on a link and try to elicit information such as your username/password and sometimes other details like drivers license or bank account number.
  • Credential Stuffing - where usernames and passwords that were breached from one site are used on another site in an attempt to gain access. Many people reuse passwords across many websites so this is a generally successful method. We have seen this many times resulting in the email accounts of our customers being compromised.
  • Once an email account is compromised we've seen cases where the customer receives fraudulent emails from what they think are trusted sources (e.g. their bank, broker, solicitor, etc). This may then end up resulting in the customer transferring funds into a fraudulent bank account.

Q: How is Loan Market combating this?

A: To keep our brokers, advisers and customers safe, and meet the highest standard of identity and security safety, Loan Market is taking the step to implement multi-factor authentication and to increase our password length on our award-winning platform, MyCRM. This critical security update is powered by Okta, a world leading independent provider of identity safety. This will be rolled out soon, so stay tuned!

Q: Do you have any additional tips on how to stay cyber-safe?

A: You can take some of these measures to keep safe online: 

  • Do not use the same password across multiple sites; ideally each site should have a unique password.
  • Do not share your passwords with anyone.
  • Change your password if you think it is no longer secret. 
  • Use passphrases. Passphrases are passwords that are easier to remember  made up from a series of random words or a sentence. A longer passphrase is better than a shorter more random password. Adding capitalisation, numbers or special characters will provide extra security. E.g. Have-Some-Coffee-at-4:43
  • Use MFA on all sites that support it.
  • Use a password manager. Password managers help you create and store unique passwords for all your sites so you don't have to remember them.