Peter Burgess, chief executive of the SMSF Association, says the recent incidents are a “timely reminder” that no part of the superannuation sector is immune from cyber threats, including SMSFs.
“We are not aware of SMSFs being targeted in these most recent attacks, but given the fragmented nature of our sector, it can be difficult to identify isolated incidents,” he said.
“What we do know is that the cyber risks faced by SMSFs are different in nature to those which manifested themselves in these recent attacks.”
He said, unlike a sector-wide attack that targets the balances of many members simultaneously, an attack on SMSFs would require targeting individual bank accounts, which typically represent the retirement savings of one or two members.
“Every SMSF is required to have their own bank account, which means trustees can benefit from the security protocols of both the banks and their SMSF software providers and administrators.”
“Whilst these layered protections are reassuring, they are not infallible. Cyber criminals continue to evolve their tactics, and no industry is immune from a cyber attack – and that includes SMSFs.”
Burgess said to protect retirement savings, SMSF trustees must also take personal responsibility for cyber hygiene and remain vigilant including changing passwords regularly, enabling multi-factor authentication on all accounts and learning how to identify and avoid scams.
“Cyber security is not just a technology issue – it’s a trustee responsibility,” Burgess said. “By staying informed and being proactive, SMSF members can play an important part in reducing their exposure to cyber threats.”
A spokesperson from HUB24, one of the SMSF sector’s largest software providers, said they are closely monitoring the situation and at this time there is no indication that super accounts on HUB24 have been affected.
Ron Lesh, founder of BGL, said that although last week’s massive cyber security breach on APRA-regulated funds has put the financial sector on notice, the risk factor “does not change with one cyber attack”.
“We are just as vigilant today as we were last Monday. We always worry about a potential cyber attack but we work to ensure our software is as secure as is humanly possible.”
