Ron Lesh, founder and director of BGL group, told SMSF Adviser that a cyber attack can occur in any industry, and SMSFs are not immune.
“However, with SMSFs, the risk is different. I can only respond on behalf of BGL as I don’t know what the other software suppliers do, but BGL’s data has many layers of security from daily multi-factor authentication for users to encrypted databases and further encryption on sensitive data within the databases,” he said.
“As we host at Amazon, we also have many security layers provided by AWS as well as continuous monitoring by our Dev Ops team.”
He added, however, that there is one significant difference with SMSFs in comparison with the big super funds in that each SMSF has its own bank account, whereas the large funds have control over all their members’ cash.
“Therefore, the security provided by the banks adds to the security we provide,” he said.
“A hacker would need to get a list of bank accounts, which would be difficult, and then be able to withdraw funds through bank systems, which is also difficult over thousands of accounts.
“With SMSFs, the money is not all in one place. SMSF software providers do not provide bank transaction services. Our access is strictly limited to data only.”
Lesh said BGL manages its security in relation to client personal information the same way it protects all its data, but does have additional encryption on tax file numbers and other highly sensitive data like bank account details.
“We use industry-leading tools to protect data but the tools are only as good as the people implementing them. We train our developers and Dev Ops on how to write secure code, we do penetration testing twice per year and we maintain audited ISO 27001 and ATO Operational Framework security controls,” he said.
“Further, the tools used by our entire team such as Netskope Security and VPN access to data further protects clients.”
Lesh said that although last week’s massive cyber security breach on APRA-regulated funds has put the financial sector on notice, the risk factor “does not change with one cyber attack”.
“We are just as vigilant today as we were last Monday. We always worry about a potential cyber attack but we work to ensure our software is as secure as is humanly possible,” he said.
To ensure the safety of their personal information, Lesh said SMSF trustees should implement their own security measures such as multi-factor authentication of all accounts, changing the passwords to accounts regularly, using virus and phishing software, and learning how to recognise and avoid scams.
“This is all the stuff everyone should do on their computer. Most trustees do not have access to their administrator’s SMSF software,” he said.
“It’s therefore the administrators, accountants and others that need to ensure they also have proper security protocols in place.”
