The SMSF Association has called for practitioner and trustee vigilance with regard to technology security in the wake of the cyberattacks undertaken on some large Australian Prudential Regulation Authority-regulated funds last week.
SMSF Association chief executive Peter Burgess labelled the incidents as a “wake-up call” regarding the superannuation industry’s vulnerability to cyberattacks and that SMSFs were not immune to this exposure.
Burgess pointed out the industry body was not aware any SMSFs had suffered from any similar criminal activities, but admitted the fragmented characteristic of the sector meant identifying isolated incidents is difficult.
“What we do know is that the cyber-risks faced by SMSFs are different in nature to those which manifested themselves in these recent attacks,” he noted.
“Unlike a sector-wide attack that targets the balances of many members simultaneously, an attack on SMSFs would require targeting individual bank accounts, which typically represents the retirement savings of one or two members.”
According to Burgess, this fact puts SMSFs in an advantageous position, but advised trustees not to allow this operating characteristic to lead to complacency on their behalf.
“Every SMSF is required to have their own bank account, which means trustees can benefit from the security protocols of both the banks and their SMSF software providers and administrators,” he recognised.
“Whilst these layered protections are reassuring, they are not infallible. Cybercriminals continue to evolve their tactics and no industry is immune from a cyberattack – and that includes SMSFs.
“To protect retirement savings, SMSF trustees must also take personal responsibility for cyber-hygiene and remain vigilant.”
To this end, he recommended trustees change their relevant passwords regularly, learn how to identify and avoid scams, and employ multi-layered authentication processes.
“Cybersecurity is not just a technology issue – it’s a trustee responsibility. By staying informed and being proactive, SMSF members can play an important part in reducing their exposure to cyberthreats,” he noted.
ASF Audits head of technical Shelley Banton has also implored trustees to employ more professional cybersecurity processes to protect their SMSFs.
