Mortgage brokers are being squeezed from both sides. With the increasing threat of cyberattacks targeting their treasure trove of personal and financial information, brokers must bolster their defenses. At the same time, upcoming changes to Australia’s Privacy Act will tighten regulations on how they handle client data.
Mortgage broker Alex Veljancevski (pictured above), director of Eventus Financial, emphasised the urgency: “As mortgage brokers, we handle a significant amount of personal and financial information. This makes our industry a tempting target for cyberattacks.
“So to protect our clients and help maintain our industry’s reputation, we must implement robust cybersecurity measures.”
How brokers can protect their data
Veljancevski said encryption serves as a powerful defence, scrambling data so only individuals with the correct decryption key can access it.
Additionally, adopting multi-factor authentication can provide an additional layer of security, ensuring that access is tightly controlled.
“This starts with the basics, such as securing our IT infrastructure by using firewalls, antivirus software and encryption protocols that protect data in transit and at rest,” he said.
However, Veljancevski said technology alone won’t secure his clients’ data.
“That’s because human error remains one of the largest vulnerabilities in cybersecurity with fraudsters often deceiving individuals into disclosing personal information,” Veljancevski said.
“They then use this information to compromise their victims’ accounts.”
Consequently, educating clients about the risks of cyber threats and how to protect themselves is incredibly important.
Simple tips, such as being cautious of sharing personal information online, can go a long way.
For example, Veljancevski said teaching clients to carefully check emails claiming to be from their broker (or any other financial professional) and to confirm any changes to financial details through a separate, verified method can greatly reduce the risk of breaches.
Training your staff in cybersecurity best practices is equally critical.
“All team members should be familiar with the latest cyber threats and trained in secure data handling practices,” Veljancevski said.
“Regular training sessions can help instil best practices, such as using strong, unique passwords for different systems and understanding the signs of a security breach.”
Finally, compliance with data and privacy laws also forms a crucial part of a broker’s responsibilities.
In Australia, this means adhering to the Australian Privacy Principles under the Privacy Act 1988. These laws mandate how personal information should be handled and protected.
For instance, principle 11 requires brokers to take reasonable steps to protect the personal information they possess from misuse, interference, loss, unauthorised access, modification or disclosure. Regular audits and compliance checks should be a standard practice, ensuring that all legal obligations are met and that client data is handled responsibly.
Most small businesses with an annual turnover of $3 million or less are currently exempted from the Privacy Act.
However, as the government has attempted to bring the Privacy Act into the digital age, that is about to change.
“The feedback provided to the review is very clear – the community expects that if they provide their personal information to a small business, it will be kept safe and not used in harmful ways,” the government said in its response to the Attorney General’s report delivered last February.
While that may be so, it’s even more of a reason for brokers to get control of their data.
As gatekeepers of sensitive information, Veljancevski said mortgage brokers have an ethical and legal responsibility to safeguard client data.
“However, by taking a proactive approach to cybersecurity, we not only reduce the risk of data breaches but also reinforce the trust our clients place in us, thereby contributing to the integrity and success of our profession,” he said.
Please enable JavaScript to view the comments powered by Disqus.
This page requires JavaScript
