Cyber Security - Is your Client Data Safe?

Another day, another data security breach. Rarely out of the news, it seems that no company - regardless of size, has fail-safe cyber security. As an AFSL owner, you are ultimately accountable for ensuring your practices’ client data is managed safely and housed securely. So, it’s vital you are taking all necessary steps to eliminate online threats and maintain your customers trust, that their information is secure.

Information is key

Making sure that all employees are aware of the importance of cyber security is critical to maintaining a strong reputation for being trustworthy and customer-focused. Having a booklet, guide, or company policy on how you manage online security is essential. Everyone that works for you should have a good understanding of their role in contributing to the correct management of client data, as well as knowing what red flags to look out for in order to maintain security.

In this article we look at just some of the ways cyber criminals operate and what you can do to help protect your business against them.


A type of malicious software, it is designed to block access to your computer until you pay a sum of money. It is often circulated via email messages or unsecure websites.

What you can do:

  • Avoid clicking on links or opening attachments in suspicious emails.
  • Use an up-to-date antivirus product to auto-scan all downloads (note antivirus software does not always protect you from the very latest types of malware – such as ransomware).
  • Backup your important files to a safe offline location like an external hard drive, so that they can be restored if needed.

Phishing scams

Cyber criminals identify and target staff within a business that has access to key systems in the organisation. They then send emails to those staff impersonating a peer, a manager, or a client. These emails will typically request an urgent transfer of money to a third-party account (which cyber criminals are able to access).

What you can do:

  • Check the reply-to address matches the actual email address of the person the email is supposed to have come from.
  • Ensure the language used, information provided and spelling and grammar in the email is consistent with what you would expect from that person or organisation.
  • Ask yourself if any links or attachments in the email seem unusual.
  • In the case of links, when you hover your mouse over the link – does it actually lead to the website it is meant to?

Fake websites

Cyber criminals often set up websites that mimic those belonging to an organisation you are likely to trust with sensitive information – such as financial and account details. Typically, a deceptive message sent via email or social media that appears to come from the organisation will encourage you to visit the website by clicking on a link. The website will then ask you to provide sensitive information about you or your organisation (such as usernames, passwords, and account numbers).

What you can do:

  • Pay close attention to the URL. If it has wording, letters or numbers in the URL that look like they shouldn’t be there, chances are it is fake.
  • Is the URL secure? If it starts with HTTP, it means it is not secure and you should not trust it with your personal information. HTTPS indicates a secure website.
  • Look at the Contact Us Section. A lack of, or minimal information would indicate a fraudulent site. Phone numbers provided should connect to a real business.


A way that cyber criminals try to gain unauthorised access to your organisation’s (or your clients’) systems and devices through sending deceptive messages to you or your clients. They gain access via unsecured websites or by infiltrating through unpatched out-of-date software.

What you can do:

  • If you receive a suspicious message, you can check on If it asks you to call a phone number, check that number online before you call it, to make sure it is registered to the expected organisation.
  • Use a reputable antivirus/anti-malware product to regularly scan all your systems and devices for malware.
  • Make sure you regularly ‘patch’ all software installed on your system or device by actioning official updates.

Cyber crime is not going away anytime soon. So, make sure it’s on your priority list, your business will benefit, and your clients will thank you for it. 

The information in this article was taken from ‘Cyber Security – A practice guide to threats and scams’. Jigsaw practices can access the full guide on Portal or by contacting your Regional Manager. 

While we believe that the information on this website is correct, no warranty of accuracy, reliability or completeness is given and, except for liability under statute which cannot be excluded, no liability for errors or omissions is accepted. All information on this website is subject to change without notice.

Jigsaw Support Services are provided by Jigsaw Support Services Limited ABN 21 005 799 977 (Jigsaw). Jigsaw is part of the AMP group of companies and can be contacted on 1800 812 987.