As the ‘Cheap SIM’ angle continues to be a success for telco companies looking to get new customers and adopt a larger data/client base, it seems as though this strategy may be costing more than it seems.
When speaking at the 2018 CeBIT Technology Conference this past week, Head of Security Jacqui McNamara said that users “Get what [they] pay for” when it comes to mobile. “We spend a lot of money on data security and we have a lot of things in place o monitor the network and scan for faults.” She continues.
“If you are buying a SIM card from a carrier that is very cheap, has very cheap data rates, doesn’t live in this country and doesn’t necessarily comply with [data protection] regulations you just have to be conscious that you get what you pay for.”
“They’re not scanning the network for mobile malware possibly or really doing a lot to advise you if you’ve got a data breach and they may not even need to comply with regulations in Australia, depending on where you purchase the SIM card.”
McNamara went on to say that Telstra has been increasing cyber security for users across the board, including it’s use of verification codes to authenticate the identity of it’s users.
“There’s a bit of user-bashing that goes on which I find unfortunate. Security people say things like ‘if I had a dollar for every time users clicked on a link…’.
“Users are both our last line of defence and our first line of defence, so educating them is hugely important – not to click on things, to think about things when they do them, and to actually consider being suspicious by default.
“I would never get annoyed – and our customer service teams don’t get annoyed – when people say ‘I don’t trust that, you need to give me a number to check that on, I’m not giving you that information’ [over the phone].
“Telstra’s call centres now will find another way to authenticate you if you don’t want to pass that data out.”
It seems as though Telstra are looking to be the go-to telco when it comes to network and user security, an organisational push that tells their users that they should avoid processes that “consistently ask your customers to provide data and information which is sensitive” to authenticate themselves, particularly for the purpose of customer service transactions.
No More Phishing
McNamara said that Telstra regularly tested fake phishing campaigns on its own staff. Why? “because what you’re doing is training your customers to responding to phishing attacks,” She explained.
Some of the test environments were used to catch users and warn them about their actions “One of them [fishing tests] was to say that there was a parcel to be picked up and gave a link to click on and if you clicked it said ‘nauhty, don’t click on links, there’s no parcel for you’,[signed, Telstra]” She explained.
This is a campaign in which they thought would be great success since “Everyone likes to have a present” she mentioned, “the number of people that clicked on it was incredible” – through she added that this was the “first round” of testing.
When asked about the user case scenario, MaNamara went on to say that “The users we found were, actually, the most educated and helpful were the mailroom workers, who reported that they’d had five people in to get a parcel they didn’t have,” McNamara said.
The first round of parcel phishing test also produced interesting results regarding internal staff, as 5 Telstra staff also were noted to have tried to pick up parcels that didn’t exist, not only that, they went to Telstra’s mail-room despite nothing in the email to suggest that was there the parcel was.