Hi Community,
Thank you to everyone who attended our security webinar on Wednesday.
For those who couldn’t attend or would like to re-watch the webinar, you can view the recording below.
We received a lot of fantastic questions on the day, and unfortunately couldn’t answer all of them before the end of the webinar. Instead, we’ve posted the questions and answers below - underneath the webinar recording.
Attached, you’ll also find some additional resources provided by our fantastic panellist, Laura Hartley, Head of Public/Private Partnerships, Enterprise Security, NAB:
Top tips for business customers; and
NAB security toolkit.
Ryan Janosevic, COO & Co-founder of RetrospectLabs, has also shared this interesting read about password complexity after some great questions from attendees about password protection.
If you have any further questions, please don’t hesitate to ask PEXA’s security team here or contact us at security@pexa.com.au.
And don’t forget the five things PEXA will never do, regarding you and your security:
PEXA will never:
Call you from unverified phone numbers
Ask for your MFA code
Request files or information from you via a third-party service
Email you from unofficial addresses
Send you an email advising you to click a link to log in to the platform
Do you have a security question? Ask the experts
Q&A
How safe are pin passwords?
PINs (Personal Identification Numbers) usually consist of a series of randomly generated numbers, via an app or sent via SMS. They are very secure and commonly used as a second factor of authentication.
Is Google password saver secure?
We always recommend using a reputable password manager when selecting a service. Remember to read the terms and conditions to make sure it meets your requirements before making your decision.
Is PEXA looking at extending its residential settlement guarantee (PRSG) to cover the same risk that is associated with commercial property transactions as well?
The PRSG does not apply where the seller is a commercial vendor, such as a developer. The reason for this is that a commercial vendor would not be made homeless as a result of a fraud which the PRSG is intended to cover. For more information, visit our PRSG FAQs.
When we send a form to a client to complete via email, the client completes and sends it back, can we trust that information?
Email phishing or business email compromise (BEC) is one of the most common ways for cybercriminals to procure sensitive information.
Where possible, don’t use email and avoid this channel for the exchange of sensitive material. Instead, use apps like PEXA Key that is purposely built to protect the communication of bank and trust account information.
If you have no other option than to communicate information via email, always validate the details verbally before taking any action.
When you get "oops try again" when trying to log into PEXA, is it okay to press try again?
Yes, it is. Always check the URL after you refresh and make sure a green padlock sign is in place before inserting confidential information.
Can password managers be hacked and in that case are all passwords at risk?
Password managers are a great way of keeping all of your passwords safe. Make sure to use a reputable service which has robust security measures built into the application and read the terms and conditions before proceeding.
There are no reports of data breaches attributed to well-known password managers in market.
In Cybersecurity we often say that there are no 100% risk free applications. There is always a portion of unknown. The important thing is to make sure these risks are minimised by following the instructions.
PEXA checklists require us to confirm a DocuSign ID and unique number. What are some concerns PEXA has regarding electronic signing such as DocuSign?
Digital signing should be approached with the same protective measures and rigour as physically applying your wet signature on paper documents. As with any method of signing, to mitigate risk, make sure to:
Verify the request, any information exchanged, the involved parties and documentation being signed; and
Ensure the appropriate, authorised person signs.
Can you please advise why I keep getting asked if I want to update my password when I enter a payment in PEXA?
This prompt occurs if you have selected to save your password on the web browser. We do not recommend saving passwords to browsers. Instead, remember your password or use a password manager, and only save your user ID if required.
Are apps safer than websites?
For both, it’s important to always validate the source. For a website, always type the address instead of clicking on links from emails and other websites.
For apps, make sure to download them from the Google Play Store or Apple App Store. Check the ratings and the developer information before you download.
What is the best "internet cyber security" firm?
Cybersecurity needs are different from one firm to another. These needs and requirements must be assessed before selecting a provider. The Australian Cyber Security Centre (ACSC) website has great recommendations for individuals and businesses to gain more information.
https://www.cyber.gov.au/acsc/small-and-medium-businesses
https://www.cyber.gov.au/acsc/individuals-and-families
What is the best anti-virus software on the market?
The PEXA Subscriber Security Policy, section 4.2.3, refers to some leading providers of anti-virus software.
Does PEXA have a firewall integrated within its software to prevent cyber fraudsters gaining access?
PEXA is protected with multiple layers of security. We maintain the highest standard of security measures to safeguard our members and their clients’ property transactions.
Our security portfolio is aligned with international standards and we continue to operate by complying with the requirements set by the e-Conveyancing regulator, Australian Registrars National Electronic Conveyancing Council (ARNECC).
Today, more than six million transactions, with a total value of more than $1 trillion, have safely been processed by PEXA.
When will Secure-messages and E-signable documents be able to be sent via PEXA-secure portal maybe even build into PEXA Key app?
We are always working with our members and industry to evolve our services. All enhancements will be communicated with our members before they are launched, and we’ll continue to keep you up-to-date with our security developments.
What is your strategy for a zero-day vulnerability?
A zero-day vulnerability refers to a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix it yet. PEXA works with the best cyber security organisations in the industry to mitigate this sort of a risk by taking proactive and advanced measurements.
Does PEXA retain the information given by clients on PEXA KEY?
Yes, personal information is collected when clients use PEXA Key.
PEXA will not disclose your client’s personal information to any third party without their express consent. To read the Terms and Conditions in full, click here.
Can PEXA help small businesses to look at their computer system to see if they are fully equipped, at a small fee?
This type of service is currently not available through PEXA. However, the ACSC has some great resources to assist small-to-medium sized businesses.
Will you use blockchain technology for its immutable nature and security? What would be some of the disadvantages?
Blockchain is transformational, but not always the only solution. In Australia, we benefit from mature technology systems, with property transactions clearly supported by sound regulation. Therefore, blockchain may not necessarily create additional value.
How soon will you let your customers know if a security breach occurred?
PEXA will promptly notify subscribers upon being made aware of any security breach that PEXA considers material to the security and integrity of the PEXA system or relates to unauthorised disclosure, use, access or loss of PEXA System Data.
... View more