On the 24th of April, MailGuard’s Founder & CEO, Craig McDonald, was invited by Karalee Katsambanis to join her on Money News on 6PR to discuss cybersecurity, email security, his new book, and MailGuard’s partnership with Microsoft.
In the interview, Karalee mentions Craig’s book “Surviving the Rise of Cybercrime”, which you can download for free here.
Below is a transcript of the interview, or you can listen to the full recording here (26:20-37:13).
6PR Money News Karalee Katsambanis, April 24, 2023
Karalee: Now, it is a little while since we have spoken about cyber scams, cybersecurity issues, and the reason is I’ve wanted to wait for the right guest to get on who can really cut through what the risks are, and, if you’re a business owner, what you can actually do about it, especially here in Western Australia. I’m delighted to be joined this evening by tech entrepreneur Craig McDonald, who is the founder and CEO of MailGuard, which is the only cyber company to have been handpicked by Microsoft to partner as included in Microsoft 365. Craig, good evening.
Craig: Good evening, Karalee. Thanks for having me.
Karalee: That is okay, that is lovely. Now look, the latest figures show that you know, banks say that they’ve covered around $103 million in losses due to cybercrime. Australian businesses have – this is important – self-reported nearly $82 million in losses. Now as we know, self-reported, the figure is probably a lot higher.
I’ve asked you on the show this evening because Western Australia is not immune to any of this, but I want you to be able to help any of our listeners, if they’ve got a business, to identify the threats and actually work on it.
Craig: Absolutely. It is a threat, and we need to be concentrating on what that threat means to our businesses. But I will say that in Western Australia, it’s close to $16 million of reported cybercrime. And what does that mean? It’s actually more than 10% of the reported number in Australia. So, there is a lot of focus in Western Australia that we need to pay attention to for the businesses there.
And things to look out for – I think everyone is using emails. We’re getting emails from family and friends into our businesses, the employees, dealing with business customers, suppliers, channel partners, our banks, everything in between. And one of the key things that we’ve really got to look for is what is the key intent of the email that we’re looking to open. And we really need to slow down. We are all busy in all businesses. We need to get our staff to slow down in reviewing the emails. And there’s a few tell-tale signs in the emails that we’re receiving as to whether or not they’re legitimate. And particularly around the major emails that we receive, say finance from our bank, you know, we’re expecting to receive those or from our suppliers. So, what we need to look for is things that don’t look quite natural.
Karalee: Okay. So, Craig, what I want to say is, I’ve noticed a lot of adverts on the television now from people saying, you know, a bank will never ask ‘x y z’, or something like that. You actually wrote a book in 2017, you’re actually updating it and it’ll be out this year. For our listeners that don’t know, it is called Surviving the Rise of Cybercrime, and it’s described as a non-technical executive guide, and it’s there to help small and medium businesses learn about things. So, some nice easy tips for our listeners this evening tonight from you. How do you identify a threat to your business?
Craig: So, the email threats are hard to detect. I’ll just say that upfront. So that’s why I was mentioning before that you really do need to slow down. One of the tell-tale signs is who is it being sent from? And that’s not just a matter of looking at what’s sitting visibly in front of you, you have to click on the name. And let’s just say you’re banking with ANZ or CBA as an example or NAB. Is the email actually coming from CBA or NAB or ANZ? That’s one of the first things to look at, and generally, most of the time, they’re not. They’re coming from just a normal Hotmail address or something similar or spelled similar. It might be ‘ccba’ or ‘azn’ as an example. So, they’re the things to quickly have a look for, and the other thing too is if you’re expecting an email from your bank, which would be highly unlikely unless you’re getting statements. Don’t click on the email. That would be my first recommendation. Just go directly to your bank account and look up your statements directly online as opposed to going via the email.
Karalee: Craig, I also said that you are a CEO and Founder. You’re a very humble man, but you are the head of a very successful company called MailGuard. What MailGuard has been, you know, it’s been supporting Australian and global businesses since 2001. You say that not enough businesses are investing in protective technology or inefficient technology. What is the hesitancy, do you think? Is it just that they don’t know what to do or where to begin to get the help?
Craig: Yeah, I think in most parts it’s – Look, it’s like all things. If you don’t want to do it, you think it’s a little bit scary or other, you might outsource these things to a third-party, or you might put it on your to-do list and not focus on it. You’re too busy focusing on whether or not – you’re an accountant, as an example, and you’re just dealing with numbers all day, you’re not really thinking about “oh, I want to be a tech entrepreneur” or a tech person, or something like that. Or you’re dealing with other retail functions, and really, cybersecurity is easy to do when you know what to do or the questions to ask.
And you mentioned my second book that’s coming out, it’s actually for SMB cybersecurity. It’s a playbook to really break it down for people to know what the top ten things to do are, but essentially, it is a hesitancy to make sure whatever is in place is up to standard and up to date, and that’s really the biggest thing that the listeners should be doing, is making sure that – is all the software up to date? Are they engaging with their third parties or their IT manager and asking the right questions?
The right questions are: “Tell me what’s happening with the business”. “Are there any risks that are known that are slipping through that we need to deal with?” and taking a proactive understanding of the words that even may be being used, which may be a bit foreign to business owners.
Karalee: Craig, let me ask you. I want to put you a little bit on the spot here because we’ve had a text from a listener. We know that there’s been the Optus data hack, the Medibank, the Latitude, everyone seems to have been hacked by something. Our listener says, “What is the biggest cyberattack MailGuard has ever dealt with? How sophisticated was it? And what ended up happening?”
Craig: Well, great question. One of the things about MailGuard is that we’re preventing the threats from happening in the first place. So, I’ll say that we haven’t had a client have that type of incident, but I can tell you a story, and I can’t mention names, but essentially I have presented in Singapore at a very large conference for insurance brokers and one of the stories, I was having a chat to a US broker was a business owner who was acquiring trucking companies, and the transaction was publicised, he was actually helping out a small community where the trucking companies were based, and as part of that, the cybercriminals saw the news and decided to start impersonating him…
Karalee: Oh, goodness.
Craig: Himself, as the CEO, and started sending emails through to the CFO saying, “Hey, these transactions are imminent, I need to transfer two lots of $10 million through, and they will be going through to two different bank accounts.” And sure enough, what they were doing was looking at this particular CEO that was very heavy in social media at this point, saying that he’s about to jump on a plane and [about] to do the deal. All these wonderful, beautiful stories. But obviously, that gave a window of time for the criminals to send the email through to the CFO saying here’s the banking details. Please make the transfer happen. I’m about to get on a flight, and I want it done before I’ve landed. And, of course, the CFO did exactly what he was asked via email, and the transaction was done to two different bank accounts. Once, obviously, he did land and spoke to the CFO about something completely different, not about that. The CFO said, “I’ve done what you’ve asked for”, and of course, the conversation then led to “Why would you do that?”…
Karalee: Oh my goodness.
Craig: … “How do we get the money back?” And, of course, that was all too late.
Karalee: Oh, dear. Now listen, before I let you go this evening, I have to ask you; I said in the beginning that MailGuard has already been a real success as a trailblazer in the Australian technology industry. Well, you’ve, you know, become a partner to Microsoft. That’s an incredible achievement for an Australian company. Can you tell us how the world’s largest software company came to be in partnership with you?
Craig: Oh, well, thank you. Yeah, it is a great win for our company. But also for Australia just to hallmark the talent that we have here. Well, essentially, our whole ability, as I mentioned before, is around protecting threats and stopping them before getting through, and part of our vision is to be the fastest in the industry because every second counts, every email counts, and a part of that engagement was that we were handpicked by Microsoft in 2017, and we’ve spent the last five odd years working with them to launch the product. And now, those who are users of Microsoft 365 can also add in the MailGuard 365 to enhance their security. It’s a big win.
Karalee: It sure is. Now, listen. As I said, last question tonight before I let you go because I could talk cyber scams and security all night. Now, listeners, it is interesting, you know, there’s more and more things that are happening nowadays. If business owners are listening to this conversation this evening and they’ve felt a bit afraid of, you know, what’s likely to happen to their business in terms of potential loss, what do you advise them to do from this point?
Craig: Look, the very first thing is, not only themselves but their staff, they need to have everyone in a room to talk to them. Don’t send emails through, and just talk about slowing down and reviewing what the emails are all about. And then, obviously, their internal IT person or external, and start to get to understand, it won’t take long, as to where their business is at and what threats may be coming through, but equally, if they haven’t done any threats assessment to just take the time and to put it to work, because at the end of the day, they’ve spent years and years and years of hard work on their business, and literally one email can undo that business. And every incident that occurs does cost a lot of money, not only in the business revenue, but the brand and reputation of the company, the person, and then you’ve got the rebuilding of the years of all of that hard work to redo it again. So, a little bit of effort now, get it off your checklist, and move on from here and happy emailing from there on.
Karalee: Well, Craig. I want to thank you very much for being on the show this evening. You’ve given our listeners lots of insight. Congratulations on this new book that is coming out. We’ll have you back on the show really soon, and thank you for all of the tips and advice that you’ve shared with our listeners tonight on Money News here on 6PR.
Craig: Absolute pleasure. Thank you so much, Karalee.
Fortify your defences
No one vendor can stop all threats, so don’t leave your business exposed. If you are using Microsoft 365 or G Suite, you should also have third-party solutions in place to mitigate your risk. For example, using a specialist cloud email security solution like MailGuard to enhance your Microsoft 365 security stack.
For more information about how MailGuard can help defend your inboxes, reach out to our team at expert@mailguard.com.au.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates with the button below.
