Many of us – myself included – loathe log-ins, passwords, two-factor authentication and everything else that prevents you getting straight to a website. But these are important safeguards against hacking and people fraudulently helping themselves to our money.
A few days ago, a call came while I was busy with something else and I very nearly responded to a scam message – only at the last moment did I realise what was happening. This goes to show, however tech savvy we might think ourselves, a momentary lapse in concentration and a couple of ill-judged clicks could spell disaster.
HMRC is a major target for cyber criminals and the latest figures (see tinyurl.com/hmrcscamnov) illustrate the size of the problem. Half a million tax rebate scam messages were reported to HMRC – just think how many more were not reported, or, worse, acted on. Then there were the 15,500 malicious webpages reported to service providers to take down. I fear we will see a lot more cybercrime associated with the coronavirus support schemes – see, for example the item on the BBC website at tinyurl.com/y3l7bt2v.
There is a difficult balance to be struck here. There is no point in producing an online service, however useful, if the sign-in process is so complex that nobody will use it. But equally the simple systems are an open invitation to fraudsters.
My sense is that HMRC has this balance about right. But as we move into the next phase of making tax digital with electronic communication becoming the norm, we must all accept that eternal vigilance is not only the price of liberty – it is also the price of online security.
If you do one thing...