Super meltdown! Think of the children!

Global share meltdown! Super funds under attack! (and why I’m not doing anything).

It’s been a big week on the superannuation front, I suspect a lot of my colleagues have had to work long hours. There was news last week of successful cyber attacks (link), a separate item about phishing (link) and of course worldwide shocks from Trump tariff announcements (I’m not going to try to provide a link).

A few people have asked me what they should do – because it feels like a responsible adult would do something. I’m not in the business of giving investment advice – but I have let friends and family know that I’m not doing anything.

Let me start with the easy one. Stock markets go up and down – the whole point of investment strategies is to deal with this volatility. If you change your strategy when the market goes up or down, then it’s not a strategy. If I was to move my money today (say out of shares into cash) then I risk ‘selling the dip’. You will have an investment strategy linked to your super account (something like 'Growth', 'Balanced', 'Defensive'), trust your fund to keep managing your assets in line with that strategy. If these events make you engage with your account and understand what your current strategy is then that’s a good thing.

On the cyber side – there’s nothing you need to do right now, but there are some things you can do in the long run (see below).

The attacks used ‘credential stuffing’. They looked up past data breaches, from totally unrelated services, and then tried the email/password combinations against different superannuation member portals. If you are interested lookup your email address at https://lnkd.in/gde453CX.

As I said at the top, I’m not doing anything immediate with my Superannuation. If you want to learn some lessons from the last week, here are some things that you can do over, but don’t rush, the next few weeks is fine:

1) Don’t use the same password across all your online accounts. If your superannuation (or banking) password is the same one you use casually – then update your super and banking accounts.

There is a reason people reuse passwords – we all struggle to keep track of lots of different passwords! Apple and Google have tried hard over the last few years to make this easier, but it's not easy.

2) Invest time in understanding how your password management tools work. Whether Apple Keychain, Google Chrome or a separate password manager (like 1password.com). Take the time to become comfortable with what they are doing for you.

3) Finally make sure you are using ‘multi factor authentication’ (MFA or 2FA) on your super account. MFA is when a service sends you an SMS with a code before letting you log in. This can add annoying friction and slows you down when you are trying to do something online – but it is a very powerful protection for important accounts. If you are unsure ring your fund and ask ‘How can I make sure MFA is in place for my account?’.