Episode 267 Deep Dive: Alex Tilley | Digital Estate Planning

[00:00:00] Speaker A: It creates a giant mess for those who love you to try and untangle. It really is one of those situations where as we grow with our online lives and we, you know, obviously everything these days is online or some sort of online aspect, and we as security professionals, you know, move towards having perfect security in inverted commons, whatever that means. Our lives after we cease to be here are completely interlinked with the security that we applied to those things as we're supposed to do while we're alive. And once someone tries to unpick those threads of a life, it really becomes quite apparent when you haven't planned or haven't even thought about what happens after me. [00:00:44] Speaker B: This is KBCS. [00:00:46] Speaker A: Are they completely cyber? [00:00:47] Speaker B: As a primary target for ransomware campaigns. [00:00:50] Speaker A: Security and testing and performance and sustainability, risk and compliance. We can actually automate that, take that. [00:00:55] Speaker B: Data and use it. Joining me back on the show is Alex Tilley, intelligence and research lead, APJ from Secureworks. And today we're discussing digital estate planning. So, Alex, thank you so much. Welcome back. It's wonderful to have you here again. I know that our last interview, you are quite popular on social media, so why not have you back? [00:01:18] Speaker A: Awesome. Thank you for having me. I'm stoked to be here. [00:01:21] Speaker B: Okay, so I want to start with, I'm curious to know, like, your definition of digital estate planning. Never heard that term before, so I kind of maybe get the gist of it, but I'm keen to hear sort of your view. [00:01:35] Speaker A: I started thinking about it as sort of BCP and doctor planning for your life, really. Sort of like we do all this planning for what happens if, you know, the hot site goes down or whatever like that, or the link goes down. But we never really do planning for what happens when we go away. And by go away, I mean the ultimate going away forever type thing. So it's sort of around getting yourself in your digital life, your online life, ready for the moment when you're not here anymore. And unfortunately, sometimes that can happen quite suddenly. So it's about sort of making sure that your loved ones are able to, I suppose, pick up the pieces of your digital life and move on with their lives as it may be during those terrible months after the inevitable happens. [00:02:19] Speaker B: Yeah, you raise a great point. And I like when you said DMVCP for, you know, our life. I like it. That's a good analogy through a parallel to. But it's interesting because I've been thinking about this over the years, and it's like, you know, back in the day when people would die. Like, we didn't have Facebook and LinkedIn and Instagrams. So what actually happens to your digital life footprint when you die? [00:02:43] Speaker A: Honestly, it creates a giant mess for those who love you to try and untangle. It really is one of those situations where as we grow with our online lives and we, you know, obviously everything these days is online or some sort of online aspect. And we, as security professionals, you know, move towards having perfect security in inverted commas, whatever that means. Our lives after we cease to be here are completely interlinked with the security that we applied to those things as we're supposed to do while we're alive. And once someone tries to unpick those threads of a life, it really becomes quite apparent when you haven't planned or haven't even thought about what happens after me to these things which are unfortunately pretty much crucial to our lives. Things like banks and power bills and schools and universities and government services, et cetera. They're all online as we move. Well, we have moved to a completely digital life, pretty much. So we're not really used to the age, perhaps, of an aging population. How to then reverse engineer that entire life back to make it usable and for our loved ones to continue on with their lives. [00:03:54] Speaker B: Yeah. So, Alex, right, standing with Facebook, you can nominate friends or family that choose what they want to do with your Facebook profile after you die. That's the only real thing that I'm aware of. But obviously, you know, I live in new South Wales. You've got the new South Wales app and stuff like that. Like, I haven't seen any mechanism that they would use which would say, hey, you know, Carissa Breen, she unfortunately has died. How do people go about, like, notifying these organizations to say, this is a problem now we need to close your account and all because there's so many different things now than there ever was before. So I'm just. It's curious that some have the mechanism a lot don't have. [00:04:38] Speaker A: It's massive and it, honestly, it's a really gargantuan sort of hill to climb when you're dealing with probably the worst time of your life. And that's the interesting part about it to me. Well, not interesting, terrible time. But it's like we as security professionals will look at it and go, well, yeah, of course, but, you know, you've got to have password and you got to have two Franklin sort of stuff. And that's all great, but you need to put yourself in the mind of a 75 year old person who's maybe able to do Internet banking, does Facebook, et cetera, as you say. And then all of a sudden they've got to do all of this stuff online and just unraveling what they need to look at is huge. So a good one is Services Australia. For those australian listeners of yours. They can basically, it looks like you contact them and they take care of a lot of the government stuff. Although a little word to the wise, having gone through the process, you don't actually get any indication that they've done anything. You just sort of send them off. Oh, one massive thing is the death certificate. Getting the death certificate. When you finally the death certificate for your loved one, make sure that you make as many notarized copies of it as you possibly can because you're going to need them and you're going to lose and a lot of places will need them. So things like Services Australia and banks share trading platforms, all of these things will need that information in order to start that process. So most organizations and most places do have a process. It's just about getting to that right person. And when you're in, say, if you go by a hospital, when you're in the hospital, there are pamphlets and sort of leaflets and support those that are available that tell you some of those major things to kick start the process, here's what you need to do to inform birth, deaths and marriages, etc, etc, etc. But then you go home and it's like, okay, you know, how do I now cut across Facebook? How do I cut across, you know, the shares that I think my husband had or my wife had? How do I cut across? Well, who was our financial advisor? Where's our medicare user id? All of these things just grow as massive problems because at that point in your life, unfortunately, any hurdle is a massive hurdle, any little step in the way that sort of makes it harder for you to go through. And as you mentioned, you know, some people can nominate on Facebook to sort of see or not to see your profile. It's a similar thing in life. You start to have to log into your dead loved one's phone to do two factor authentication codes, et cetera, because it's not readily available to you which account that you're about to try and unlock or access is going to need that phone. So there's a lot of those little stresses that come out. And by doing perfect security or good security practice, we do unfortunately make that process a lot more difficult than it needs to be. And I ain't saying that there's an easy answer to it. I'm just saying that it's a problem that we don't really address openly in this society and given that we have an aging population, it's going to become a huge problem if it isn't already a problem. And everyone that I speak to says, yeah, we had a hell of a time dealing with it when my dad died or my mum died or something like that. So it's a real problem that we're just not talking about. [00:07:42] Speaker B: Yeah, this is interesting. So just going back to services Australia for a moment. So you're saying. You call them up and say, all right, Chris Breen. And I'm gonna say, I'm gonna use myself as an example. Cause I don't use anyone else. He's not here anymore. Like, we gotta do something. But you're saying that they don't get back so they don't give you an update, so it just goes into a black hole and that's the end. [00:08:02] Speaker A: It doesn't seem to be. So I did it with. With my mum. Part of the million different tasks that we had to do that took months to go through. One of them was with, okay, civil Australia. They'll take care of your. I think it's birth, deaths and marriages, Medicare in Mygov and a couple of other services. So they are quite a good centralized hub and you submit the online form, there is a phone number you can ring, but we can sort of submitted it. And they say. And they get back to you say, yep, we received your submission, thank you very much. But you never actually get told, okay, Medicare's got your details and they've updated it. Okay, you know, Centrelink got your details and they've updated their records. You know, like, you never seem to get feedback that those bits have been done and it can sort of slip your mind because you say, well, I've just. I've done that. I've let citizens Australia know and off we go. But that feedback didn't seem to be there. I think they were very good at accepting information and you just have to assume that they're working with it. But I did expect some sort of update, if that makes sense of, yep, we've done these things. You don't have to worry about that anymore. You've got so much else to worry about. These bits we've taken care of. That's cool, you know. [00:09:05] Speaker B: Well, an update would help, to be honest. But anyway, just thought. I was just curious on that front. But then, you know, you say that people aren't speaking, that you're right, like in almost what, 270 podcasts I've done. I've never ever spoken about digital estate planning, nor has anyone brought it into my psyche. No one's raised it. So clearly this is a problem. What do we sort of do about it? [00:09:25] Speaker A: In order for someone to come and take over our lives, even if they are a trusted loved one, we need to. We do need to give over some of our digital life to them initially so they can do that process. So when I talk about, you know, digital doctor or BCt for your life or whatever, I sort of think about calling it. One of the aspects of that is, okay, let's now sit down as an individual first and take stock of all of our crucial online accounts and write them all down. You know, get them all clear in our head. Because biggest part of it is, if you can't sit down and do it now, when you're clear headed and still with us, good luck to your loved one doing it when they're in the middle of the worst few months of their lives. So now's the time to do it and to find out where the problems are and to make it clear to yourself, okay, these accounts are all linked via this email account. And of them, let's star a couple that need this mobile phone for two factor. Let's make this nice and clear for ourselves so we can track that online fingerprint, as it were. Now, obviously, we have the caveat of everyone's got that arrangement with a friend of theirs to delete the browser history. We all joke about that. One thing when I talk to people is, oh, there are certain things that I wouldn't like my wife or my kids or my husband or whatever to know about. It's like, that's fine, whatever, but don't let embarrassment of that stuff stop you from putting together the key pieces that they'll need to carry on with their lives. Because when someone goes through a sudden death or a short, protracted illness, you simply don't have the time to say, oh, yeah, for the mortgage payments, you've got to log into this. And, oh, yeah, there's some shares in commsec over here, but also the wealth management, or whatever it is, is via this mob over here, you know, and really basic stuff that the electricity bill comes to this email account, and we pay it using this credit card. These are really simple things we often set up as we go through life, just, you know, as you get a new electricity provider, say, you understand how you pay that bill, but we might not communicate that with each other enough. So it's about making sure that everyone involved knows at least where to start finding those pieces to unravel your life. Because we can get caught up in, well, I'm going to use this really smart key chain and this smart password manager in this vault and this excel spreadsheet with a password and all that sort of stuff, which to us makes sense in our little heads. It makes total sense as we grow it over time. But again, we come to it from the aspect of a stressed out loved one who's grieving to try and unpick. And it's a, it's a very different ballgame of security when we come to that aspect of it. [00:12:03] Speaker B: Yeah, 100%. I hear what you're saying. So, okay, so when should people start doing this? Because like people don't necessarily pass away when they're older, right? So people start just doing this today. And then my follow up question for that would be, are we going to have to start having digital estate wills as well to be like, these are where all the things are, this is like, but then what happens if that gets breached? [00:12:30] Speaker A: See, yeah, you're exactly right. And this, this is where it does become that sort of chitting in the egg situation where it's like, well, I need to have this together. But at the same time, that then is a risk point. And, you know, we have that sort of discussion about trying to figure that out. And I, it does come down to understanding. Well, lets say today I sit down and do it. And so going through my situation where my father, who was quite tech savvy, unfortunately passed away quite quickly this year. And when I was going through this process over the last few months, some friends of mine who use lets you know theres not picking on them, its a friend of mine who use Lastpass. Right. Theyre quite happy with Lastpass, they quite like it, but they knew it had an option in there for like a recovery account via a trusted loved one or a trusted friend, but they hadn't set it up. So they had the conversation just over lunch with someone with their best mate said, hey, would you mind if I linked my password vault to your account so that in the event that I die, you can actually access and unlock it for my partner or my children to then at least have access to those passwords which are then for those crucial services. And it doesn't work that they can just log into it straight away. They have to go through some checks and balances. But even just that little conversation just over lunch was enough for them to say, okay, well now at least if I leave here this afternoon, leave work this afternoon, hit by a bus, my friend knows how to access the password that my kids might need to access their school or whatever the case may be. So honestly, it can start with something as simple as that and then going through and seeing. Well, okay, well, which of my accounts maybe I use once every six months, do an sms two factor. Okay. We need to understand that so that what will happen is you will die and your loved ones eventually will start to turn off the services that were linked to you. Right. Because why would I pay for a phone bill anymore when that person's never going to answer the phone ever again? Not to live, but you know what I mean, reality of it. So before you turn that phone off, you better understand exactly how many services are going to try and send an sms to that phone when you need to access them once in a blue moon. Because to then go through and, you know, do a race and get around that two factor can be a bit of a pain. So it's little things like that. So you can do it straight away by looking at what's on offering you have currently that you use that you might have just glossed over and never touched. Similar to, you know, digital wills or I doing a will at all. We all think, well, you know, we're relatively young, we'll be fine for a while. Well, you know, it does only take about half an hour to do a will and it will save a lot of hassle. I think something similar with your digital life is what's definitely going to be coming around the corner. [00:15:14] Speaker B: Yeah, this is interesting, though, isn't it? Because I'm like, yeah, it makes sense, but I'm like, oh, my gosh, there's a risk of what happens if all these digital estate planning wheels are there and it's got all of Alex's bank account details and Carissa Breen stuff and then it gets breached. What a disaster would that be? Why aren't people talking about this? Is it because it's like, oh, this all. But you can't sit there and say, no one's ever gonna die because they do, right? People die suddenly, unfortunately, which is terrible. But then also we get, you know, our parents getting older and things like that and, you know, got grandparents and things like that. Is it just because that we've evolved so much as an industry more so how the Internet started up and, you know, people out there saying, like, oh, you know, there's no rules for the Internet. Well, yeah, it just started up and then it became a wild west. And then much with this digital estate planning, like no one ever pre planned. We're going to start the Internet guys, in the nineties, and then 30 years on from that, we're going to actually do digital estate planning wills. It's like, it's just sort of crept up on us, and now we're trying to retrofit the solution to this problem. [00:16:15] Speaker A: Yeah, 100%. It genuinely has. I think part of it is exactly as you say. It's like our parents getting older has crept up on us, you know, like, I didn't really realize that my dad was in his late seventies until he was in a hospital bed and gone, you know, he was always just my dad, you know, and it's. I'm sure some people have different experiences, but we just. It's icky to think about it. No one wants to think about that sort of thing. But then I would say, if you have kids, look at your kids and go, well, I kind of don't want them to go through the seven layers of hell that is unraveling the key things that they need digitally. Because, you know, we've done security and we've now got chatbots and we've closed branches and we've bought all services online, but we have really left a whole group of people behind, you know, like we in our. I actually asked this question of some friends of mine this morning, just while I was trying to get my thoughts in order for our chat tonight. And it really was that have we left a large swath of our community behind in this digital, you know, rush to get online? Because of the efficiency and the cost savings and the profit making that we can get out of an online presence. Have we actually neglected to even talk about this stuff before? Because, well, it's not about what happens when you're not here. It's all about what happens while you're here and what you do while you're here. Whereas, you know, it is inevitable it will happen to all of us. So we sort of haven't really been trained, if you will, to think about that, you know, in the olden days. Yeah, you do a will, you know, your bank manager, you know, your kids school principal. Thats all great, though. If you die, then you can book an appointment and you can go and speak to this person and get these balls rolling. And I really must preface this by saying that once you get through to people, every service that ive been involved with in this process, like, be it a bank or a superfund or the government, the services, all that sort of stuff. Once you get through to a person, they couldn't be more helpful. They're wonderful. They're truly, truly wonderful. And they've all got rulebook and they've all got playbook for how to deal with this sort of stuff. But actually getting to that person to help can be really, really difficult. And when your adrenaline is running high and you, you know, your, your things, like your stress is high, so your patience is low. And getting a chat bot or getting someone who has a strict script to read to you from before you get through to the complex investigations team or the station of life team or whatever it's called, those particular organizations, that can itself be a bit of a hurdle. And I know my mum, just a little personal story. She was trying to figure out how to access their share trading account just to sell some shares because she didn't need them anymore. And it was a share trading account that I won't name because it doesn't matter. They're all much of a much less. But it was linked to a bank, but obviously wasn't part of the bank. And she was like, well, I'll just go to the branch and get the branch to do it for me. And I was like, mom, the branch weren't. They're a different part of the business. But she didn't understand that, which is fair enough. Like, why would she, you know, it's got the same brand on it. It'd be the same brand, right? But she eventually had to get through to them and say, listen, I'm not getting off the phone. This is my dear mum. I'm not getting off the phone until you give me an appointment to talk to a person because I'm not doing this again. And she just sat there for 90 minutes until I said, all right, cool. Come into the branch on Thursday. Someone will be there. And she went to the branch, and the nice man in the branch literally called the exact same call center that she called and talked her through the process while she was sitting across the desk. But she left there with everything that she needed to be done. Done. But it did take that, I'm not leaving until you sort this out to get her to the person to help her, which I thought was pretty badass myself. But it did take that sort of situation of high stress to get to that point. [00:19:58] Speaker B: Gosh, that sounds terrible. Look, fair enough, right? But is this something that banks and friends are thinking about? Like people are calling up and it's this rigmarole they've got to do something to be like, we've got to make it an easy, seamless process. Do you think businesses are thinking about it or they're too much? Thinking about how much profit they're going to make for their shareholders at the end of the financial year? [00:20:18] Speaker A: I think it's definitely there. As I say, once you get to the right area, it's all there. And because they obviously know, especially insurance, et cetera, they are very well aware customers are dying, so everyone is aware of that. But it is just that initial contact point. It can be very disheartening, let's say that in that situation, you are quite obviously, you're quite upset and you're quite sad. And as I said, all those hurdles that do seem higher than they would seem to us, because I'm sure some of your listeners are sitting there going, chilly. Yeah, dude, fair enough. But a password reset and a portfolio log, and that's not a big deal. Like, well, tell me that when you're 75 and in tears for two weeks, your husband just died suddenly. Tell me then that it's not that big of a deal or not that hard to do, because I tell you what it is hard to do. Even for me, it was hard to do because it's a hell of a situation. So we sort of come at these things from, again, a. Everything's working and we're all contributing point of view, rather than what happens when we don't and we can't anymore, and dealing with that. So just. Yeah, that little bit of dictuitiveness, to use a non existent word, of actually getting through to people is what's needed, because the people will really, really be great to help you. But just getting to them can be hard. [00:21:30] Speaker B: Well, firstly, I'm sorry to hear about your dad. That's awful. And secondly, I'm sorry to hear about all the angst caused to your mom and to yourself. And I think just even listening to your stories is making me realize, like, oh, gosh, like, maybe I need to start having these conversations with myself, with my now new husband, with my parents. And I think it's just something that's good that you brought this to people, because it's something that we just don't think about day to day, ugly and. [00:21:57] Speaker A: Nasty, and it's messy, and it's, unfortunately, reality. And we like to have things, you know, Maddie's thinking for myself, but, you know, we like to have things that we understand. We like to understand security. We like to understand how technology works. But when this happens and your world's turned upside down in the space of a few hours. [00:22:14] Speaker B: So just going back to sort of like the estate planning, is it more. So you just got to have a plan in place to say, like, much to your point, electricity bill, and this is the phone for the two factor, et cetera. Is that the sort of conversation people should be having with their parents, with their wives, with their children, are these the things now that should be addressed? And how would you go about addressing it? Like, you know, as you mentioned before, like, well, if we write all down in a Google Doc and it's sitting on there, like, the risk. And what would be your sort of high level advice to people that are thinking about doing, you know, implementing some of these things to make it a little bit, maybe easier when these things do unfortunately happen? [00:22:55] Speaker A: Yeah. And again, it's a little bit counterintuitive advice to what we normally tell people, which is sometimes you do have to put some of your eggs in the same basket. And this is obviously, you know, knowing full well that that's what crooks love the best, is that all the eggs in one basket, because it's easy just to steal the one basket. But sometimes. So, for instance, password managers, right, cool, great, love them. Lastpass, key pass, whatever is your poison. All great. Cool. But then you have. Chrome's got its own password manager. Braves got its own password manager. Apple's got keychain, then you've got Lastpass, then some. Some of the stuff uses an encrypted excel spreadsheet. Web like. Cool. So now I've got six different passwords that are six different sources of truth for my digital online identity. Cool. I've linked them now to maybe two or three email addresses that I've used over the years, you know, as I migrated through. So just understanding what account is linked to, what password manager can be enough to give your loved ones that starting point so they can say, okay, well, you know, we sit down and we say, you know, husband, wife, partner, life partner, love mine, whatever we are. Cool, here's my life. What do we do? A lot. We pay bills and we use Internet making. We use this and this. All right, cool. Let's at least get that somewhere that we can understand where it is. Be it in one of the four password managers that we have to use. Cool. One big one that I want to call out as being, I think, a security good thing. But a really terrible thing is in Australia, government services that use like a nondescript username because you try and figure out when you literally, even if you got the password saved in your keep pass or your keychain, whatever, like, that is my login to mygov K 123456 or KN 45629. I don't know. I don't know the password to the account. I don't know which account to use, and I got three attempts to do it before I got locked out. Cool. That's great. That's an annoyance day to day. That can seem catastrophic in a really bad part of your life. So even just understanding which account to use, let alone which password to use, that can be the hurdle. So having those discussions about, this is how we're set up. This is how our life is managed. However ugly it is, as long as people know that it's ugly and know where the ugly parts of it are, that can really help you to start to pull those threads. So, yeah, I would just literally sit down with your family or your friends or your loved ones and just say, okay, cool. Here's the key bits and pieces that we need to go even again. Part of the DCP doctor planning of your life type of thing is letting me sit down and try and log into all these accounts, and maybe I can do a bit of account hygiene right now because it's much easier for me to do account hygiene now than it is for someone else to do it on my behalf later on. [00:25:49] Speaker B: So I want to maybe switch gears slightly and you sort of discussed, you know, even in your own experience, that, you know, people are upset. They're. They're worried. They're, you know, they're going through a tumultuous time, but then it sort of means that there's an opportunity for, you know, scammers to scam people because they a bit more vulnerable. Stay. So talk to me a little bit more about this and what this sort of looks like. Do you have any examples, perhaps? [00:26:19] Speaker A: Yeah, it's a wild one. So we opted to not do, you know, an obituary in the paper, although apparently that is still a thing. And people of a certain generation still do use those to keep track of their. Their school, friends, etc. Who are no longer with us. It's a thing, but we opted to not do it. But we did hear a lot of stories from people around us who had used it, and they had got contacts out of the blue, from what I would say, unscrupulous operators trying to sort of say, oh, hey, I see that you've had a loss. Would you like us to come and help you with this part of the funeral? Would you like that? Or, hey, I was talking to your husband so and so last month he said that you wanted to get your roof redone. Would you mind if we came out a chat about the quote, we'll give you discounts since it's just passed. We did hear those stories and I think that's been going on forever, to be honest with you. I think that that sort of thing seems to be, you know, this. Bad guys want money and bad guys being bad guys, you know, that, that, that's what they do, unfortunately. Terrible. One aspect of it, though, that was interesting to me. So obviously with what I do for a living and with my dad being quite security conscious as well. My mum, to her absolute credit, is really mindful of scam and is really mindful of not falling victim and is suspicious of emails, etc. Etc. Etc. Which is great. Perfect. That's the way we'd like it to be. But you get into these situations where, okay, now you are getting a lot of emails that are saying things like sign in from a strange account because a new laptop, I'm sitting next to her using my laptop to try and log into the whatever it is account or, you know, we're using her phone to try my gov three times in the password wrong. So all of a sudden a lot of emails start coming in that we would normally say, yeah, those are indicative of something bad or some sort of scam or whatever. And it's easy enough when you're sitting there to say, yeah, those ones you just ignore, that's just me sitting here, right. But then some of them maybe were a little bit delayed and you'd leave and you'd head home. You say, right, we've done enough for today, everyone's still a bit frazzled. We'll just leave it there until they're going with. And then a few more emails in a row overnight, which would, again, bring a little bit of angst, a little bit of panic, saying, oh, hey, now they've just sent me this one. Is this still right? Rah, rah. And that's nothing that we can fix by not doing it because we do need to do that. But it's just something that, to be aware of that when you are in that heightened state of emotion, but also having that understanding of what game emails look like, what phishing looks like, and we've drilled it into people, rightfully so, this stuff is bad. When it starts flooding into your mailbox for a longer period of time, it is like, okay, at what point do we say, cool, now we can reset back to normal setting, we can stop being a little bit more blase because this happens five times a day now. And now it's time that we can start saying, hey, now it's bad. And sort of forming that. I suppose that timeline of when is good to go is a bit of a hard one. It's a really strange sort of situation to go through. One big one was, and again, not to throw shade at lastpass, because they do what they do and they do it quite well. But the first one that really, really panicked my mum was that we got a dad used lastpass, his password vault. Cool. That's fine, mum. It's all in there. She knew how to drive. Last passion, you where it was that. That was all cool, but like perfectly the wrong time. So, like, right sort of in the middle of the big of the hardest part of the process. Last class, as online services do. Update of the tender service. That happens. You know, we update our tender service. Here's something for you to be aware of. Rah rah. In normal times, you or I would just go, yeah, cool, whatever, you know. Of course we'd all read it fully, notarized it, etcetera. But when that email arrives and we've just been struggling to understand Lastpass, and then all of a sudden an email arrives at 06:00 at night that says LastPass has updated something that causes trouble, because all of a sudden you're like, no, I've just been trying to get hold of this one source of truth, which is this lastpass vault, and all of a sudden it's changing something. And again, normal circumstances, nothing to worry about. Totally cool. But at that point, it was just the totally wrong timing. So little things like that, which again, aren't minimal, but they will send you into a little bit of a spin. When everything's sending you into a spin, at that point, it is a time to be more vigilant, that there are scams and scammers out there and people who are going to take advantage of your situation. But it's also a time to be a little bit less paralyzed by the panic of the. The things that you always told you paralyzed by. It's a really weird sort of situation in that respect. [00:30:58] Speaker B: And maybe I feel like I'm going back a step was just as you're speaking, is this an opportunity for businesses, banks and people like that to have those playable to discuss what people should be doing in these particular circumstances? I haven't seen a lot of that in terms of content, comms. There's a lot of things now coming up about you know, we take security seriously, a lot of that hoo ha. But now it's like, as you're raising this, I'm like, any business out there really talking about this to be like, hey, like, now's a really good time. Maybe it needs to be driven by the government. You know, this impacts them as well. Right? So is this something that will start to emerge now, or do you think it might be a little bit more time until it becomes a little bit more painful, unfortunately for people, until governments and businesses start to move on it? [00:31:39] Speaker A: It's a really good point, and I think it's an interesting one because the government does do a lot of, a lot of awareness. And if you just feel sort of like, what happens, what to do after I die online, for instance, there are government services that take you through some of the key government stuff, but it doesn't really touch on those private services like banks or like, you know, education facilities or whatever the case may be. So those are a little bit, a little bit sort of more in depth. And one thing I didn't come across as a problem, but it is something that I'm aware of and a friend of mine mentioned it this morning, which is interesting. Washington also, simply by logging into your loved one's account to try and take control of your, what is your life now, you're breaching some terms of service. You know, like, I sincerely doubt that anyone will ever cause a stink or make a big deal out of it, but in some cases, you could be breaching the terms of service by logging into someone else's account, even if it is your loved one who's passed and you're trying to, you know, recover your life out of their account. So it can be interesting. Just I wouldn't I even hesitate to mention that it's something that of all the things to worry about, that's the least thing to worry about. But it is something to think about. The way we architected these accounts around, not accessing, not sharing passwords, et cetera, like that, we are sort of necessarily going against our best advice. And I don't think there's an easy solution to that because it is a case of this will only, hopefully only ever happen to each of the couple of times, hopefully. And so therefore, as you say, its not really talked about front of mind. Its not like a daily occurrence, hopefully. So its sort of lower down on the list of scenarios to plan for in engineering their apps or whatever like that. But it is something that we all will have to face once or twice in our lives. So, yeah. Could we be breaching a agreements by trying to do that? I would think in some cases, yes. [00:33:38] Speaker B: That's interesting coin Ashley is just speaking about. That would be though, if it's like maybe there are concessions to be like, okay, you know, KB is not here, husband calls up, therefore it's like, well, he's not really breaching terms of service because there's this concession in place because of the situation. Like, I get it. But like, if someone's going to be that strict, like, that's a lot. [00:34:02] Speaker A: Yeah, I don't imagine really, really happened, but it is just something to sort of think about like when we're doing. And one, one key bit though, actually for your listeners and for yourself also, is the death certificate will take longer than you think to arrive because obviously there's processes to go through to get to it. And a lot of the services that you use will require a death certificate before they can give you any to sign anything over to you. So there is this strange sort of lagged period between, you know, you know, let's be honest, leaving the hospital and dealing with the funeral preparations and then getting documentation that you need to then move on with your life holistically. So it is something just to be a little bit aware of that. Yeah, that can take, I don't know, I forget, it was a little bit over a month for it to come through for us. And in that times, a lot of services online were saying, yep, that's totally fine, we do a process and it will be easy, but we need that start with so things like super funds and self managed super funds, et cetera, like that. Yes, we can unlock that, that stupid, you know, a joint deeper enjoyment or a joint retirement savings account for our american friends. But to do that, we'll need, and oftentimes again, something that I never really wanted to know, but it's worth other people not having to go through and learn. The way I learned it is if someone dies in a hospital, in anything but the most vanilla of circumstances, I think even in any circumstances, when someone dies on hospital, there is a process that happens there and there's the possibility of an investigation or an inquiry or an autopsy, which again, can delay the issuing of the death certificate until those findings are, you know, found. So all of these things will be happening by other people. That's fine. Like, there are obviously processes to kick those things off, but you will have to wait for that documentation to then go to then those services or bank accounts, etcetera, that you need to then rest control of holistically and properly and change, you know, joint account names, that sort of thing. So, yeah, there's just a little bit of lag time there. These things don't happen instantly, but some things seem like they need to, which is a strange sort of situation to be in. [00:36:12] Speaker B: Another question that I'm curious now to know. So, for example, you said the death certificate can take a little bit of time to arrive, but then you're gonna have, like, okay, like, a telecommunications provider. It's like, hi, Carissa, you haven't paid your bill. Well, kind of not around to pay it. And no one else really knows about it. Do they just then shut it off? Do you have to pay the last month? Does it then backdate to the death? Like does in some companies where they try to argue it to be like, well, you didn't inform us for so long. While I was. I was waiting for the death certificate and that wasn't it. How does that sort of work then? [00:36:44] Speaker A: Yeah, it's a wild one. And actually, thank you for reminding me. One thing that I suppose made exacerbated of the situation, which brought it to a bit of a head for us, was that very early on in the pit, like, very early on, maybe a week or two after my dad passed, mum got contacted by their bank that they basically, yeah, you know, your credit card's been compromised. So got issue with a new credit card and cool. That's. Again, in normal times, that's just an annoyance you go through and have to deal with it. But it's like, okay, we haven't had the destiny that yet to change over the group, the joint account to one name. The credit cards linked to the joint account, which there is not one signatory of to do the changeover. So it started this whole mess as well, because all of a sudden she needed a new credit card because someone had hacked probably an online shop somewhere that they used at some point. You know what I mean? So that made things a little bit worse. But, yeah, it really brings a sort of focus. Okay, we've got to pay these bills. What's going to happen? And I had. I had this conversation several times. I said, listen, mum, they want their money, so they're not going to cut off your electricity if you don't pay the bill this week. And it's like, you know, that fear of, if I don't pay today, the lights go off and the car stops working, or, you know, whatever the fear is, because again, you're in this heightened state of anxiety. So it's like, listen, we'll worry about that later on. They're not going to cut off your water. You don't pay the bill because the credit card has just been cancelled in this whole thing. So it is that situation of just, we'll get through this and you can call them and sort of explain the situation and I can't speak for all of them, but that we use work what understanding and sort of said, okay, listen, that service clearly hasn't been used since this date, so we'll sort of work with you to no longer charge you for that service. Things where you've bought a yearly subscription, you're just going to have to wear that, unfortunately. And given that my father passed early in the year, there was a couple of, you know, still had ten months to run sort of subscriptions that we just had to wear because honestly, at that point, it was just about getting the mortgage paid and getting, you know, keeping the lights on type of thing. So, yeah, it definitely will come around. And as always happens when you've had to change your credit card, eventually your yearly direct debit or automatic charge that'll get dishonored and then that'll open up a little wound and you'll have to go, that's right, dad did pay game or whatever it was, and you'll have to go through that process again, which again is nothing particularly major, but are these little setbacks that will happen for, I suppose, a good year or so until it's all sort of taken care of. And then again with, as you mentioned, we're at the top. Facebook memories, iPhone photo memories, you know, Google memories, that sort of stuff. These things will keep coming up. But that's the whole other kettle of fish. [00:39:30] Speaker B: The other thing is as well, is what? Like credit school and things like that. So going back to your point on, like, I haven't paid the bill. Like, they're going to cut my electricity off, which is, you know, a fair enough for you to have, obviously you've got these credit score companies, like, well, you haven't paid. Your bill grows out while Chris is not here. Like, do you think that especially if, you know, marriage with someone, it can have like, flowing effects, right? If you've got a joint mortgage or, you know, joint loan, like, all of those things can impact into your spouse, right? So is there things like that that can be reversed? Because I've, you know, from my experience, I've, you know, I've seen that they say, well, no, we can't, we can't reverse that. You know, I worked in a bank and stuff before. Like, you know, this is, this is what it is. So like, how does that sort of work? [00:40:10] Speaker A: The credit history is written in the link, right? Remove bad marks. Isn't that the Google term to search for for yourself? Remove bad marks from credit history and try and see how you go. But luckily enough we live out to get down that path. But I would imagine definitely, especially if you are missing mortgage payments because you're trying to organize things or, you know, in an extreme case, people may not know that I was still paying a mortgage. I mean, let's be really, really, really honest about it. This is a certain generation of people who potentially one partner did do the bulk of the financial work, the family, you know, very much a possibility. And it was all just set up and it all just worked. And when they vanish, there can be situations where you don't know there was a bill that you had to pay, just simply don't know. And especially in these days, you know, to use a microcosm example, things like car registration. Car registration is done, I think, in most states now via email, right? It's no longer, you no longer get a letter in the mail. I got caught by that once, actually, if that happened to you in a relationship because there was an email address that simply you didn't know about or that you weren't privy to or that you hadn't considered that you needed to get access to again. And that's the one that gets these renewal license renewal notes. All of a sudden you can be in a fair bit of trouble, you know, a year or so down the line when these renewals get ignored or just simply don't get action because you don't see them because you didn't know they existed or that they were going to that account. So part of that list of things to do could be, okay, well, when did we pay the car register? When do we pay the insurance? When you pay the life insurance, hopefully you've got some life insurance through super funds or whatever the case may be, but these things are part of that planning for your own digital life to understand, what do I have? You know, and oftentimes if we're lucky enough to have an employer or we're lucky enough ourselves to do private health insurance, we do get some sort of coverage or death or parent disability through that understanding what you actually have. You know, we often talk about that with, you know, technology solutions for security problems, right? It's like, oh, you've got to buy the leads scene and you got to have the coolest new, you know, monitoring, monitoring technology or whatever the case may be. Oftentimes you've already got as part of some other bundle that you're already paying for. You just didn't know about it yet. I think it's true. Oftentimes with our life and our not being here anymore, oftentimes we do have some types of COVID that we just didn't know about. And, you know, a few grand here or there can make a big difference if you're trying to desperately, you know, regain control of your life whilst dealing with a maelstrom around you. So understanding those types of things, you may not need full on life insurance, but maybe you've got a little bit to cover by your, you know, your union or whatever, maybe your private health. It could be worth understanding that because I know myself when I was younger, I wouldn't even have thought about it. Wouldn't even have thought about it, would not have crossed my mind. I had permanent disability insurance cover through my private health or whatever. They wouldn't even did it. [00:43:14] Speaker B: Yeah. Well, I think, you know, you coming on the show today has actually, you know, given people something to think about, perhaps. I don't think a lot of people are actively thinking about this, but I'm glad that you came on to share your own personal experience. And again, I'm sorry about your dad, but I hope that your story can encourage other people to take more proactive steps. Alex, is there anything sort of you'd like to leave our audience with today? Any closing comments, final thoughts? [00:43:37] Speaker A: Yeah, I would love to mention. So I'm one of the directors of Australian Security conference, cancercharity fundraiser called security to cure. That's Securitythe number two cure.com dot au. We had one last year. It's basically set up by a few of us who have been touched by cancer, myself and my father and a few of the other organizers as well. Around, it's around getting security conference together, but all proceeds and all funds raised we put to cancer research. And we do have a bit of a focus on somewhat on the sort of personal aspects, security, be they mental health or, you know, dealing with burnout, that sort of stuff, as well as traditional security topics. And we do some good panels where people will talk about. I seem to be getting a bit of a name for talking about uncomfortable topics, but yeah. So security to cure, so accommodate you, we'd love to have you along. We're doing one in Brisbane on August 9 and Sydney on August 23 this year. They're really good fun. Don't let me make it sound like it's mortal and bad. It's not a great time. Good for everyone to get together. Plus, it's helping you really good tours. So yeah. [00:44:57] Speaker B: This is KVcast, the voice of Cyberez. Thanks for tuning in. For more industry leading news and thought provoking articles, visit KBI Media to get access today. This episode is brought to you by Mercsec, your smarter route to security talent. Mercsec's executive search has helped enterprise organizations find the right people from around the world since 2012. Their on demand talent acquisition team helps startups and mid sized businesses scale faster and more efficiently. Find out [email protected] today.