Login

Promote Your Company       |     Contact

Independent Cyber News.

The Voice of Cyber®

KBKAST
Episode 267 Deep Dive: Alex Tilley | Digital Estate Planning
Data Management | Identity & Access Management
First Aired: July 10, 2024
Click Here
Click Here
Click Here
Click Here
Click Here
Click Here
Click Here
Click Here
Click Here
Click Here

In this episode of KBKast, we welcome back Alex Tilley, Intelligence and Research Lead, APJ from Secureworks, to explore the often overlooked topic of digital estate planning. Alex shares personal experiences and highlights the challenges of accessing digital assets after a loved one’s passing. He dives into the complexities of managing deceased loved ones’ digital accounts, the importance of notarized copies of death certificates, and the challenges posed by 2-factor authentication and security practices. Alex also stresses the need for open discussions and better preparation for managing digital estates, especially in the context of an aging population, urging individuals to start the estate planning conversation and document important digital information for their loved ones.

With over 20 years of experience in computer security and cybercrime, Alex Tilley is a highly awarded cybercrime researcher. Beginning his career in the online casino industry on Australia’s Gold Coast, Alex went on to implement and administer many varieties of network security technologies within Australia’s banking industry. Alex was on the forefront of research and countermeasures when phishing and malware first began to attack banking platforms and customers. When he later became the Australian Federal Police’s senior cybercrime technical analyst, he combined his technical background with an analytical approach to discover “who” the cybercriminals were, why they were attacking specific targets, and what they were looking for. This included identifying exposing online child predators as well as cybercriminals.  During this time Alex become a key member of the operations team responsible for many high profile cases.

Alex is now head of Threat Intelligence and research for Asia Pacific Japan (APJ) for Secureworks a global IT security and research leading company. Where we uses his wealth of experience to help organisations at all levels from the board to operational techs understand the organisational and technical aspects of State-sponsored cyber attacks as well as cybercrime in all its forms.

Find more about Security2Cure here.

Help Us Improve

Please take two minutes to write a quick and honest review on your perception of KBKast, and what value it brings to you professionally. The button below will open a new tab, and allow you to add your thoughts to either (or both!) of the two podcast review aggregators, Apple Podcasts or Podchaser.

Rate KBKast

Other Recent Podcasts

Episode Transcription

These transcriptions are automatically generated. Please excuse any errors in the text.

Alex Tilley [00:00:00]:
It creates a giant mess for those who love you to try and untangle. It really is 1 of those situations where as we grow with our online lives and we, you know, obviously, everything these days is online or some sort of online aspect. And we as security professionals, you know, move towards having perfect security inverted commas, whatever that means. Our lives after we cease to be here are completely interlinked with the security that we applied to those things as we’re supposed to do while we’re alive. And once someone tries to unpick those threads of a life, it really become quite apparent when you haven’t planned or haven’t even thought about what happens after me.

Karissa Breen [00:00:55]:
Joining me back on the show is Alex Tilly, intelligence and research lead APJ from SecureWorks. And today, we’re discussing digital estate planning. So, Alex, thank you so much. Welcome back. It’s wonderful to have you here again. I know that our last interview, you were quite popular on social media, so why not have you back?

Alex Tilley [00:01:18]:
Awesome. Thank you, KB, for having me. I’m stoked to be here.

Karissa Breen [00:01:21]:
Okay. So I want to start with I’m curious to know, like, your definition of digital estate planning. Never heard that term before, so I kind of maybe get the gist of it, but I’m keen to hear sort of your your view.

Alex Tilley [00:01:35]:
I started thinking about it as sort of BCP and Doctor planning for your life. Really sort of like we do all this planning for what happens if, you know, the hot site goes down or whatever like that, or the link goes down, but we never really do planning for what happens when we go away and by go away, I mean, the ultimate going away forever type thing. So it’s sort of around getting your self and your digital life, your online life ready for the moment when you’re not here anymore. And unfortunately, sometimes that can happen quite suddenly. So it’s about sort of making sure that your your loved ones are able to, I suppose, pick up the pieces of your digital life and move on with their lives as it may be during those terrible months after the inevitable happens.

Karissa Breen [00:02:19]:
Yeah. You raise a great point. And I like when you said it’s the, BCP for, you know, our wife. I like it. That’s a good analogy You’re a parallel too. But it’s interesting because I’ve been thinking about this over the years, and it’s like, you know, back in the day when you people would die, like, we don’t have Facebook and LinkedIns and Instagrams. So what actually happens to your digital life footprint when you die?

Alex Tilley [00:02:43]:
Honestly, it creates a giant mess for those who love you to try and untangle. It really is 1 of those situations where as we grow with our online lives and we, you know, obviously everything these days is online or some sort of online aspect. And we as security professionals, you know, move towards having perfect security, inverted commas, whatever that means. Our lives after we cease to be here are completely interlinked with the security that we applied to those things as we’re supposed to do while we’re alive. And once someone tries to unpick those threads of a life, it really become quite apparent when you haven’t planned or haven’t even thought about what happens after me to these things, which are unfortunately pretty much crucial to our lives. Things like banks and power bills and schools and universities and government services, etcetera. They’re all online as we move, move. Well, we have moved to a completely digital life pretty much.

Alex Tilley [00:03:41]:
So we’re not really used to certain age, perhaps, of an aging population, how to then reverse engineer that entire life back to make it usable and for for our loved ones to continue on with their life.

Karissa Breen [00:03:54]:
Yes. So, Alex, what I’m standing with Facebook, you can nominate friends or family that choose what they want to do with your Facebook profile after you die. That’s the only real thing that I’m aware of. But obviously, you know, I live in New South Wales. You’ve got the New South Wales app and stuff like that. Like, I haven’t seen any mechanism that they would use, which would say, hey, You know, Carissa Breen, she, unfortunately, has died. The how do people go about, like, notifying these organizations to say, this is a problem now. We need to close your account and all because there’s so many different things now than it ever was before.

Karissa Breen [00:04:34]:
So I’m just it’s curious that some have the mechanism, a lot don’t.

Alex Tilley [00:04:38]:
It’s massive. And it honestly, it it’s a really gargantuan sort of hill to climb when you’re dealing with probably the worst time of your life. And that’s the interesting part about it to me. Well, not interesting, terrible time, but it’s like we as student professionals will look at it and go, well, yeah, of course. But, you know, you’ve got to have password and you’ve got to have 2 factor, all that sort of stuff. And that’s all great. But you need to put yourself in the mind of a 75 year old person who’s maybe able to do Internet banking, does Facebook, etcetera, as you say. And then all of a sudden, they gotta do all of this stuff online and just unraveling what they need to look at is huge.

Alex Tilley [00:05:14]:
So a good 1 is Services Australia for those Australian listeners of yours. They can basically, it looks like you contact them and they take care of a lot of the government stuff. Although a little word to the wise, having gone through the process, you don’t actually get any, indication that they’ve done anything. You just sort of send them off, oh, 1 massive thing is the death certificate. Getting the death certificate, when you finally the death certificate for your loved 1, make sure that you make as many notarized copies of it as you possibly can because you’re gonna need them and you’re gonna lose them. And a lot of places will need them. So things like Services Australia and banks, share trading platforms, all of these things will need that information in order to start that process. So most organizations in most places do have a process.

Alex Tilley [00:06:00]:
It’s just about getting to the same to that right person. And when you’re in say if you go to via hospital, when you’re in the hospital, there are pamphlets and sort of leaflets and support doses available that tell you some of those major things to kick start the process. You hear what you need to do to inform births, deaths, and marriages, etcetera, etcetera, etcetera. But then you go home and it’s like, okay. You know, how do I now cut across Facebook? How do I cut across, you know, the the the shares that I think my husband had or my wife had? How do I cut across, well, who was our financial adviser? Where’s our Medicare user ID? All of these things just grow as massive problems because at that point in your life, unfortunately, any hurdle is a massive hurdle. Any little slip in the way that sort of makes it harder for you to go through. And as you mentioned, you know, some people can nominate on Facebook to sort of see or not to see your profile. It’s a similar thing in life.

Alex Tilley [00:06:56]:
You you start to have to log into your dead loved one’s phone to do 2 factor authentication codes, etcetera, because it’s not readily available to you, which account that you’re about to try and unlock or access is gonna need that phone. So there’s a lot of those little stresses that come out. And by doing perfect security or good security practice, we do unfortunately make that process a lot more difficult than it needs to be. And I ain’t saying that there’s an easy answer to it. I’m just saying that it’s a problem that we don’t really address openly in this society. And given that we have an aging population, it’s gonna become a huge problem if if it isn’t already a problem. And everyone that I speak to says, yeah. We had a hell of a time dealing with it when my dad died and my mom died or something like that.

Alex Tilley [00:07:39]:
So it’s a real problem that we’re just not talking about.

Karissa Breen [00:07:42]:
Yeah. This is interesting. So just going back to Services Australia for a moment. So you’re saying you call them up and say, alright, miss Irene. I I’m I’m gonna say I’m gonna use myself as an example because I don’t use anyone else. He’s not here anymore. Like, we’re gonna do something. But you’re saying that they don’t get back, so they didn’t give you an update.

Karissa Breen [00:07:59]:
So it just goes into a black hole, and that’s the end.

Alex Tilley [00:08:02]:
It it doesn’t seem to be so. I I did it with with my mom, part of the 1, 000, 000 different tasks that we had to do that took months to go through. 1 of them was with okay. Service Australia, they’ll take care of your I think it’s births, deaths, and marriages, Medicare, your myGov, and a couple of other services. So so they are quite a good centralized hub. And you submit the online form. There is a phone number you can ring, but we could sort of submitted it. And they say and they get back to you and say, yep.

Alex Tilley [00:08:27]:
We we received your submission. Thank you very much. But you never actually get told, okay, Medicare’s got your details and they’ve updated it. Okay. You know, Pentalink put your details and they’ve updated their records. You know? Like, you never seem to get feedback that those bits have been done, and it can sort of slip your mind because you say, well, I’ve just I’ve done that. I’ve let Citizens Australia know, and off we go. But that feedback loop didn’t seem to be there.

Alex Tilley [00:08:49]:
I think they were very good and accept the information, and you just have to assume that they’re working with it. But I did expect some sort of update, if that makes sense, of, yep. We’ve done these things. You don’t have to worry about that anymore. You’ve got so much else to worry about. These bits we’ve taken care of. That’s cool. You know?

Karissa Breen [00:09:05]:
Well, an update would help, to be honest. But, anyway, just thought I I was just curious on that front. But then, you know, you said, like, people aren’t speaking at. You’re right. Like, in almost what 270 podcasts I’ve done, I’ve never ever spoken about digital estate planning, nor has anyone bought it into my psyche. No one’s raised it. So clearly, this is a problem. What do we sort of do about it?

Alex Tilley [00:09:25]:
In order for someone to come and take over our lives, the even if they are a trusted loved 1, We need to we do need to give over some of our digital life to them initially so they can do that process. So when I talk about, you know, digital Doctor or BCP for your life or whatever I sort of think about calling it, 1 of the aspects of that is, okay, let’s now sit down as an individual first and take stock of all of our crucial online accounts and write them all down, you know, get them all clear in our head because biggest part of it is that if you can’t sit down and do it now when you’re clear headed and still with us, Good luck to your loved 1 doing it when they’re in the middle of the worst few months of their lives. So now’s the time to do it and to find out where the problems are and to make it clear to yourself, okay, these accounts are all linked via this email account. And of them, let’s star a couple that need this mobile phone for 2 factor. Let’s make this nice and clear for ourselves so we can track that online fingerprint as it were. Now, obviously, we have the caveat of everyone’s got that arrangement with a friend of theirs to delete the browser history. We all joke about that. 1 thing when I talk to people is, oh, there are certain things that I wouldn’t like my wife or my kids or my husband or whatever to know about.

Alex Tilley [00:10:41]:
And it’s like, that’s fine, whatever. But don’t let embarrassment of that stuff drop you from putting together the key pieces that they’ll need to carry on with their lives. Because when someone goes through a sudden death or a a short protracted illness, you simply don’t have the time to say, oh, yeah. For the mortgage payments, you’ve got to log into this. And, oh, yeah. There’s some shares in Comsec over here, but also the wealth management or whatever it is is via this mob over here, you know, and or really basic stuff. The electricity bill comes to this email account and we pay it using this credit card. These are really simple things We often set up as we go through life, just, you know, as you get a new electricity provider, say you understand how you pay that bill, but we might not communicate that with each other enough.

Alex Tilley [00:11:27]:
So it’s about making sure that everyone involved knows at least where to start finding those pieces to unravel your life because we can get caught up in, well, I’m gonna use this really smart keychain and this smart password manager and this vault and this, you know, Excel spreadsheet with a password, all that sort of stuff, which to us makes sense in our little heads. It makes total sense as we grow it over time. But again, we come to it from the aspect of a stressed out loved 1 who’s grieving to try and unpick. And it’s a, it’s a very different ballgame of security when we come to that aspect of it.

Karissa Breen [00:12:03]:
Yeah. A 100%. I hear what you’re saying. So okay. So when when do people start doing this? Because, like, people don’t necessarily pass away when they’re older. Right? So people start just doing this today. And then my follow-up question for that would be, are we gonna have to start having digital estate wills as well to be like, well, these are what all the things are. This is like, but then what happens if that gets breached?

Alex Tilley [00:12:31]:
See, yeah, you’re exactly right. And this this is where it does become that sort of cheating in the egg situation where it’s like, well, I need to have this together, but at the same time, that then is a risk point. And, you know, we we have that sort of discussion about trying to figure that out. And it does come down to understanding, well, let let’s say today I sit down and do it. And so going through my situation where my father, who was quite tech savvy, unfortunately, passed away quite quickly this year. And when I was going through this process over the last few months, some friends of mine who use let’s, I’ll you know, this is not picking on them. It’s a friend of mine who use LastPass. Right? They’re quite happy with LastPass.

Alex Tilley [00:13:07]:
They quite like it, but they knew it had us an option in there for, like, a a recovery account via a trusted loved 1 or a trusted friend, but they hadn’t set it up. So they had the conversation just over lunch with someone with their best mates and said, hey. Would you mind if I linked my password vault to your account so that in the event that I that I die, you can actually access and unlock it for my partner or my children to then at least have access to those passwords, which are then for those crucial services. So and it doesn’t work, but they can just log into it straight away. They have to go through some checks and balances. But even just that little conversation, just just over lunch was enough for them to say, okay. Well, now at least if I leave here this afternoon, leave where it’s afternoon and hit by a bus, my friend knows how to access the password that my my my kids might need to access their school or whatever the case may be. So, honestly, it can start with something as simple as that.

Alex Tilley [00:14:04]:
And then going through and seeing, well, okay. Well, which of my accounts maybe I use once every 6 months do an SMS 2 factor? Okay. We need to understand that so that what will happen is you you will die, and your loved ones eventually will start to turn off the services that were linked to you. Right? Because why would I pay for a phone bill anymore when that person’s never gonna answer the phone ever again? Not to be glib, but you know what I mean? That’s the reality of it. So before you turn that phone off, you better understand exactly how many services I get to try try and send an SMS to that phone when you need to access them once in a blue moon. Because to then go through and, you know, do a re and and get around that 2 factor can be a bit of a pain. So it’s little things like that. So you can do it straight away by looking at what’s on offerness you have currently that you use that you might have just glossed over and never touched.

Alex Tilley [00:14:57]:
Similar to, you know, digital wills or doing a will at all. We all think, well, you know, we’re we’re we’re relatively young. We’ll be fine for a while. Well, you know, it does only take about half an hour to do a will, and it will save a lot of hassle. I think something similar with your digital life is what’s definitely going to be coming around the corner.

Karissa Breen [00:15:14]:
Yeah. This is interesting though, isn’t it? Because I’m like, yeah, it makes sense. But I’m like, oh my gosh, there’s a risk of what happens if all these digital estate planning wheels are there, and it’s got all of Alex’s bank account details and Carissa Breen’s stuff, and then it gets breached. What a disaster would that be? Why aren’t people talking about this? Is it because it’s like, oh, this little like, you can’t sit there and say no one’s ever gonna die because they do. Right? People die suddenly, unfortunately, which is terrible. But then also we get, you know, our parents getting older and things like that and, you know, your grandparents and things like that. Is it just because that we’ve evolved so much as an industry, more so how the Internet started up and, you know, people out there saying, like, oh, you know, there’s no rules for the Internet. Well, yeah, it just started up and then it became a wild west.

Karissa Breen [00:15:57]:
And then much with this digital estate planning, like, no 1 ever preplanned. We’re gonna start the Internet guys in the nineties. And then 30 years on from that, we’re going to actually do digital estate planning wheels. It’s like it’s just sort of crept up on us. And now we’re trying to retrofit the solution to this problem.

Alex Tilley [00:16:15]:
Yeah. 100%. It genuinely has. I I think part of it is exactly as you say. It’s like our parents getting older has crept up on us. You know, like I didn’t really realize that my dad was in his late seventies until he was in a hospital bed and gone. You know, he was always just my dad. You know? And it’s, I’m sure some people have different experiences, but we just it’s icky to think about it.

Alex Tilley [00:16:37]:
No 1 wants to think about that sort of thing. But then I would say if you have kids, put your kids and go, well, I kinda don’t want them to go through the 7 layers of hell that is unraveling the key thing that they need digitally because, you know, we’ve done security, and we’ve now got chatbots, and we’ve closed branches, and we’ve bought all services online, but we have really left a whole group of people behind. You know, like we, you know, I actually asked this question of some friends of mine this morning just while I was trying to get my thoughts in order for our chat tonight. And it really was. And that have we left a large swath of our community behind in this digital, you know, rush to get online because of because of the efficiency and the cost savings and the profit making that we can get out of an online presence. Have we actually neglected to even talk about this stuff before? Because, well, it’s not about what happens when you’re not here. It’s all about what happens while you’re here and what you do while you’re here. Whereas, you know, it is inevitable, it will happen to all of us.

Alex Tilley [00:17:39]:
So we sort of haven’t really been trained, if you will, to think about that. You know? In the olden days, you you do a will. You know your bank manager. You know your kid’s school principal. That’s all great. So if you die, then, you know, you can book an appointment and you can go and speak to this person and get these these balls rolling. And I I really must preface this by saying that once you get through to people, every service that I’ve been involved with in this process, like be it a bank or a super fund or the government services, all that sort of stuff, Once you get through to a person, they couldn’t be more helpful. They’re wonderful.

Alex Tilley [00:18:16]:
They’re truly, truly wonderful. And they’ve all got rule book and they’ve all got playbook for how to deal with this sort of stuff, but actually getting to that person to help can be really, really difficult. And when your adrenaline is running high and you, you know, your your things like your stress is high, so your patience is low, and getting a chatbot or getting someone who has a strict script to read to you from before you get through to the complex investigations team or the, you know, station of life team or whatever it’s called at those particular organizations, that can itself be a bit of a hurdle. And I know my, my mom, just a little personal story. She was trying to figure out how to access their share trading account just to sell some shares because she didn’t need them anymore. And it was a share trading account that I won’t name because it doesn’t matter. They’re all, you know, they’re all much and much less, but it was linked to a bank, but obviously wasn’t part of the bank. And she was like, well, I’ll just go to the branch and get the branch to do it for me.

Alex Tilley [00:19:09]:
And I was like, mom, the branch won’t be a different part of the business, but she didn’t understand that, which is fair enough. Like, why would she, you know, it’s got the same brand on it. It’d be the same bank. Right. But she eventually had to get through to them and say, listen, I’m not getting off the phone. This is my, my, my dear mom. I’m not getting off the phone until you give me an appointment to talk to a person because I’m not doing this again. And she just sat there for not even until I said, alright, cool.

Alex Tilley [00:19:31]:
Come into the branch on Thursday. Someone will be there. And she went to the branch, and the nice man in the branch literally called the exact same call center that she called and talked her through the process while she was seeing it across the desk. But she left there with everything that she needed to be done done, but it did take that. I’m not leaving until you sort this out to get her to the person to help her. Which I thought was was was pretty badass myself, but it did take that sort of situation of high stress to get to that point.

Karissa Breen [00:19:59]:
Gosh. That sounds terrible. Look. Fair enough. Right? But is this something that banks and friends are thinking about? Like, people are calling up and it it’s this rigmarole. They’ve gotta do something to be like, we gotta make it an easy, seamless process. Do you think businesses are thinking about it, or they’re too much thinking about how much profit they’re gonna make for their shareholders at the end of the financial year?

Alex Tilley [00:20:18]:
I think it’s definitely there. As I say, once you get to the right area, it’s all there. And it you know, because they obviously know, especially, you know, insurance, etcetera, they are very well aware customers are dying. That’s, you know, that this is so everyone is aware of that, but it is just that initial contact point. It can be very disheartening. Like, let’s say that in that situation, you are quite, obviously, you’re quite upset and you’re quite sad. And as I said, all those hurdles that do seem higher than they would seem to us is I’m sure that some of your listeners are sitting there going, chilly. Yeah, dude.

Alex Tilley [00:20:49]:
Fair enough. But a password reset and a portfolio log, and that’s not a big deal. Like, well, tell me that when you’re 75 and in tears for for 2 weeks, you have them just die suddenly. Tell me then that it’s not that big of a deal or not that hard to do because I’ll tell you what, it is hard to do. Even for me, it was hard to do because it’s it’s a hell of a situation. So we sort of come at these things from, again, a everything’s working and we’re all contributing point of view rather than what happens when we don’t and we can’t anymore and dealing with that. So just, yeah, that little bit of detritiveness to use a non existent word of actually getting through to people is what’s needed because the people will really, really be great to help you, but just getting to them can be hard.

Karissa Breen [00:21:30]:
Well, personally, I’m sorry to hear about your dad. That’s awful. And secondly, I’m I’m sorry to hear about all the the angst, of course, to your mom and to yourself. And I think just even listening to your stories is making me realize, like, oh gosh. Like, maybe I need to start having these conversations with with myself, with my now new husband, with my parents. And I think it’s just something that’s good that you brought this to people because it’s something that we just don’t think about day to day.

Alex Tilley [00:21:56]:
I went nasty, and it’s messy at, unfortunately, reality. And we like to have things, you know, maybe speaking for myself, but, you know, we like to have things that we understand. We like to understand security. We like to understand how technology works. But when this happens, your world’s turned upside down in the space of a few hours.

Karissa Breen [00:22:14]:
So just going back to sort of the the estate planning, is it more so you just gotta have a plan in place to say, like, much to your appointment full electricity bill and this is the phone for the 2 2 factor, etcetera. Is that the sort of conversation people should be having with their parents, with their wives, with their children? Are these the things now that should be addressed? And how would you go about addressing it? Like, you know, as you mentioned before, like, well, if you write all down in a Google Doc and it’s sitting on there, like, the risk and what would be your sort of pile of advice to people that are thinking about doing, you know, implementing some of these things to make it a little bit maybe easier when these things do unfortunately happen.

Alex Tilley [00:22:55]:
Yeah. And it it again, it’s a little bit counterintuitive advice to what we normally tell people, which is sometimes you do have to put some of your eggs in the same basket. And this is obviously, you know, knowing full well that that’s what crooks love the best is that all the eggs in 1 basket. Cause then it’s easier just to steal the 1 basket, but sometimes, so for instance, password managers, right? Cool. Great. Love them. Last pass, keep up. Whatever’s your poison.

Alex Tilley [00:23:21]:
All great. Cool. But then you have, Chrome’s got its own password manager. Braves has its own password manager. Apple’s got key chain. Then you’ve got last pass. Then some, some of the stuff uses an encrypted Excel spreadsheet or whatever. Cool.

Alex Tilley [00:23:33]:
So now I’ve got 6 different passwords that are 6 different sources of truth than my digital online identity. Cool. I’ve linked them now to maybe 2 or 3 email addresses that I’ve used over the years, you know, as as I’ve migrated through. So just understanding what account is linked to what password manager can be enough to give your loved ones that starting point. So I can say, okay. Well, you know, we sit down and we say, you know, husband, wife, partner, wife, partner, love, man, whatever we are. Cool. Here’s my life.

Alex Tilley [00:24:06]:
What do we do? We have a lot, we, we pay bills and we use it to make him use this and this. Alright. Cool. Let’s at least get that somewhere that we can understand where it is. To get in 1 of the full password managers that we have to use, cool. 1 big 1 that I wanna call out as being, I think, a security good thing, but a really terrible thing is, in Australia government services that use like a nondescript username because you try and figure out when you’re, you know, literally, even if you got the password saved in your key pass or your key chain, whatever like that, is my login to my gov k 123456orkn45629? I don’t know. I don’t know the password to the account. I don’t know which account to use, and I got 3 attempts to do it before I got locked out.

Alex Tilley [00:24:53]:
Cool. That’s great. That’s an annoying day to day that can seem catastrophic in a really bad part of your life. So even just understanding which account to use, let alone which password to use, that can be the hurdle. So having those discussions about this is how we’re set up, this is how our life is managed, however ugly it is, as long as people know that it’s ugly and know where the ugly parts of it are, that can really help you to start to pull those 3rd threads. So, yeah, I would just literally sit down and pit with your family or your friends or your loved ones and just say, okay, cool. Here’s the key bits and pieces that we need to go. Even again, part of the DCP slash Doctor planning of your life type of thing is let me sit down and try and log into all these accounts.

Alex Tilley [00:25:40]:
And maybe I can do a bit of account hygiene right now. Because, you know, it’s much easier for me to do account hygiene now than it is for someone else to do it on my behalf later on.

Karissa Breen [00:25:49]:
So I wanna maybe switch gears politely. And you sort of discussed, you know, even in your own experience that, you know, people are upset. They’re they’re worried. They’re, you know, they’re going through a tumultuous time. But then it sort of means that there’s an opportunity for, you know, scammers to scam people because they’re a bit more vulnerable state. So talk to me a little bit more about this and what this sort of looks like. Like. Do you have any examples perhaps?

Alex Tilley [00:26:19]:
Yeah. It’s it’s a wild 1. So we opted to not do, you know, an obituary in the paper. Although, apparently, that that is still a thing, and people of a certain generation still do use those to keep track of their their school friends, etcetera, who are no longer with us. It’s it’s a thing. But we we opted to not do it, but we did hear a lot of stories from people around us who had used it, and they had got contacts out of the blue from what I would say unscrupulous operators trying to sort of say, oh, hey. I see that you’ve had a loss. Would you like us to come and help you with this part of the funeral? Would you like that? Or, hey.

Alex Tilley [00:26:54]:
I was talking to your husband so and so last month. He said that you wanted to get your roof redone. Would you mind if we came and had a chat about the quote? We’ll give you discounts since he just passed. We did hear those stories, and I think that’s been going on forever, to be honest with you. I think that that sort of thing seems to be you know, there’s bad guys want money and bad guys being bad guys. You know? That that that’s what they do. Unfortunately, terrible. 1 aspect of it, though, that was interesting to me.

Alex Tilley [00:27:20]:
So obviously with what I do for a living and and with with my dad being quite security conscious as well, my mom, to to her absolute credit, is really mindful of scam and is really mindful of not pulling victim and is suspicious of emails, etcetera, etcetera, etcetera, which is great. Perfect. That’s the way we’d like it to be. But you get into these situations where, okay, now you are getting a lot of emails that are saying things like sign in from a strange account because or a new laptop. I’m sitting next to her using my laptop to try and log in to the whatever it is account or, you know, we’re using her phone to try my gov 3 times and the password wrong. So all of a sudden, a lot of a lot of emails start coming in that we would normally say, yeah, those are indicative of something bad or some sort of scam or whatever. And it’s easy enough when you’re sitting here to say, yeah, those ones you ignore. That’s just me sitting here.

Alex Tilley [00:28:11]:
Right? But then some of them maybe were a little bit delayed, and, you know, you’d leave and you’d head home. You say, alright. We’ve we’ve done enough for today. You know, everyone’s a little still a bit frazzled. We’ll just, you know, leave it there and sort of go on with it. And then a few more emails would arrive overnight, which would again bring a little bit of angst, a little bit of panic saying, oh, hey. Now they’ve just sent me this 1. Is this still right? Rara.

Alex Tilley [00:28:33]:
And that’s that’s nothing that we can fix by not doing it because we we do need to do that, but it’s just something that to be aware of that when you are in that high heightened state of emotion, but also having that understanding of what gaming miles look like, what fishing looks like, and you’ve we’ve drilled it into people rightfully. So this stuff is bad when it starts flooding into your mailbox for a longer period of time, it is like, okay, at what point do we say, cool. Now we can reset back to normal setting. We can stop being a little bit more blase because this happens 5 times a day now. And now it’s time that we can start saying, hey. Now it’s bad. And sort of forming that, I suppose, that that that timeline of when it’s good to go is a bit of a hard 1. It’s a really strange sort of situation to go through.

Alex Tilley [00:29:19]:
1 big 1 was, and again, not not to throw shade at last pass because the the they do what they do and they do it quite well. But the first 1 that really, really panicked my my my mom was that we we got her dad use LastPass as password. Well, cool. That’s fine. Mom, it’s all in there. She knew how to drive LastPass. She knew where it was. That that was all cool.

Alex Tilley [00:29:39]:
But the like, perfectly the wrong time, but, like, right sort of in the middle of the big, of the hardest part of the process. Last class ads, online services do update of the tender service. That happens. You know, we, we update our tender service. Here’s something for you to be aware of. In normal times, you or I would just go, yeah, cool. Whatever. You know, of course, we’d all read it, fully notarize it, etcetera.

Alex Tilley [00:30:04]:
But when that email arrives and we’ve just been struggling to understand LastPass and then all of a sudden an email arrives, it’s at night that says LastPass has updated something that causes trouble because all of a sudden, you’re like, no. I’ve I’ve just been trying to get hold of this 1 source of truth with this, which is this last pass vault. And all of a sudden it’s changing something. And again, normal circumstances, nothing to worry about. Totally cool. But at that point, it was just the totally wrong timing. So little things like that, which again are minimal, but they will send you into a little bit of a spin when everything’s sending you into a spin at that point. It is a time to be more vigilant that there are scams and scammers out there and people who are gonna take advantage of your situation, but it’s also a time to be a little bit less paralyzed by the panic of the things that we’ve always told you to be paralyzed by.

Alex Tilley [00:30:54]:
It’s a really weird sort of situation in that respect.

Karissa Breen [00:30:58]:
And maybe I feel like I’m going back a step was just as you’re speaking. Is this an opportunity for businesses, banks, and people like that to have those playbook to discuss what people should be doing in these particular circumstances? I haven’t seen a lot of that in terms of content, comms. There’s a lot of things now coming up about, you know, we take security seriously, a lot of that hoo But now it’s like, as you’re raising this, I’m like, I think any business out there really talking about this. You’re like, hey. Like, now is a really good time. Maybe it needs to be driven by the government. You know, this impacts them as well. Right? So is this something that will start the merge now, or do you think it might be a little bit more time until it becomes a little bit more painful, unfortunately, for people until governments and businesses start to move on it.

Alex Tilley [00:31:39]:
It’s a really good point, and I think it’s an interesting 1 because the government does do a lot of a lot of awareness. And if you just Google sort of, like, what happens what to do after I die online, for instance, there are government services that take you through some of the key government stuff, but it doesn’t really touch on those private services, like banks or like, you know, education facilities or whatever the case may be. So those are a little bit a little bit sort of more in-depth. And 1 thing I didn’t come across as a problem, but it is something that I’m aware of. And and a friend of mine mentioned it this morning, which which is interesting, was also simply by logging into your loved one’s account to try and take control of your what is your life now, you’re breaching some terms of service. You know, like I, I sincerely doubt that anyone will ever cause a stink or make a big deal out of it. But in some cases you could be breaching the terms of service by logging into someone else’s account, even if it is your loved 1 who’s passed and you’re trying to, you know, recover your life out of their account. So it can be interesting.

Alex Tilley [00:32:42]:
I wouldn’t I I even hit that dimension that because it’s something that of of all the things to worry about, that’s the least thing to to worry about. But it is something to think about the the way we, architected the accounts around, you know, not accessing not sharing passwords, etcetera, like that. We are sort of necessarily going against our best advice. And I don’t think there’s an easy solution to that because it is a case of this will only hope hopefully have only ever happened to Aegis a couple of times, hopefully. And so therefore, as you say, it’s not really talked about front of mind. It’s not like a daily occurrence, hopefully. So it’s sort of lower down on the list of scenarios to plan for in in engineering their apps or whatever like that. But it is something that we all will have to face once or twice in our lives.

Alex Tilley [00:33:31]:
So, yeah, could could we be breaching agreements by trying to do that? I would think in some cases, yes.

Karissa Breen [00:33:38]:
That’s interesting point, Ashley, just speaking about that. Who you would be, though, if it’s like, maybe there are concessions to be like, okay. You know, KB is not here. Husband calls up. Therefore, it’s like, well, he’s not really breaching terms of service because there’s this concession in place because of the situation. I I get it that, like, if someone’s going to be that strict, like, that’s a lot. Yeah.

Alex Tilley [00:34:02]:
I I don’t imagine it really, really happened, but it is just something to sort of think about, like, when we’re doing them. 1 1 key bit, though, actually, dear listeners and for yourself also is the death certificate will take longer than you think to arrive because there’s obviously there’s processes to go through to get to it. And a lot of the services that you use will require a death certificate before they can give you any to sign anything over to you. So there is this strange sort of lag period between, you know, yeah, let’s be honest, leaving the hospital and dealing with the funeral preparations and then getting documentation that you need to then move on with your life ballistically. So it is something that just to just to be a little bit aware of that. Yeah. That that just did get can take I don’t know. I I forget.

Alex Tilley [00:34:47]:
I think it was a little bit over a month for it to come through for us. And in that times, a lot of services online were saying, yep. That’s totally fine. We do have process and it will be easy, but we need that that that you get to start with. So things like super funds and self managed super funds, etcetera, like that. Yes. We can unlock that that stupid that’s in, you know, a joint depenuation or a joint retirement savings account for our American friends. But we to do that, we’ll need it.

Alex Tilley [00:35:14]:
And oftentimes, again, it’s something that I never really wanted to know, but it is worth other people not having to go through 1 of the way I learned it is. If someone dies in a hospital in anything but the most vanilla circumstances, I think even in any circumstances, when someone goes in hospital, there is a process that that happened there, and there’s a possibility of an investigation or an inquiry or, an autopsy, which again can delay the issuing of the death certificate until those findings are, you know, found. So all of these things will be happening by other people. That’s fine. Like, there are obviously processes to keep those things off, but you will have to wait for that documentation to then go to then those services or bank accounts, etcetera, that you need to then rest control of holistically and properly and change, you know, joint account names, that sort of thing. So, yeah, there’s just a little bit of lag from there. These things don’t happen instantly, but some things seem like they need to, which is a strange sort of situation to be in.

Karissa Breen [00:36:12]:
Another question, and I’m curious now to know. So, for example, you said the death certificate death certificate can take a little bit of time to arrive, but then you’re gonna have, like, okay, like a telecommunications provider. It’s like, hi, Carissa. You haven’t paid your bill. Well, I don’t know around to pay it, and no 1 else really knows about it. Do they just then shut off? Do you have to pay the last month? Like, does it then backdate to the the desk? Like because in some companies where they try argue it to be like, well, you didn’t inform us for so long while I was I was waiting for the death certificate, and that wasn’t it. How does that sort of work then?

Alex Tilley [00:36:44]:
Yeah. It’s it’s a wild 1. And, actually, thank you for reminding me. 1 thing that I suppose may have exacerbated some of the situation, which brought it to a bit of a a head for us was that very early on in the pit, like, very early on, may maybe a week or 2 after after my dad passed, mom got contacted by their bank that they’re basically, yeah. You know, your credit card’s been compromised. They’ve got issue you with a new credit card. And cool. That’s again, in normal times, that’s just an annoyance you go through and have to deal with it.

Alex Tilley [00:37:16]:
But it’s like, okay, We haven’t had the deviate yet to change over the group, the joint account to 1 name. The credit card’s linked to the joint account, which there is not 1 signatory of to do the changeover. So it started this whole mess as well because all of a sudden she needed a new credit card because someone had hacked probably an online shop somewhere that they’d use at some point. You know what I mean? So that made things a little bit worse. But, yeah, it it really did bring in to sort of focus. Okay. We’ve gotta pay these bills. What’s going to happen? And I had, I had had this conversation several times.

Alex Tilley [00:37:48]:
I said, listen, mom, they want their money. So they’re not going to cut off your electricity if you don’t pay the bill this week. And it’s like, you know, that fear of, if I don’t pay today, the lights go off and the car stops working or, you know, whatever the theory is. Because again, you’re in this heightened state of anxiety. So it’s like, listen, we’ll worry about that later on. They’re not going to cut off your water. You don’t pay the bill because the credit card has just been canceled in this whole thing. So it is that situation of just we’ll get through this, and you can call them and sort of explain the situation.

Alex Tilley [00:38:19]:
And I can’t speak for all of them, but the the the we used work, what understanding and sort of said, okay. Listen. We’ll that service clearly hasn’t been used since this date. So we’ll sort of work with you to no longer charge you for that service. Things where you bought a yearly subscription, you’re just going to have to wear that, unfortunately. And given that my father passed early in the year, there was a a couple of, you know, still had 10 months to run sort of subscriptions that we just had to wear because, honestly, at that point, it was just about getting the mortgage paid and getting, you know, keeping the lights on type of thing. So, yeah, it definitely will come around. And as always happens when you’ve had to change your credit card, eventually your yearly direct debit or automatic charge, it’ll get dishonored.

Alex Tilley [00:39:03]:
And then that’ll open up a little wound and you’ll have to go, that’s right. Dad did pay the game or whatever it was. And you’ll have to go through that process again, which again is, is nothing particularly major, but are these little setbacks that will happen for, I suppose, a good year or so until it’s all sort of taken care of. And then again, with, as you mentioned, right right at the top, Facebook memories, iPhone photo memories, you know, Google memories, that sort of stuff, these things will keep coming up with that the whole other kettle of fish.

Karissa Breen [00:39:30]:
The only thing is as well is what are, like, credit score and things like that? So going back to your point on, oh, like, I haven’t paid the bill. Like, they’re gonna cut my electricity off, which is, you know, fair enough for you to have. Obviously, you’ve got these credit score companies like, well, I haven’t paid your bill. It goes out well. Chris is not here. Like, do you think that, especially if you’re in a marriage with someone, it can have, like, flow in effects. Right? If you’ve got a joint mortgage or, you know, joint loan, like, all of those things can impact into your spouse. Right? So is there things like that that can be reversed? Because I’ve you know, from my experience, I’ve, you know, I’ve seen that they say, well, no.

Karissa Breen [00:40:04]:
We can’t we can’t reverse that. You know, I worked in a bank and stuff before. Like, you know, this is this is what it is. So, like, how does that sort of work?

Alex Tilley [00:40:10]:
The credit history is written in Dell’Linc. Right? Remove bad marks. Isn’t that the Google term to search for for yourself, remove bad marks from credit history and try and see how you go. But luckily enough, we live out to go down that path, but I would imagine definitely, especially if you are missing mortgage payments because you’re trying to organize things or, you know, in an extreme case, people may not know that they were still paying a mortgage. I mean, let’s be really, really, really honest about it. This is a certain generation of people who potentially 1 partner did do the bulk of the financial work, the family. You know? Very much a possibility. And it was all just set up, and it all just worked.

Alex Tilley [00:40:46]:
And when they vanish, there can be situations where you don’t know there was a bill that you had to pay. Just simply don’t know. And especially in these days, you know, to use a microcosm example, things like car registration. Car registration is done, I think, in most states now via email. Right? It’s no longer you no no longer get a letter in the mail. I got caught by that once, actually. I if that happened to to you in a relationship, they could there was an email address that simply you didn’t know about or that you weren’t privy to or that you hadn’t considered the year to get access to again. And that’s the 1 that gets these renewal license renewal note to all of a sudden.

Alex Tilley [00:41:25]:
You can be in a fair bit of trouble, you know, a year or so down the line when these renewals get ignored or just simply don’t get action because you don’t see them because you didn’t know they existed or that they were going to that account. So part of that list of things to do could be, okay. Well, when did we pay the the car rego? When did we pay the insurance? When did you pay the life insurance? Hopefully you’ve got some life insurance through super funds or whatever the case may be. But to extend a part of that planning for your own digital life to understand what do I have? You know, and oftentimes if we’re lucky enough to have an employer or we were lucky enough ourselves to do private health insurance, we do get some sort of coverage for death or permanent disability through that. Understanding what you actually have, you know, we often talk about that with, you know, technology solutions for security problems. Right? It’s like, oh, you’ve gotta buy the lead scene and you gotta have the the the coolest new, you know, monitoring monitoring technology or whatever the case may be. Oftentimes, you’ve already got it as part of some other bundle that you’re already paying for. You just didn’t know about it yet.

Alex Tilley [00:42:26]:
I think it’s true oftentimes with our life and our our our not being here anymore. Oftentimes, we do have some types of cover that we just didn’t know about. And, you know, a a few grand here or there can make a big difference if you’re trying to desperately, you know, regain control of your life whilst dealing with the maelstrom around you. So understanding those types of things, you may not need full on life insurance, but maybe you’ve got a little bit of cover by your, you know, your your Subaru or your unit or whatever, maybe your private health. It could be worth understanding that because I know myself, when I was younger, I wouldn’t even have thought about it. Wouldn’t even have thought about it. It wouldn’t have even thought about it. It wouldn’t have crossed my mind.

Alex Tilley [00:43:07]:
I had permanent disability insurance cover through my private health or whatever the they wouldn’t even did it.

Karissa Breen [00:43:14]:
Yeah. Well, I think, you know, you come in the show today has actually, you know, given people something to think about, perhaps. I don’t think a lot of people are actively thinking about this, but I’m glad that you came on to share your own personal experience. And, again, I’m sorry about your your dad, but I hope that your story can encourage other people to take more proactive steps. Alex, is there anything sort of you’d like to leave our audience with today? Any closing comments? Final thoughts?

Alex Tilley [00:43:37]:
Yeah. I would love to mention, so I’m 1 of the directors of, Australian security conference slash cancer charity fundraiser called security2cure. That’s security, the number 2, cure.com.au. We had 1 last year. It’s basically set up by a few of us who have been touched by cancer, myself and my father and a few of the other organizers as well, around it’s around getting security conference together, but all proceeds and all all funds raised, we put to answer research. And we do have a bit of a focus on somewhat on the sort of personal aspects security, be they mental health or, you know, dealing with burnout, that sort of stuff, as well as traditional security topics. And we do some good panels with people. We’ll talk about I seem to be getting a bit of a name for talking about uncomfortable topics, but yeah.

Alex Tilley [00:44:30]:
So security2secure.com.au. We’d love to have you along. We we’re doing 1 in Brisbane on August 9th and Sydney on August 23rd this year. They’re really good fun. Don’t let me make it sound like it’s more than bad. It’s not great. I’m good for everyone to get together.

Alex Tilley [00:44:46]:
Plus, it’s helping a really good board. So, yeah, that’s where I like to play.

Share This