Cyber Crime (Part 2): Guarding Your Digital Fortress

Cyber Crime (Part 2): Guarding Your Digital Fortress

Cyber-crime is a criminal act perpetrated in the online environment, whilst cyber-security is the act of protecting information and the network it resides in.

Despite record spending on cyber security, Australia is losing more than $33 billion annually to cybercrime. Why? Because while cyber-security efforts are laser-focused on safeguarding data and networks, most cyber-criminals are playing for a different prize – your money.

Cyber Security vs Cyber-Crime

This is why a cybercrime strategy that brings together elements of your organisation’s cyber-security strategy and elements of your financial controls is critical. Both elements should be aligned to contain the threat of cybercrime.

A cyber-crime strategy is like a double-locked vault: one lock for robust cyber-security, the other for financial controls. The first lock is designed to thwart hackers, keeping your digital assets secure. But we all know that sometimes, despite our best efforts, breaches occur. That’s where the second lock comes into play. Comprised of financial safeguards and controls, this lock is your last line of defence to minimize both the damage and cost of a breach.

It’s not just about keeping intruders out; it’s about ensuring they leave empty-handed.

Cyber-Security Strategy + Financial Controls = Cyber-Crime Strategy

Five Elements of an Effective Cyber-Crime Strategy

1. Training

Many organizations have been delivering cybersecurity training as if they’re running an IT class— focused on the nitty-gritty of secure passwords, multi-factor authentication, and phishing email identification. But cybercriminals aren’t sticking to a script so neither should we.

So how do you design a good cyber-crime training program?

Rule #1: Empower, Don’t Scare
Scaring your team with tales of invincible hackers might make for a good thriller, but in real life, the goal is empowerment. Sure, cybercriminals are savvy, but they’re still human. Train your staff to be the guardians of their own digital fortress.

Rule #2: Make It Relatable
Training needs to hit home. Use case studies that echo the exact risks your organization might face i.e. what happens if a key supplier gets breached. Don’t talk about theoretical threats; prepare them for scenarios they could very well encounter.

Rule #3: No One Likes Long Lectures
Remember school? Facts crammed into your brain were easily forgotten, but the games you played at recess? Those stuck. Sprinkle in a bit of fun with quiz games or cyber escape rooms. Make learning about cyber threats as engaging as it is educational.

Rule #4: Baby Steps
A feast of information is overwhelming. Serve knowledge in bite-sized portions, focusing on one key concept at a time. This ensures that crucial details aren’t lost in a wave of facts and figures.

Rule #5: Make It Personal
Want to get their attention? Show how these skills can save them from personal heartache. Illustrate how the same techniques to detect work-related cyber threats can help them sniff out scams outside of work.

Cyber-crime training is not a “one and done” type of deal. Cyber threats evolve, and so should your training. Opt for shorter, more frequent modules that sync with the fast-paced world of cybercrime. That way, your team isn’t just ticking off a box; they’re adapting and growing, capable of spotting the red flags that could save your company—and themselves—from staggering losses.

2.Culture

The strongest arsenal you have in the war against cyber-crime is your team. Every employee you pass, from Janice at the reception desk to Mark in accounting, is your modern-day battalion.

But how do you turn an office full of people with varied job descriptions into a unified force against cybercrime? By cultivating a culture.

  • Open Communication: The Foundation of Trust
    First and foremost, you need an atmosphere of trust, and trust is built on communication. It’s not enough for management to send out an annual memo outlining cyber risks. There should be continuous, two-way communication about the company’s strategy to combat cybercrime.

You never know where the next great idea will come from. Maybe someone from the Accounts Payable team will identify a loophole in payment processes that’s begging to be exploited.

Everyone needs to feel comfortable sharing their observations and insights. Trust leads to open dialogue, and open dialogue leads to solutions.

  • A Safety Net for Whistleblowers
    The second pillar of a cyber-safe culture is fostering a safe environment for raising red flags. Imagine a scenario where an employee observes suspicious behaviour— perhaps a manager is bypassing security protocols. Reporting this could potentially save the company from a catastrophic data breach, but what if the employee fears retribution? That’s where you need to establish clear protections for whistleblowers. By creating an anonymous reporting channel and assuring staff that their concerns will be taken seriously—and without personal repercussions—you empower them to act.

This isn’t just about establishing protocols; it’s about imbuing your company culture with a sense of collective responsibility. Remember, cybercriminals only need to find one weak link in the chain. But when everyone is vigilant, from interns to CEOs, that chain becomes a lot stronger. And in the game of cyber cat-and-mouse, strength in numbers isn’t just an advantage; it’s a necessity.

3. Internal Controls

If your employees are the knights defending the castle, the internal controls are your drawbridge, your moat, and your watchtowers—systems meticulously designed to defend against the ever-changing strategies of online bandits.

According to CPA Australia, robust internal controls should satisfy the following goals:

  • Alignment with Business Objectives: Just as every brick in a castle supports its overall structure, your internal controls must integrate seamlessly with your business goals.
  • Safeguarding Assets: Imagine a vault in the innermost chamber of your castle. Your internal controls should act as that vault, safeguarding both physical and financial assets from theft and fraud.
  • Fraud Detection: Like watchtowers equipped with the finest archers, your systems should be ready to spot and neutralize fraudulent activities the moment they occur.
  • Facilitating Management: These are your managers! Think of them as a war council, where leaders get real-time information on how well the castle is holding up and where defences might be weak.
  • Performance Accountability: If a knight fails to defend his post, there must be a clear protocol for dealing with such failures. Similarly, your internal controls should include mechanisms for holding people accountable for poor performance.
  • Risk Mitigation: By continually adapting your defences, like adding moats or upgrading artillery, you can minimize the impact of any unexpected attacks.
  • Financial Reporting: Finally, picture a scribe meticulously documenting each battle, loss, and victory. That’s what proper financial reporting does; it ensures that the records are accurate, complete, and compliant with legislation.

So, when considering your company’s cyber-strategy, remember: Every stone, every guard, and every strategy contributes to fortifying your modern-day castle against the relentless siege of cyber-criminals.

4. Pressure Testing

You might think of your organization as a well-oiled machine, but even the most advanced machines have breaking points.

Consider pressure testing – a methodology that helps you determine whether your policies, processes and procedures are up to the task of mitigating a particular cyber-crime risk. This is one of the most effective ways to identify vulnerabilities in your internal controls, as well as how to strengthen those controls.

So, what does this look like in practice?

Cyber Crime Strategy - Decoy Email

Decoy CEO Email
If your team gets an email from your CEO or CFO, requesting urgent payment transfers, would they recognise the signs of a scam or blindly comply?

Cyber Crime Strategy - Counterfeit Supplier Drills
Counterfeit Supplier Drills
Simulate an email or phone call from a ‘supplier,’ asking to change bank account details for future payments. Will your team change the account info without confirming the identity of the ‘supplier’?
Cyber Crime Strategy - Tricky Invoices
Tricky Invoices
How closely do your team scrutinise invoices? Would they catch a phone number that’s been manipulated? Would they spot an invoice for goods that the company never actually ordered? How about duplicate invoices?
Modified GST or ABN
Send fake invoices with false GST or ABN details to check if regulatory compliance checking is taking place.

Keep your team sharp and your internal controls effective. Make these tests routine so the next time a real threat knocks on your door, your team will be ready to slam it shut.

5. Technology

In the ever-evolving landscape of cyber-crime, standing still is like treading water while the current pulls you under. Criminals are continually updating their arsenal of tactics, so what worked yesterday may not protect you tomorrow.

So, what’s your game plan? People and processes, your first line of defence, have their limits. They’re fallible, and sometimes, they’re the weakest links that cyber-criminals aim to exploit. Enter technology, the unsung hero that can automate and standardize manual processes, diminishing the room for human error. With the right technology, you can layer your security, creating a more resilient barrier even if scammers manage to dodge your other safeguards.

Take, for example, LastTick, a banking credential management tool developed by Tailored Accounts. This isn’t just a piece of software; it’s a sentinel. By monitoring Electronic Funds Transfer (EFT) payments, LastTick acts as a vigilant watchdog, sniffing out inconsistencies that could signal fraudulent activity. For Tailored Accounts, LastTick has been a game-changer, offering a much-needed layer of security that brings peace of mind when transferring funds.

But don’t get too comfortable. Keep your ear to the ground for emerging technologies that can fortify your cyber defences, because rest assured, cyber-criminals are doing the same.

In the fast-paced world of cyber-crime, staying ahead is more than just a goal; it’s a necessity. By leveraging an effective cyber-crime strategy, you equip your organization with the tools needed to combat evolving threats. It’s not just about preventing a breach today; it’s about preparing for tomorrow’s challenges and ensuring the continued safety and prosperity of your organization in the digital era.

More Resources

Source: Eftsure
Compiled & Edited by Tailored Accounts

Read More

Pizza Hut, Dymocks, Coles, Optus, and Medibank are just some of the household names that have fallen victim to cyber-attacks within the last year. 

Nearly half of Australians were involved in a data breach in the year leading up to March 2023. ASIC chair Joe Longo warns that directors are under regulatory obligations to fortify their organizations against cyber threats and build digital resilience.

In today’s rapidly changing world, crafting better work environments is no longer a luxury, but a strategic requirement. Fueling productivity, nurturing loyalty, and uplifting well-being, a vibrant work environment is a transformative space where employees thrive, not merely survive. 

Read on to discover how to make this vision a reality.

In an era defined by technological innovation and rapidly evolving markets, accountants face two great challenges: shaking off their dusty, number-crunching image and enticing young talents who would rather be anything other than “that boring numbering guy.”

So how can we reinvent the wheel, or in this case, the balance sheet?

Be the first to access articles like these and more by subscribing to our newsletter.

Tailored Accounts © All rights reserved.