Cyber-crime is a criminal act perpetrated in the online environment, whilst cyber-security is the act of protecting information and the network it resides in.
Nigel Phair, UNSW Institute for Cyber Security and Former Lead Investigator, AFP High Tech Crime Centre
Despite record spending on cyber security, Australia is losing more than $33 billion annually to cybercrime. Why? Because while cyber-security efforts are laser-focused on safeguarding data and networks, most cyber-criminals are playing for a different prize – your money.
This is why a cybercrime strategy that brings together elements of your organisation’s cyber-security strategy and elements of your financial controls is critical. Both elements should be aligned to contain the threat of cybercrime.
A cyber-crime strategy is like a double-locked vault: one lock for robust cyber-security, the other for financial controls. The first lock is designed to thwart hackers, keeping your digital assets secure. But we all know that sometimes, despite our best efforts, breaches occur. That’s where the second lock comes into play. Comprised of financial safeguards and controls, this lock is your last line of defence to minimize both the damage and cost of a breach.
It’s not just about keeping intruders out; it’s about ensuring they leave empty-handed.
Cyber-Security Strategy + Financial Controls = Cyber-Crime Strategy
Many organizations have been delivering cybersecurity training as if they’re running an IT class— focused on the nitty-gritty of secure passwords, multi-factor authentication, and phishing email identification. But cybercriminals aren’t sticking to a script so neither should we.
So how do you design a good cyber-crime training program?
Rule #1: Empower, Don’t Scare
Scaring your team with tales of invincible hackers might make for a good thriller, but in real life, the goal is empowerment. Sure, cybercriminals are savvy, but they’re still human. Train your staff to be the guardians of their own digital fortress.
Rule #2: Make It Relatable
Training needs to hit home. Use case studies that echo the exact risks your organization might face i.e. what happens if a key supplier gets breached. Don’t talk about theoretical threats; prepare them for scenarios they could very well encounter.
Rule #3: No One Likes Long Lectures
Remember school? Facts crammed into your brain were easily forgotten, but the games you played at recess? Those stuck. Sprinkle in a bit of fun with quiz games or cyber escape rooms. Make learning about cyber threats as engaging as it is educational.
Rule #4: Baby Steps
A feast of information is overwhelming. Serve knowledge in bite-sized portions, focusing on one key concept at a time. This ensures that crucial details aren’t lost in a wave of facts and figures.
Rule #5: Make It Personal
Want to get their attention? Show how these skills can save them from personal heartache. Illustrate how the same techniques to detect work-related cyber threats can help them sniff out scams outside of work.
Cyber-crime training is not a “one and done” type of deal. Cyber threats evolve, and so should your training. Opt for shorter, more frequent modules that sync with the fast-paced world of cybercrime. That way, your team isn’t just ticking off a box; they’re adapting and growing, capable of spotting the red flags that could save your company—and themselves—from staggering losses.
The strongest arsenal you have in the war against cyber-crime is your team. Every employee you pass, from Janice at the reception desk to Mark in accounting, is your modern-day battalion.
But how do you turn an office full of people with varied job descriptions into a unified force against cybercrime? By cultivating a culture.
You never know where the next great idea will come from. Maybe someone from the Accounts Payable team will identify a loophole in payment processes that’s begging to be exploited.
Everyone needs to feel comfortable sharing their observations and insights. Trust leads to open dialogue, and open dialogue leads to solutions.
This isn’t just about establishing protocols; it’s about imbuing your company culture with a sense of collective responsibility. Remember, cybercriminals only need to find one weak link in the chain. But when everyone is vigilant, from interns to CEOs, that chain becomes a lot stronger. And in the game of cyber cat-and-mouse, strength in numbers isn’t just an advantage; it’s a necessity.
If your employees are the knights defending the castle, the internal controls are your drawbridge, your moat, and your watchtowers—systems meticulously designed to defend against the ever-changing strategies of online bandits.
According to CPA Australia, robust internal controls should satisfy the following goals:
So, when considering your company’s cyber-strategy, remember: Every stone, every guard, and every strategy contributes to fortifying your modern-day castle against the relentless siege of cyber-criminals.
You might think of your organization as a well-oiled machine, but even the most advanced machines have breaking points.
Consider pressure testing – a methodology that helps you determine whether your policies, processes and procedures are up to the task of mitigating a particular cyber-crime risk. This is one of the most effective ways to identify vulnerabilities in your internal controls, as well as how to strengthen those controls.
So, what does this look like in practice?
Decoy CEO Email
If your team gets an email from your CEO or CFO, requesting urgent payment transfers, would they recognise the signs of a scam or blindly comply?
Keep your team sharp and your internal controls effective. Make these tests routine so the next time a real threat knocks on your door, your team will be ready to slam it shut.
In the ever-evolving landscape of cyber-crime, standing still is like treading water while the current pulls you under. Criminals are continually updating their arsenal of tactics, so what worked yesterday may not protect you tomorrow.
So, what’s your game plan? People and processes, your first line of defence, have their limits. They’re fallible, and sometimes, they’re the weakest links that cyber-criminals aim to exploit. Enter technology, the unsung hero that can automate and standardize manual processes, diminishing the room for human error. With the right technology, you can layer your security, creating a more resilient barrier even if scammers manage to dodge your other safeguards.
Take, for example, LastTick, a banking credential management tool developed by Tailored Accounts. This isn’t just a piece of software; it’s a sentinel. By monitoring Electronic Funds Transfer (EFT) payments, LastTick acts as a vigilant watchdog, sniffing out inconsistencies that could signal fraudulent activity. For Tailored Accounts, LastTick has been a game-changer, offering a much-needed layer of security that brings peace of mind when transferring funds.
But don’t get too comfortable. Keep your ear to the ground for emerging technologies that can fortify your cyber defences, because rest assured, cyber-criminals are doing the same.
In the fast-paced world of cyber-crime, staying ahead is more than just a goal; it’s a necessity. By leveraging an effective cyber-crime strategy, you equip your organization with the tools needed to combat evolving threats. It’s not just about preventing a breach today; it’s about preparing for tomorrow’s challenges and ensuring the continued safety and prosperity of your organization in the digital era.
Pizza Hut, Dymocks, Coles, Optus, and Medibank are just some of the household names that have fallen victim to cyber-attacks within the last year.
Nearly half of Australians were involved in a data breach in the year leading up to March 2023. ASIC chair Joe Longo warns that directors are under regulatory obligations to fortify their organizations against cyber threats and build digital resilience.
In today’s rapidly changing world, crafting better work environments is no longer a luxury, but a strategic requirement. Fueling productivity, nurturing loyalty, and uplifting well-being, a vibrant work environment is a transformative space where employees thrive, not merely survive.
Read on to discover how to make this vision a reality.
In an era defined by technological innovation and rapidly evolving markets, accountants face two great challenges: shaking off their dusty, number-crunching image and enticing young talents who would rather be anything other than “that boring numbering guy.”
So how can we reinvent the wheel, or in this case, the balance sheet?
Tailored Accounts © All rights reserved.