The cybercrime sector is estimated to be worth $33 billion in Australia. Not only is this figure underreported, but it also doesn’t consider other losses such as system downtime, decreased productivity, and damage to a business’s reputation. Unfortunately, the relationship between fraudsters and businesses is not equal. While fraudsters have infinite attempts to penetrate an organisation, companies cannot afford to get it wrong even once. Understanding the weaknesses in your processes In businesses, there can be an overreliance on humans, who naturally make mistakes. Fraudsters are quick to take advantage of this flaw. Your business can have great people; however, mistakes can be made when working at volume and velocity. Common mistakes include confusing false emails as legitimate, clicking on scam links, or conducting poor quality control, which can result in the transfer of confidential information and payments to a cybercriminal. The false supplier fraud technique is one of the most prevalent cyber-attackson companies. This involves fraudsters impersonating suppliers, contacting a business’s finance team members, and notifying them of changes to bank details. The cybercriminal will use the same email address and template as the original supplier. As the emails appear authentic, it is difficult to recognise the fraud, leading to funds being transferred to a fraudulent bank account. 2-Factor Authentication (2FA) A single method of authentication is no longer sufficient. With the advancement of cybercriminal activity, another barrier must be introduced between your business and fraudsters. 2FA has become an essential measure to protect your business. As consumers have become more aware of online criminal activity, the demand for tighter security has increased. Consumers are veering away from organisations that do not offer secure platforms in favour of businesses that make them feel comfortable and confident sharing their personal data. 2FA offers an extra layer of security by asking for another piece of information after the username and password have been provided. Factors that could be requested from your customers or employees include a PIN, something in their possession like a credit card or a biometric pattern like a fingerprint. WFH and its impact on cyber and financial security The work-from-home (WFH) environment has rapidly changed how we work and created new challenges. A recent study found that 72% of businesses believe their risk of fraud rose during the COVID crisis, linking the rise to their employees working from home. Due to the speed at which COVID impacted day-to-day operations, businesses had little time to adapt and implement strong IT measures to coordinate financial activity, making it easier for cybercriminals to identify procedural gaps. Fraudsters are outpacing financial security measures, resulting in long-term effects for businesses. Identity verification is an essential tool for combatting the advancement of cybercriminal activity. As more and more people WFH, employees lose the opportunity to interact with their colleagues and observe their language and wording. This makes it difficult for employees to compare and identify possible fraudulent behaviour. Tactics and tools to use to support your team from Cybercriminals Introduce automation controls that do not rely on human processing Cybercriminal activity is constantly evolving, and fraudsters are innovative. It is essential to keep your employees aware and informed of new behaviour. It is essential to create a culture where your employees feel comfortable reporting fraudulent behaviour and potential mistakes they may have made. Prioritise password hygiene by having your employees change their passwords regularly and use different passwords for each platform. Have an efficient and timely onboarding and offboarding process to prevent employees from accessing restricted information. Ensure your employees are operating on a secure network and follow prompts from the IT department to update when requested. Make sure you know your organisation. Regularly ask yourself – who is in your business? Do they understand potential financial threats? Where else may you be vulnerable? Cybercriminal activity is dynamic, deceiving, and becoming increasingly harder to identify. Your business needs to adapt and implement robust procedures to support your team when they are under siege.