Responding to Identity Theft, Fraud and Cyber-Crime
When dealing with cyber-crime, an ounce of prevention is truly worth a pound of cure. Cyber-crime can appear in many forms, but recently we’ve seen an ACRA Member Accounts Managers email was compromised. Thankfully the person who received the emailed invoice was smart enough to question this after ALMOST processing the payment to the fraudsters. They phoned the Member who confirmed they didn’t send the invoice, which was a six figure amount, and then swiftly executed their Cyber Crime action plan. They had identified that the unknown parties had attempted to divert funds which were meant to go to our Member to an unknown HSBC account claiming it was a “one-off situation due to technical issue with the bank”.
If it doesn’t seem right, question it. Call a number that is NOT on the email or invoice.
Do you have an Cyber action plan in place?
If you don’t, you need to have one in place NOW. At ACRA we perform two updates daily of our Internet Security scan, first thing in the morning and again after lunch even though its constantly working in the background it’s always good to “push” for a scan at least once a day, and shut your PC down at the end of every day.
- Use a VPN especially when using online banking/transactions.
- Check your online statements daily for any anomalies.
- Change passwords for banking and email accounts every at least once a month.
- Make sure you have an external back up of your accounts and important documents, don’t just save to the cloud or places like drop box.
- Have a two-key authorisation in place wherever possible.
Developing a Cybersecurity plan is essential for any business/organisation, it keeps you safe as well as your customers. The main Cybersecurity functions are:
Risk and compliance: An effective risk and compliance or governance function will help your organisation to identify what needs to be protected and how best to go about it. To do this well, you need to identify your assets, know your risks, choose your controls, and have the right policies in place.
Security administration: This is a fairly standard function, but nonetheless an important one. Security administration covers tasks such as adding and deleting users, managing access and conducting reviews.
Security architecture and design: This function liaises closely with the business to better understand their requirements, identify products that are needed and manage the impacts. In other words, it identifies what needs to be protected and how you will be sure it’s protected well. Early engagement with the business is key to success here.
Security operations: This function detects, identifies and responds to the workloads that come your way. The main objectives are to achieve visibility on networks, servers and endpoints, and ensure that all tools are working to deliver their intended purpose.
If your business doesn’t have a cyber security policy, you could be leaving you and your business vulnerable to attacks. Create a cyber security policy to protect your business from online threats, and plan how you would respond if an incident occurred. The Australian Government has developed a site to help you in creating a Cyber Security Policy for your business. Click here to get started. https://www.business.gov.au/Risk-management/Cyber-security/How-to-create-a-cyber-security-policy
What authorities do I report to?
If you suspect/or have been scammed we encourage you to report to the ACCC via the report a scam page. This helps to warn people about current scams, monitor trends and disrupt scams where possible. Please include details of the scam contact you received, for example, email or screenshot. https://www.scamwatch.gov.au/report-a-scam
If you or your business are a victim of cybercrime, please report it in the first instance to the Australian Cyber Security Centre. https://www.cyber.gov.au/acsc/report
Criminals make things difficult and painful for us, but we can make things harder for them by being vigilant and Stay Smart Online. ACRA is a sponsor to the Australian Cyber Security Center (ACSC) Stay Smart Online program. We suggest all ACRA Members IT Departments subscribe to the https://www.cyber.gov.au/ to keep on top of the daily alerts which are listed as CRITICAL, HIGH or MEDIUM.
If you are located in New Zealand, we encourage you to report to the National Cyber Security Centre (NZ) www.ncsc.govt.nz
The ACCC has a great resource called the Little Black Book of Scams – Pocket-sized guide