Powered by MOMENTUM MEDIA
accountants daily logo

Financial controls ‘best defence for unfair fight with cyber crimes’

Technology

As digital outlaws become more sophisticated, controls that detect and prevent unauthorised activity can put businesses on the offensive, says Eftsure.

By Christine Chen 10 minute read

Businesses that are big on financial controls stand the best chance of combating digital fraud, according to a guide released by security expert Eftsure. 

But this would not be an easy task, according to chief executive Mark Chazan, since cyber criminals were becoming increasingly sophisticated with technology and did not “fight fair”.

“Scammers only need to be successful once, whether that’s getting an employee to click on a malicious link or impersonating a trusted contact,” he said.

“Conversely, organisations need to be successful at stopping these attempts every time – or else they could face serious financial, legal and reputational damage.” 

Mr Chazan, whose firm oversees the security of $180 billion worth of payments annually, said the best form of defence would be adopting strong, updated controls through a “multifaceted approach”.

“One part of that approach should be strengthening internal controls and ensuring that digital fraud prevention is built into finance processes,” he said.

Eftsure’s recently released guide How to write financial controls for effective fraud prevention outlines best practices for developing and implementing financial controls.

Businesses needed to do more than have controls in place – they should stay on the offensive by using strong, updated controls to keep digital fraud at bay, the guide said.

Controls should be aimed at safeguarding financial assets, ensuring data integrity and preventing unauthorised transactions. They could be either preventative, detective, or corrective.

An example of a preventative control would be segregating duties and responsibilities between multiple employees, as it created a system of checks and balances to reduce the risk of fraudulent activities. 

Detective controls included data analytics and audits to evaluate a business’s controls and risk management strategies, while corrective controls included incident reporting, disciplinary measures, and software patches to identify and address issues.

The guide said a key decision for businesses was whether to use manual controls or automation.

While automated controls could save time and minimise human error, not all controls would be suitable. Humans would be better equipped to oversee corrective controls, such as the implementation of new policies, which often required contextual reasoning.

Other controls, such as pre-approving actions and transactions, could feature a mix of automation and manual work. 

“Automation can help enforce and streamline approval workflows, even though a human employee is ultimately making the decisions,” the guide said. 

“The key to having effective financial controls is to integrate various components and implement a combination of manual and automated controls that align with the organisation’s requirements.”

Controls, once determined, should be communicated to employees so that implementation would be collaborative and not a unilateral process. It warned that if controls were ignored or inadequate, organisations might face financial losses, reputational damage, and legal ramifications.

“High-profile attacks like those on Optus, Medibank, Latitude Financial and Coles illustrate that cyber criminals are constantly looking for ways to squeeze ill-gotten money out of organisations,” the guide said. 

According to the ACCC, businesses lost over $23 million due to cyber attacks in 2022, a 73 per cent increase from 2021.

“By staying proactive and responsive to changes, organisations can adapt their controls to evolving risks and strengthen their overall control framework,” the guide said.

You need to be a member to post comments. Become a member for free today!
Christine Chen

Christine Chen

AUTHOR

Christine Chen is a graduate journalist at Accountants Daily and Accounting Times, the leading sources of news, insight, and educational content for professionals in the accounting sector.

Previously, Christine has written for City Hub, the South Sydney Herald and Honi Soit. She has also produced online content for LegalVision and completed internships at EY and Deloitte.

Christine has a commerce degree from the University of Western Australia and is studying a Juris Doctor degree at the University of Sydney. 

You are not authorised to post comments.

Comments will undergo moderation before they get published.