Searching for weaknesses in an organisation’s IT system and security protocols, criminals are increasingly focusing on the human link to achieve the cyber theft of data, passwords and money. Human nature gives us a natural curiosity or propensity to trust, which cybercriminals see as a tool for exploitation and manipulation. Not only is it possible for bad actors to trick people into giving away sensitive information, but all it takes is the actions of a single employee to chink the security armour of an entire organisation.
9 Measures to Avoid Cybercrime
What measures can you take to stop cybercriminals in their tracks and protect your operations, revenue and people?
The increased sophistication of attacks that exploit the human link was identified as a trend at an Equifax round table with cybersecurity experts from the global and Australian business communities. The message from the round table is that building an enterprise-wide security culture is as crucial as investing in top-tier cyber capabilities. There’s a need for ongoing vigilance across all levels of an organisation. Cybersecurity preparedness and spotting the traps set by cybercriminals is everyone’s responsibility, from the newest employee to the Chief Information Security Officer (CISO).
Here’s how to begin:
1. Get boardroom buy-in
Sponsorship from the CEO – or someone in line with the CEO - is crucial to embedding a cybersecurity culture. Senior leaders must be onboard with driving the mobilisation of resources and scheduling action-oriented conversations about how to prepare and defend against emerging threats.
At Equifax, we have changed our organisational structure to elevate security to report directly to our CEO and strengthened how our Board members assess key risk areas across the business. Equifax Security manages our Enterprise Threat Level, which adjusts based on a range of factors. We have a series of predefined processes for each threat level that activate various actions from our team and are regularly reported to senior leadership and the Board.
2. Conduct a threat assessment
Conduct a threat assessment to better understand the possible bad actors, their targets and motivations. While external threats are a common focus, be sure your review includes the potential scope of insider threats. These can vary widely from the deliberate actions of a malicious insider to the innocuous act of an employee clicking an infected link or being scammed into revealing their credentials. Using unauthorised devices and third-party software can also open up vulnerabilities that lead to security breaches and data breaches.
3. Engage your entire team
Understanding cyber risk starts with understanding your organisation and building a security-first culture. Talk to many people from different parts of the business to gauge your organisation’s risk appetite and the potential risk of a member of your workforce getting exploited by threat actors.
4. Be accountable
Don’t just educate your workforce about cyber risks and hope the message sticks. Build accountability into your training programs using KPIs and regular assessments to cement the right behaviours.
Following an attack by hackers in 2017 on the Equifax US network, the global rebuild of our security and technology infrastructure was accompanied by a rigorous employee security training program with monthly simulations and individualised scorecards for measuring security behaviours. In 2023 we conducted 210,406 global and 12,169 targeted simulations to test our workforce's response to potential security concerns. Over 23,000 employees and contractors received security training and the maturity of our security program increased again, outperforming all major industry benchmarks for a fourth consecutive year.
5. Choose a tailored approach
No blanket solution will fit all organisations. Businesses of every size and industry are dealing with a proliferation of security challenges, so your strategy should embrace the unique risks, governance practices and people, culture, cost structures and market position of your organisation. Focusing on the ‘Four Pillars’ is helpful:
- Prepare for the worst
- Prevent it from happening
- Protect your assets
- Pursue those responsible.
6. Use clever messaging
Constantly reinvent, tailor and test your internal cybersecurity messaging to keep it relevant to your employees. Favour year-round continuous learning over one-size fits all training material. Get expert help to learn how to deliver messaging in small, easily-digestible chunks. With complex topics like phishing and distributed denial-of-service, aim to educate employees in depth about how to respond and react to a single threat at a time rather than providing an overload of general information.
7. Remain nimble
Have a plan but prepare to change it. The cybersecurity landscape is constantly evolving. It's crucial to assess the risks and plan for them but remain nimble in your approach. Be prepared to pivot around the plan - fast.
8. Collaborate with others
More communication, collaboration, and transparency equals stronger security. At Equifax, we routinely engage with stakeholders worldwide – executives and policymakers, academics and intelligence officials, trade associations and small business owners – to advocate for more robust cybersecurity. We’re helping others prepare for and defend against emerging threats by leveraging our expertise and sharing best practices.
9. Monitor for red flags
Providing your employees and customers with a credit and identity monitoring service is a useful measure to include in your cybersecurity prevention strategy. The sooner people are alerted to a cybercriminal trying to steal their identity and open accounts in their name, the sooner they can take action to minimise the damage.
A subscription service like Employee Protect can help your employees manage this risk with measures like credit score tracking, alerts for key changes to their credit report and alerts if their personal information is discovered on the dark web. Equifax Protect is an equivalent service designed to safeguard your customer’s credit profile and identity.
Ready to take action?
Equifax can help you raise the bar to out-smart, out-work, and out-innovate cyber criminals.
Contact us to learn more about how our differentiated data, innovative analytics and advanced technology assists in the prevention of cybercrime.
Related Posts
Businesses collect and process vast amounts of data, and often overlook the importance of ensuring the data is accurate, reliable, relevant, complete, consistent and timely. For a data-critical sector like insurance, the process of cleaning data to fix inaccuracies, incomplete, duplicate or wrongly formatted records holds valuable benefits.
Establishing real, demonstrable trust in a person’s identity is essential for Australia’s 26.7 million people to transact online safely and effortlessly, levelling the playing field for credit access and fuelling our digital economy.