How to Prevent Cybercrime in Your Organisation

Cybercrime: Can it be prevented? 

While there is no silver bullet for the prevention of cybercrime, there are measures your organisation can take to protect your data assets and avoid making it too easy for cybercriminals to breach your network.

Searching for weaknesses in an organisation’s IT system and security protocols, criminals are increasingly focusing on the human link to achieve the cyber theft of data, passwords and money. Human nature gives us a natural curiosity or propensity to trust, which cybercriminals see as a tool for exploitation and manipulation. Not only is it possible for bad actors to trick people into giving away sensitive information, but all it takes is the actions of a single employee to chink the security armour of an entire organisation.

9 Measures to Avoid Cybercrime 

What measures can you take to stop cybercriminals in their tracks and protect your operations, revenue and people?

The increased sophistication of attacks that exploit the human link was identified as a trend at an Equifax round table with cybersecurity experts from the global and Australian business communities. In the red paper Exploiting humans: the new insider threat in cybersecurity, we explain why understanding the human element should be a key measure in your cybercrime prevention strategy. 

The message from the round table is that building an enterprise-wide security culture is as crucial as investing in top-tier cyber capabilities. There’s a need for ongoing vigilance across all levels of an organisation. Cybersecurity preparedness and spotting the traps set by cybercriminals is everyone’s responsibility, from the newest employee to the Chief Information Security Officer (CISO). 

Here’s how to begin:

1. Get boardroom buy-in

Sponsorship from the CEO – or someone in line with the CEO - is crucial to embedding a cybersecurity culture. Senior leaders must be onboard with driving the mobilisation of resources and scheduling action-oriented conversations about how to prepare and defend against emerging threats. 

At Equifax, we have changed our organisational structure to elevate security to report directly to our CEO and strengthened how our Board members assess key risk areas across the business. Equifax Security manages our Enterprise Threat Level, which adjusts based on a range of factors. We have a series of predefined processes for each threat level that activate various actions from our team and are regularly reported to senior leadership and the Board.

2. Conduct a threat assessment

Conduct a threat assessment to better understand the possible bad actors, their targets and motivations. While external threats are a common focus, be sure your review includes the potential scope of insider threats. These can vary widely from the deliberate actions of a malicious insider to the innocuous act of an employee clicking an infected link or being scammed into revealing their credentials. Using unauthorised devices and third-party software can also open up vulnerabilities that lead to security breaches and data breaches. 

3. Engage your entire team

Understanding cyber risk starts with understanding your organisation and building a security-first culture. Talk to many people from different parts of the business to gauge your organisation’s risk appetite and the potential risk of a member of your workforce getting exploited by threat actors.

4. Be accountable

Don’t just educate your workforce about cyber risks and hope the message sticks. Build accountability into your training programs using KPIs and regular assessments to cement the right behaviours. 

Following an attack by hackers in 2017 on the Equifax US network, the global rebuild of our security and technology infrastructure was accompanied by a rigorous employee security training program with monthly simulations and individualised scorecards for measuring security behaviours. Our employee security awareness score has reached a new record of 98 out of 100, and our security capabilities exceed every major industry benchmark in multiple independent ratings. 

5. Choose a tailored approach

No blanket solution will fit all organisations. Businesses of every size and industry are dealing with a proliferation of security challenges, so your strategy should embrace the unique risks, governance practices and people, culture, cost structures and market position of your organisation. Focusing on the ‘Four Pillars’ is helpful: 

• Prepare for the worst
• Prevent it from happening
• Protect your assets
• Pursue those responsible.

6. Use clever messaging

Constantly reinvent, tailor and test your internal cybersecurity messaging to keep it relevant to your employees. Favour year-round continuous learning over one-size fits all training material. Get expert help to learn how to deliver messaging in small, easily-digestible chunks. With complex topics like phishing and distributed denial-of-service, aim to educate employees in depth about how to respond and react to a single threat at a time rather than providing an overload of general information.

7. Remain nimble

Have a plan but prepare to change it. The cybersecurity landscape is constantly evolving. A good CISO will assess the business and the risks and plan for them, but their approach will be nimble. They’ll be prepared to pivot around that plan - fast.

8. Collaborate with others

More communication, collaboration, and transparency equals stronger security. At Equifax, we routinely engage with stakeholders worldwide – executives and policymakers, academics and intelligence officials, trade associations and small business owners – to advocate for more robust cybersecurity. We’re helping others prepare for and defend against emerging threats by leveraging our expertise and sharing best practices.

9. Monitor for red flags

Providing your employees and customers with a credit and identity monitoring service is a useful measure to include in your cybersecurity prevention strategy. The sooner people are alerted to a cybercriminal trying to steal their identity and open accounts in their name, the sooner they can take action to minimise the damage. 

A subscription service like Employee Protect can help your employees manage this risk with measures like credit score tracking, alerts for key changes to their credit report and alerts if their personal information is discovered on the dark web. Equifax Protect is an equivalent service designed to safeguard your customer’s credit profile and identity.

Equifax is constantly raising the bar to out-smart, out-work, and out-innovate cyber criminals. Contact us to learn more about how our differentiated data, innovative analytics and advanced technology assists in the prevention of cybercrime.