1 million reasons why businesses need to invest in cyber security

When Peter Smith set out to buy a property, he had no idea he was about to fall victim to a sophisticated scam that almost cost him $1.2 million. But, thanks to Westpac’s employee training for cyber scams, this major crisis was averted.

So what happened? 

Smith was buying a property with a trusted conveyancer who he’d worked with before when he received an email detailing the final step – sending the $1.2 million to purchase the property. Everything about the email seemed legitimate – the timing, the sender’s email address, and even the language reflected previous communications.

But unknown to the buyer, cybercriminals had compromised his conveyancer’s email account and sent him fraudulent payment instructions. He was prepared to transfer the funds when his Westpac Banker, Diane Zhou, intervened. Zhou called the conveyancer to verify the account details – a simple task that saved Smith from losing his money! Through the phone call, Zhou discovered that the conveyancer hadn’t sent the email, the bank details were not the conveyancer’s and they weren’t aware of the scam activity targeting their firm.

This near-miss highlights a critical pitfall for business owners – cyber criminals can and will access your information if it’s not secure.

What are payment redirection scams?

The type of scam identified by Westpac is called a payment redirection scam. They occur when cybercriminals infiltrate email accounts or communication channels to impersonate a trusted entity—such as a vendor, supplier, or business partner. Their objective? Redirect payments or transfer funds to fraudulent bank accounts. They often exploit relationships between trusted parties, leveraging familiarity to lower the victim’s guard.

The common targets and risks

• Real estate transactions are particularly at risk due to the large sums involved.
• Small businesses frequently fall victim as they often lack the resources for comprehensive cybersecurity measures.

ISO 27001 can protect your business and clients from these scams. Here’s how.

ISO 27001 is the international standard for information security management systems. Implementing ISO 27001 provides a comprehensive framework to manage and mitigate cybersecurity threats, including scams like payment redirection. Here’s how it can help with protecting company assets from cyber fraud.

1. Enforcing stringent access controls

ISO 27001 emphasises access control mechanisms, ensuring only authorised personnel have access to sensitive data. This can minimise the chances of account compromises like those seen in the case above.

2. Regular risk assessments

Risk assessments under ISO 27001 identify and evaluate potential vulnerabilities in your information systems and communication processes, so businesses can identify and mend these gaps.

3. Establishing strong communication protocols

ISO 27001 encourages establishing secure communication protocols, including mandatory verification processes for financial transactions.

4. Employee training and awareness

Cyber scam awareness training for employees is a business’s first line of defence. ISO 27001 requires regular training to ensure staff can spot phishing attempts, fraudulent emails, or unusual requests.

5. Securing vendor relationships

Under ISO 27001, businesses are required to carefully vet vendors and ensure third parties comply with data security standards. This is critical to prevent compromised vendor accounts, such as the conveyancer in this case, from becoming a liability.

6. Monitoring and incident response

Should an incident occur, ISO 27001 mandates the establishment of incident response teams to quickly handle any breaches. Monitoring tools, aligned with ISO processes, can detect anomalies and raise flags before damage occurs.

How can you protect your business and clients?

ISO 27001 offers a proven framework to shield your business from these increasingly sophisticated online scams. By enforcing rigorous security protocols through certification, businesses can not only protect their bottom line but also build lasting trust with clients.

Don’t leave your business and clients vulnerable to scams – start your ISO 27001 journey today. If this article has raised questions or concerns about your security practices, or how ISO certification can benefit your business, don’t hesitate to contact us here.

About our author

Georgia Theocharous is the Communications Coordinator for Citation Group. She is responsible for crafting content across multiple channels such as blogs, social media, landing pages and email campaigns. In her spare time, you can find her jamming to her favourite music or in the dojo practising her martial arts skills.