Businesses urged to prepare for rising scam threat in 2024
Accounting firms and other businesses should think carefully about payment procedures and vulnerabilities across systems with scams likely to be rampant again next year, warns Hayes Knight.
Accounting practices should be developing cyber response plans, providing training for staff, reviewing controls for payment procedures and invoices and undertaking testing on systems to help protect them and their clients against the threat of scams in 2024, according to Hayes Knight director Ray Itaoui.
Mr Itaoui said accounting practices and the clients they deal with are being inundated with scam messages and emails with scams also becoming increasingly sophisticated in recent years.
“There are some really sophisticated scams out there targeting vulnerable systems and users. What’s really important for any business to understand is that it’s not just the actual systems that are vulnerable, it’s also the users and staff,” said Mr Itaoui.
“Staff training is crucial. If staff aren’t aware of what is going on or what they should click on and what they should avoid and how to address potential scamming emails, then there is a key vulnerability in that business.”
As businesses prepare for 2024, Mr Itaoui said he is encouraging his business clients to undertake ongoing phishing testing and to put in place a cyber response plan as well.
“Phishing testing involves constantly checking and testing systems to identify vulnerabilities and ensuring staff are not clicking on things they’re not supposed to,” he said.
“It’s like a pre-emptive attack to identify any issues or form a response plan in the unfortunate event that somebody in the business is exposed or targeted and that there is a clear responsibility in place.”
The response plan can include considerations such as where records and databases are stored and where the backup information is if the information is ransomed by scammers.
It is also important that businesses have controls on payment procedures and invoices as well, according to the accounting firm.
“In some of the scams that our clients have been caught up in, they’ve received an invoice from a supplier and they’ve paid that invoice but the invoice details have changed because a scammer has hacked into that network,” said Mr Itaoui.
“They didn’t suspect anything because it all looked the same but the money has gone overseas to someone else and can never be traced again.
“So it’s really important to have controls around payments and paying any new invoices to different bank accounts. You need to have the appropriate procedures to ensure that those mistakes aren’t made.”
Mr Itaoui said that one way of mitigating the risk with new invoices may be to transfer $1 over to get a payment receipt that the $1 has been received.
“They can also do a simple check with the person. If I’ve received an invoice in an email, I’ll call the supplier and ask them to confirm the BSB and account number over the phone with me. That way I have a second confirmation of those details.”
About the author
