An increase in transactions, storage of consumer information and mobility solutions are all posing new fraud risks for aged care organisations, sector advisors have warned.
Everyone in an aged care organisation from the board down has a role to play in ensuring ICT security and preventing fraud, Grant Thornton principal John Picot and partner Matthew Green told the Information Technology in Aged Care conference in Melbourne this week.
Mr Picot said transactions were decreasing in size but increasing in volume and the building of sales profiles meant more information on potential customers was being kept. Competition was also driving a greater digital presence across multiple channels and mobility solutions for the workforce and customers were opening up new access points to data.
“Our businesses are more exposed than they have ever been to fraud,” said Mr Picot.
He said ICT fraud happened because there was incentive, which was usually money, rationalisation, such as from a disgruntled employee feeling they were owed something, and opportunity.
While not much could be done about the incentive and rationalisation, it was within an organisation’s control to manage opportunity, Mr Picot said.
Be prepared and proactive
Highlighting the increase in cyber-attacks, such those that occurred during the recent Census, Mr Green said such large attacks were not the whole problem.
Business email compromise – often called phishing, spear phishing or whaling and all aimed at stealing money – was an increasingly common type of fraud impacting organisations, he said.
Identity theft was highlighted as the fastest growing area of fraud globally.
Mr Green told delegates that in the current environment the historic approach of prevention was no longer valid.
“You can’t prevent a lot of this anymore. It is about responding to it, particularly on that security element, which is potentially the beginning of the fraud,” said Mr Green.
He suggested a multi-layer approach:
- identify the real risks
- protect the most important information
- sustain through governance and compliance
- improve to move with the rapid changes
Who’s responsible for what?
Mr Picot said everyone in an organisation needed to be invovled in ICT security and fraud prevention but with differing responsibilities.
The board’s remit is to ask the right questions, while the executive leadership’s role is to understand that the matter was in their scope, having certainty that it was under control and assuring the board that it was being looked after, he said.
An organisation’s ICT governance committee should determine the security and fraud prevention priorities and principles that underpinned them, Mr Picot told delegates.
“We are progressively moving away from policies and procedures to drive decision making to a much more agile workplace where we have a set of principles that managers use to make decisions,” he said.
Among their processes are making sure everybody is informed, there is encryption and verification and all the layers of security are being adopted in the business around mobility, device management and so on, he said.
It was the role of everyone else in the business to be informed and vigilant, he added.
Want to have your say on this story? Comment below. Send us your news and tip-offs to firstname.lastname@example.org