Skip to main content

Protect your data from being lost or stolen

Type of countermeasure

This is a prevention countermeasure. Prevention countermeasures are the most common and cost effective way to stop fraud. They prevent or limit the size of the fraud risk by reducing the likelihood and consequences of fraud.

decorative  prevention countermeasures


Make sure sensitive or official information cannot leave your entity's network without authority or detection.

The Protective Security Policy Framework articulates mandatory information security requirements to maintain the confidentiality, integrity and availability of all official information.  Personal and government information is highly sought after by fraudsters and organised criminals. The way data is collected and stored can also change the scale of a potential breach.

Why this countermeasure matters

Allowing data to leave your entity's network without authority or detection can lead to staff or contractors:

  • publicly releasing official, sensitive or classified information
  • providing sensitive or classified information to others for dishonest gain, such as helping a company win a government contract
  • selling sensitive or classified information to criminals and scammers
  • using sensitive or classified information to commit fraud themselves.

How to put this countermeasure in place

Some ways to implement this countermeasure include:

  • scanning emails sent to or from external email addresses and setting aside any that contain sensitive information for further checks
  • limiting access to collaboration websites that enable documents to be uploaded
  • controlling access to supporting ICT systems, networks (including remote access), infrastructure and applications
  • controlling the use of removable storage media and unapproved connected devices
  • network management practices and procedures to identify and address network structure or configuration vulnerabilities
  • using encryption particularly when transferring information
  • adhering to the requirements under the Protective Security Policy Framework
  • referring to guidelines in the Australian Government Information Security Manual and the Australian Cyber Security Centre’s Strategies to Mitigate Cyber Security Incidents.

How do I know if my countermeasures are effective?

Measure the effectiveness of this countermeasures by using the following methods:

  • Conduct pressure testing to test if fraudulent activity would be prevented or detected.
  • Consult subject matter experts about data loss protection controls.
  • Confirm that information security requirements comply with requirements of the Protective Security Policy Framework and other national frameworks and guidelines, including the  Australian Government Information Security Manual and Strategies to Mitigate Cyber Security Incidents.
  • Conduct a process walk through by sitting with a staff member while they show you how the controls work.
  • Review the controls to determine if it would prevent or detect different methods of information disclosure.
  • Confirm controls are always on and automatically applied.
  • Confirm that detection tolerances or parameters are appropriate.
  • Confirm that detection parameters or thresholds are not widely known.
  • Arrange or review results of technical testing to conform controls are working to specifications.
  • Confirm that the systems/processes underlying the data loss protection controls are adequate and reliable.
  • Confirm that data/information breaches go to the most appropriate staff/team for review.
  • Review a sample of detected incidents.
  • Analyse reports related to the data loss protection controls such as how many breaches are reported and how often.
  • Review who has access to change the controls.
  • Confirm that someone cannot manipulate the data loss protection controls and test this if required.
  • Check what other reporting occurs such as if executives review data/information disclosure reports during committee meetings.

Related countermeasures

Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.

Limit and control functionality within systems with user permissions. Assign permissions to users based on specific business needs, such as making high-risk functions limited to specialised users. The Protective Security Policy Framework sets out the government protective security policies that support this countermeasure.

Limit and monitor privileged system accesses (those that allow staff, contractors and providers to perform special functions or override system and application controls). The Protective Security Policy Framework outlines the government protective security requirements to safeguard information from cyber threats, including to restrict administrative privileges.

Conduct system testing to identify vulnerabilities prior to release. Untested systems can allow vulnerabilities to be released into production environments.

Prepare summary reports on activities for clients, managers or responsible staff.

Establish exception reports to identify activities that are different from the standard, normal, or expected process and should be further investigated.

Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.

Related Fraudster Personas

Was this page helpful?