Skip to main content

Protect your data from manipulation or misuse

Type of countermeasure

This is a prevention countermeasure. Prevention countermeasures are the most common and cost effective way to stop fraud. They prevent or limit the size of the fraud risk by reducing the likelihood and consequences of fraud.

decorative  prevention countermeasures


Put protections in place to prevent data from being manipulated or misused.

Why this countermeasure matters

Allowing data within systems or prefilled forms to be manipulated by clients, staff or third parties may allow fraudsters to:

  • submit false claims using manipulated information or evidence
  • conceal or erase information or evidence
  • facilitate fraudulent payments
  • update information without authority
  • improperly influence decisions using false and manipulated information.

How to put this countermeasure in place

Some ways to implement this countermeasure include making sure:

  • a system's source code or audit logs cannot be altered in production environments
  • pre-fill data cannot be changed on forms
  • reports are 'read only' to prevent manipulation
  • data is coded directly into systems and cannot be manually altered
  • updates to production data is restricted by system parameters
  • a system's source code cannot be altered outside a prescribed change management process
  • audit logs cannot be altered
  • the requirements under the Protective Security Policy Framework are adhered to.

How to measure this countermeasure's effectiveness

Measure the effectiveness of this countermeasure by using the following methods:

  • Review procedures or guidance to confirm it clearly specifies how data should be protected from manipulation or misuse.
  • Review controls and policies to see if they conform to the Protective Security Policy Framework.
  • Confirm protections are in place to prevent data being manipulated or misused.
  • Confirm protections are always applied.
  • Review a sample of completed data requests to confirm appropriate protections and classifications were applied.
  • Undertake quantitative analysis to check data has not been manipulated such as reconciling audit logs.
  • Review a sample to confirm data has not been manipulated.
  • Ask staff about data protections to make sure they have a consistent and correct understanding.
  • Undertake pressure testing or a process walk-through to confirm that data cannot be manipulated or misused.
  • Confirm that someone cannot override or bypass protections even when pressure or coercion is applied.
  • Check if reporting, reconciliation or change management processes exist for changes to data.

Related countermeasures

Limit and control functionality within systems with user permissions. Assign permissions to users based on specific business needs, such as making high-risk functions limited to specialised users. The Protective Security Policy Framework sets out the government protective security policies that support this countermeasure.

Automatically match data with another internal or external source to obtain or verify relevant details or supporting evidence. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.

Limit and monitor privileged system accesses (those that allow staff, contractors and providers to perform special functions or override system and application controls). The Protective Security Policy Framework outlines the government protective security requirements to safeguard information from cyber threats, including to restrict administrative privileges.

Conduct system testing to identify vulnerabilities prior to release. Untested systems can allow vulnerabilities to be released into production environments.

Reconcile records to make sure that 2 sets of records (usually the balances of 2 accounts) match. Reconciling records and accounts can detect if something is different from what is standard, normal, or expected, which may indicate fraud.

Internal or external audits or reviews evaluate the process, purpose and outcome of activities. Clients, public officials or contractors can take advantage of weaknesses in government programs and systems to commit fraud, act corruptly, and avoid exposure.

Audit logging is system-generated audit trails of staff, client or third-party interactions that help with fraud investigations.

Related Fraudster Personas

Was this page helpful?