Resilient clients and stakeholders
Supporting clients, suppliers, providers, contractors, industry partners to protect themselves from scams, exploitation, identity theft and compromise.
Why this countermeasure matters
Even the most robust fraud control environments can be undermined by scammers and cyber criminals taking advantage of client and stakeholder vulnerabilities to commit fraud. Boosting your stakeholders’ and clients’ counter fraud capabilities protects your entity from further attack.
Failing to support clients and stakeholders to protect themselves from scams, exploitation, identity theft and compromise can lead to:
- organisational information and assets being stolen via a stakeholder’s trusted access to systems or premises
- systems being compromised due to identity take-over
- payments being hijacked due to identity take-over
- clients and stakeholders falling victim to scams reputational damage through clients and stakeholders being defrauded.
How you might apply this countermeasure
Some ways to implement this countermeasure include:
- providing tools and support to boost a supplier’s capabilities to resist scams and fraud.
- sharing intelligence with suppliers and vendors to help them better identify and manage scams and fraud
- educating clients on scams and how to protect their identify and accounts from compromise
- supporting clients to remediate their compromised identity or account
- collaborating with stakeholders to help identify unscrupulous businesses and business practices
- participating in relevant industry meeting to share intelligence and raise awareness of scams and fraud.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- consider how reliant your organisation is on your clients and stakeholders being resilient to scams – could their vulnerabilities lead to fraud against your organisation?
- survey clients and stakeholders to check their knowledge and resilience to scams
- review the effectiveness and reach of public messaging and education
- talk to clients and stakeholders about their understanding and resilience to scammers and cyber criminals
- confirm suppliers, providers, contractors, industry partners are meeting contractual obligations to protect information and funding from theft and misuse
- review frequency of attendance and contribution to key meetings.
Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.
Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.
Help and support to customers, staff and third parties to help them follow correct processes and encourage them to comply with rules and processes and meet expectations.
Providing clear statements and communications on entity practices to detect and respond to fraud can discourage fraudulent or corrupt activities. Staff and clients will be less able to rationalise or justify fraudulent or corrupt conduct when informed of the outcomes of fraud.
Match data with the authoritative source and verify relevant details or supporting evidence. Services such as the Identity Matching Service can be used to verify identity credentials back to the authoritative source when the information is an Australian or state and territory government issued identity credential. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Develop contractual clauses to help prevent, detect and respond to fraud or non-compliance.
Put in place processes for staff or external parties to lodge tip-offs or Public Interest Disclosures.
Investigate fraud in line with the Australian Government Investigation Standards (AGIS).
Coordinate disruption activities across multiple programs or entities to strengthen processes and identify serious and organised criminals targeting multiple programs. It can also include referrals to law enforcement agencies for those groups that reach the threshold for complex criminal investigations.