Why firms need to establish a corporate governance and compliance framework to reduce risk beyond COVID
The disruption caused by COVID-19 has transformed the way the professional services industry operates.
The lockdown and social distancing measures accelerated the need for firms to adopt a remote working structure to continue operations.
For many businesses, enabling employees to work from home is vital to ensure their safety whilst maintaining business operations. In fact, a study by Gartner found that 88 per cent of organisations encouraged their staff to work from home during the crisis – and 74% intend to shift employees to remote work permanently.
However, the rapid change in firms’ infrastructure due to the pandemic has highlighted major risks to businesses which need to be addressed.
One consideration for many businesses will be how employees execute tasks securely when staff are no longer working from a centralised location – including how they manage payments, and how they retain and store their customers’ personal information to ensure it is not compromised.
Pre-COVID, many law and accounting firms would typically take payments via face-to-face transactions using EFTPOS machines. However, in the midst of the lockdown, many have been left unequipped to take payments as a result of not having a payment gateway set up.
Sophisticated transaction systems like FeeSynergy Collect, which is integrated with Westpac’s Pay Way solution, enables firms to simply collect and manage payments via multiple channels including credit card, direct debit, EFT/Direct Credit, BPay and PayPal, to name a few.
As well as addressing the need for new payment channels, these solutions can also enhance a payment security. FeeSynergy complies with the Payment Card Industry Data Security Standard (PCI DSS), a set of requirements to keep customers details safe. The online payment gateway is also reinforced by 3D Secure to provide an extra layer of protection for online payments.
Since COVID, there has been a surge in cybercrime against firms as fraudsters look to exploit and infiltrate vulnerable systems and processes, and weaker email security.
The cost of cyber-attacks has a major financial impact on individual businesses and the economy, with a report by The Australian Competition and Consumer Commission (ACCC) detailing that Australians lost $132 million to business email compromise scams, $126 million to investments scams and $83 million to dating and romance scams in 2019. As cybercriminals look to adapt their strategies and exploit weaker email security and the disruption caused by COVID, investment into cyber defence capabilities has never been more important.
The same study by Gartner showed 39% of data breaches across legal and accounting and management services in 2019 were due to human error. We all make mistakes – after all, we are only human. But when employees work from home and files and information is less centralised, the risk of human error can be amplified.
As a possible step to reduce this type of risk, firms could communicate the importance of individual accountability and look to establish systems that give employees the required level of authority over files.
Alongside accountability, continued education and training of staff to work vigilantly with the knowledge to identify suspicious or fraudulent activity is equally crucial. If an employee receives a phishing scam but is able to determine the activity is suspicious and escalate the issue, the risk of them divulging confidential information is considerably reduced.
Ultimately, in a work-from-home world, risk is no longer the accountability of the risk team – it is shifted to all employees and as a result, there is a need for it to be embedded into every function of the business.
As such, organisations are adopting wider governance controls to help them understand their most likely threats and risks, and focus their investments accordingly.
Establishing robust and rigorous technological security controls in tandem with stringent governance processes is crucial for businesses to navigate the next phase of COVID-19. More information on how to navigate the new normal and re-set for business recovery and success can be found in Westpac’s Beyond 2020 report for the Professional Services Industry.
Since February, Westpac has helped nearly 40,000 business customers with a range of measures to help them navigate through the crisis, including loan repayment deferrals, unsecured loans and merchant terminal rental fee refunds.
As the COVID-19 situation continues to evolve, Westpac is here to help businesses get through these challenging times. To find out how Westpac can support your business during the COVID-19 visit our business support page: https://www.westpac.com.au/help/disaster-relief/coronavirus/business/
We’re working all the time to better safeguard your financial and personal information. We provide the latest information on how to verify and identify scams and how to keep your business protected and safe online.
*This information is general in nature and has been prepared without taking your objectives, needs and overall financial situation into account. For this reason, you should consider the appropriateness for the information to your own circumstances and, if necessary, seek appropriate professional advice.