Case study with information and cyber security experts, CyberCrowd, who recently certified to Counter Fraud Fundamentals and now plan to add the scheme to their portfolio of services and solutions to clients.
Based in Berkshire and founded in 2016, CyberCrowd offers cyber security and resilience consultancy to a wide variety of companies. These include a number of Private Equity Firms, Venture Capitalists, Pension Funds and Corporate Finance Advisors.
Already one of IASME’s Certification Bodies, CyberCrowd currently deliver Cyber Essentials, Cyber Essentials plus, IASME Governance and are also getting geared up for the IOT Security Assured scheme that certifies IoT products.
Following an inspiring talk by Brian Costello at an IASME briefing in March this year, CyberCrowd themselves certified to the Counter Fraud Fundamentals. They found it a very good experience and are excited to be one of the first companies to go through it. They have just taken part in the pilot assessor course so they can support other companies in certifying to the scheme.
We spoke with Chief Operating Officer, Chris Green, a chartered accountant with over ten years’ experience. Chris holds a unique viewpoint of business from a data governance, cyber security and also a financial side. He enthusiastically welcomes the Counter Fraud Fundamentals scheme as a vital piece of assurance in the fight against fraud.
How was the process of certifying to Counter Fraud Fundamentals?
Firstly, I’d say the Counter Fraud self-assessment was a very user friendly experience. I really liked the review function, as it allowed me to see everything before I submitted my answers and the question content was logical. Everything I expected to see was there.
I was particularly gratified to confirm CyberCrowds current practises are already precisely in line with the exacting standards of the scheme. The positive experience we had certifying to the CFF scheme was a good thing for us to communicate to the stakeholders in the business. It reinforces our credentials and reassures our stakeholders that we are operating at the cutting edge of our field.
Testing your staff’s resilience to fraud.
The crossover between Cyber Essentials and Counter Fraud Fundamentals is obvious as so much of cyber-crime is also fraud. Technical controls and capabilities are important but need to be complimented with good policies and processes. That said, a company is not vetting its staff before onboarding them, or training them on what the policies mean, how are its procedures going to work?
At CyberCrowd, we offer awareness courses in email phishing and also telephone phishing. Sometimes if we are working with a security manager who wants to get the buy-in from the Board for some training, we run the process on the Board first. There’s no more impactful way of learning a lesson, than making a mistake yourself . Creating these ‘practise scenarios’ ensures no damage is done in learning that lesson.
In relation to security, what piece of advice would you give to a business?
Risk management is the key component for both cyber security and fraud prevention. Get expert assessment across all levels of your organisation, identify your risk appetite and let them assist you to create a risk management plan. They will then record and review these on a regular basis.
For more information on CyberCrowd
For more information on the Counter Fraud Fundamentals scheme