ABOUT 45 per cent of Australian businesses have been affected by fraud in the past two years, according to the 2008 KPMG Fraud Survey.
ABOUT 45 per cent of Australian businesses have been affected by fraud in the past two years, according to the 2008 KPMG Fraud Survey.
The survey found the total cost of fraud to Australian business was $301 million, with an average cost of $1.5 million for each organisation.
Larger organisations were most at risk, with 89 per cent of respondents employing more than 10,000 people experiencing at least one fraud, while lower rates were reported in smaller organisations.
Incidences had increased significantly since 2006, with the recovery rate decreasing from 37 per cent to just 11 per cent.
While internal controls were the most effective way of detecting fraud, poor internal controls were the most important factor in contributing to the problem.
Sophos computer security analyst Paul Ducklin said companies could not afford to let their internal controls lapse, with cyber fraud a common problem.
He said cyber fraud cost the Australian public up to $60 million per year.
The most common form of cyber fraud was still spamming, and companies were at risk of operating illegal activities from systems that had been over-ridden by crime programs.
"We estimate more than 99 per cent of spam is sent by an unsuspecting user who is co-opted into cyber-crime without knowing it," Mr Ducklin said.
In the case of cyber crime, banks and financial institutions were the safest because they had moved with the technology and installed sophisticated security programs.
Other sectors and smaller businesses that had not put in the proper safeguards were at risk of a range of cyber crimes.
Mr Ducklin said companies had much more at stake than just financial information.
"Particularly with relation to confidential information, for example next year's sales plan. Could you imagine if a cyber criminal got hold of a patent, they could leak that patent," he said.
Mr Ducklin said all companies should have an email filter, removing opportunities for spammers to access passwords and accounts.
They should also install an anti-virus protection, which blocked or disabled viruses even if they did get through an email filter.
A further form of protection was a web filter, which monitored and blocked problem programs trying to enter the computer and problem sites visited.
"You don't have to spend a lot of money on security and many security companies offer free home backup so your home network has the same protection as your work environment, which is very important if you work from home," Mr Ducklin said.
