As about 80 per cent of all e-crime is caused by people making a mistake, organisations need to develop programmes aimed at prevention, education and raising awareness. This might involve obligatory Computer-Based Training (CBT) packages to be taken at regular intervals; company-wide security clinics; or even global road-shows to ensure awareness is maintained. Organisations may also wish to consider a 24/7 helpdesk to provide support and advice, and to capture details of any incidents that occur.

It’s also vital that a company’s business processes are designed to re-enforce its security policies. The City of London Police believe that only a quarter of crime is reported. However, organisations can implement policies that force its people to inform the necessary officials if they spot, or are the victim of, an offence. So, if a car is damaged or a laptop stolen, it cannot be replaced or repaired without a Crime Reference Number that will trigger an appropriate system.


There are also a number of formal bodies that organisation can work with to minimise the amount and the impact of fraud, including accredited Computer Emergency Response teams who can help trace anyone illegally trying to access systems, as well as the UK’s High-Tech Crime Unit and its international counterparts. This improves the likelihood of tracking down and successfully prosecuting criminals. Equally importantly, it sends a clear message to the hacking community that they will be relentlessly pursued and the equipment confiscated should they attempt to ’break in’ to that particular organisation’s systems.

However, helping the police with their inquiries really should be the last resort. With the correct 'human factors' in place, such extreme measures should not be necessary.