ACSC urges agencies to think security during COVID-19


By Dylan Bushell-Embling
Tuesday, 24 March, 2020



ACSC urges agencies to think security during COVID-19

The Australian Cyber Security Centre is urging Australian government departments and agencies rushing to implement remote working in response to the COVID-19 crisis to not neglect cybersecurity.

It says it is essential for organisations to incorporate cybersecurity in their contingency planning for the outbreak.

Cybercriminals looking to take advantage of the pandemic may seek to target governments and their employees with remote access scams, the centre warned.

As a result, the ACSC is urging all government entities to implement its advice on the secure use of remote desktop clients, and to ensure work devices including laptops as well as mobile phones are secure.

Entities should also consider implementing multi-factor authentication for remote access systems and resources, including cloud services, and ensure that systems including VPNs and firewalls are secured.

It is also essential to ensure staff and stakeholders are informed and educated about cybersecurity practices, the ACSC added. The centre has advice on improving staff awareness and detecting social engineering attacks.

Meanwhile, the Office of the Australian Information Commissioner (OAIC) has issued advice to help respect privacy while responding to the crisis.

The office noted that the Privacy Act does not stop the sharing of critical information to manage the spread of the coronavirus, and agencies and employers have obligations to maintain a safe workplace for staff and visitors.

But in order to respect privacy, the OAIC advises organisations should aim to limit the collection, use and disclosure of personal information to what is necessary to prevent and manage the outbreak.

Personal information should only be used or disclosed on a “need-to-know basis”, and only the minimum amount of personal information reasonably necessary to prevent or manage the outbreak should be collected or disclosed.

Employers should also consider taking steps to notify staff of how their information should be handled and used, and ensure reasonable steps are in place to keep personal information secure in cases where employees are working remotely, the OIAC added.

Image credit: ©iStockphoto.com/Brian Jackson

Related Articles

Security, data loss prevention top of list for US councils

New urgencies in cybersecurity and data loss prevention dominate US local and county government...

ACSC publishes cyber advice for critical infrastructure

Amid a spree of attempts by cybercrooks to compromise Australia's critical infrastructure,...

Govt sector second most targeted in Australia

Australia's government sector was the second most targeted industry sector by cyber attackers...


  • All content Copyright © 2020 Westwick-Farrow Pty Ltd