ACSC urges agencies to think security during COVID-19


By Dylan Bushell-Embling
Tuesday, 24 March, 2020

ACSC urges agencies to think security during COVID-19

The Australian Cyber Security Centre is urging Australian government departments and agencies rushing to implement remote working in response to the COVID-19 crisis to not neglect cybersecurity.

It says it is essential for organisations to incorporate cybersecurity in their contingency planning for the outbreak.

Cybercriminals looking to take advantage of the pandemic may seek to target governments and their employees with remote access scams, the centre warned.

As a result, the ACSC is urging all government entities to implement its advice on the secure use of remote desktop clients, and to ensure work devices including laptops as well as mobile phones are secure.

Entities should also consider implementing multi-factor authentication for remote access systems and resources, including cloud services, and ensure that systems including VPNs and firewalls are secured.

It is also essential to ensure staff and stakeholders are informed and educated about cybersecurity practices, the ACSC added. The centre has advice on improving staff awareness and detecting social engineering attacks.

Meanwhile, the Office of the Australian Information Commissioner (OAIC) has issued advice to help respect privacy while responding to the crisis.

The office noted that the Privacy Act does not stop the sharing of critical information to manage the spread of the coronavirus, and agencies and employers have obligations to maintain a safe workplace for staff and visitors.

But in order to respect privacy, the OAIC advises organisations should aim to limit the collection, use and disclosure of personal information to what is necessary to prevent and manage the outbreak.

Personal information should only be used or disclosed on a “need-to-know basis”, and only the minimum amount of personal information reasonably necessary to prevent or manage the outbreak should be collected or disclosed.

Employers should also consider taking steps to notify staff of how their information should be handled and used, and ensure reasonable steps are in place to keep personal information secure in cases where employees are working remotely, the OIAC added.

Image credit: ©iStockphoto.com/Brian Jackson

Related Articles

Adapting to new cybersecurity challenges: a roadmap for Australian government agencies

Given the rise in cyber threats against government networks and critical infrastructure sectors,...

Growing fraud trends in Australian health care

As the healthcare landscape evolves, so do the methods of fraud.

Overcoming the top cybersecurity challenges faced by public agencies

With a new cybersecurity strategy out and the right approach to key challenges, the public sector...

Content from other channels on our network

Zendesk launches AI-powered customer experience solution

How breakfast influences student achievement

Fujitsu establishes security consulting division

Ingram Micro Experience 2024 open for registrations

Secure-by-design software development for digital innovation

Future Made in Australia Act welcomed by climate orgs

An interconnected ASEAN Power Grid: report

What Australia thinks about the energy transition

Call for improved train lighting to save lives

Foiling hackers in the smart home era

What factors influence hospital staff retention?

Hospital uses AI model to improve physician–nurse collaboration

Finalists announced for 2024 HESTA Australian Nursing & Midwifery Awards

GenesisCare expands with $35m Northern Beaches cancer centre

In Conversation with Royal Women's Hospital CEO Sue Matthews

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd