ACSC urges agencies to think security during COVID-19
The Australian Cyber Security Centre is urging Australian government departments and agencies rushing to implement remote working in response to the COVID-19 crisis to not neglect cybersecurity.
It says it is essential for organisations to incorporate cybersecurity in their contingency planning for the outbreak.
Cybercriminals looking to take advantage of the pandemic may seek to target governments and their employees with remote access scams, the centre warned.
As a result, the ACSC is urging all government entities to implement its advice on the secure use of remote desktop clients, and to ensure work devices including laptops as well as mobile phones are secure.
Entities should also consider implementing multi-factor authentication for remote access systems and resources, including cloud services, and ensure that systems including VPNs and firewalls are secured.
It is also essential to ensure staff and stakeholders are informed and educated about cybersecurity practices, the ACSC added. The centre has advice on improving staff awareness and detecting social engineering attacks.
Meanwhile, the Office of the Australian Information Commissioner (OAIC) has issued advice to help respect privacy while responding to the crisis.
The office noted that the Privacy Act does not stop the sharing of critical information to manage the spread of the coronavirus, and agencies and employers have obligations to maintain a safe workplace for staff and visitors.
But in order to respect privacy, the OAIC advises organisations should aim to limit the collection, use and disclosure of personal information to what is necessary to prevent and manage the outbreak.
Personal information should only be used or disclosed on a “need-to-know basis”, and only the minimum amount of personal information reasonably necessary to prevent or manage the outbreak should be collected or disclosed.
Employers should also consider taking steps to notify staff of how their information should be handled and used, and ensure reasonable steps are in place to keep personal information secure in cases where employees are working remotely, the OIAC added.
AusCERT helps members prevent, detect, respond to and mitigate cyber and internet-based attacks.
Department of Home Affairs Secretary Michael Pezzullo believes improving cyber preparedness,...
The UK's Information Commissioner's Office (ICO) has called on the UK Government to...