Department of Human Services

Cyber Security and information risk management

Do now

  • Be aware that organisations are often at their most vulnerable to cyber security threats such as phishing emails (e.g. selling hand sanitisers and masks etc.) when dealing with a crisis that dominates their attention.
  • If, for example, you have moved to staff working from home, perhaps using their own ICT equipment, you must realise that new channels for cyber-attacks have opened up. This increases the risk of client and employee personal information being compromised. Please refer to Understanding OAIC guidance on privacy issued on COVID-19.
  • It is critical therefore that staff are vigilant and that IT monitoring continues unabated.

Do next

  • If any changes are made to the way that your work, review your information security / document management policies and update as required.
  • ICT security requirements for SA Government agencies (including supporting guidelines and templates) can be used as a source of good practice and can be found at the DPC Cyber Security web page.
  • Practice sound information risk management by
    • reviewing and updating Standard Operating Procedures (SOPs) on the management of client and employee personal records.
    • ensuring knowledge and skills are distributed across geographically dispersed people / offices.

Do as needed

  • The application of security and information risk policies should be monitored and enforced.
  • Practice sound knowledge management:
    • ensure effective data gathering and sharing processes are in place
    • manage critical information through a vital records analysis.
Page last updated : 11 Jun 2020

State Government of South Australia © Copyright DHS .[sm v5.4.7.1]