Contact us:
+61 8 8226 8800
Cyber Security and information risk management
Do now
- Be aware that organisations are often at their most vulnerable to cyber security threats such as phishing emails (e.g. selling hand sanitisers and masks etc.) when dealing with a crisis that dominates their attention.
- If, for example, you have moved to staff working from home, perhaps using their own ICT equipment, you must realise that new channels for cyber-attacks have opened up. This increases the risk of client and employee personal information being compromised. Please refer to Understanding OAIC guidance on privacy issued on COVID-19.
- It is critical therefore that staff are vigilant and that IT monitoring continues unabated.
Do next
- If any changes are made to the way that your work, review your information security / document management policies and update as required.
- ICT security requirements for SA Government agencies (including supporting guidelines and templates) can be used as a source of good practice and can be found at the DPC Cyber Security web page.
- Practice sound information risk management by
- reviewing and updating Standard Operating Procedures (SOPs) on the management of client and employee personal records.
- ensuring knowledge and skills are distributed across geographically dispersed people / offices.
Do as needed
- The application of security and information risk policies should be monitored and enforced.
- Practice sound knowledge management:
- ensure effective data gathering and sharing processes are in place
- manage critical information through a vital records analysis.