NGO COVID-19 Support

Cyber Security and information risk management

Be aware that organisations are often at their most vulnerable to cyber security threats such as phishing emails (e.g. selling hand sanitisers and masks etc.) when dealing with a crisis that dominates their attention.
If, for example, you have moved to staff working from home, perhaps using their own ICT equipment, you must realise that new channels for cyber-attacks have opened up. This increases the risk of client and employee personal information being compromised. Please refer to Understanding OAIC guidance on privacy issued on COVID-19.
It is critical therefore that staff are vigilant and that IT monitoring continues unabated.

If any changes are made to the way that your work, review your information security / document management policies and update as required.
ICT security requirements for SA Government agencies (including supporting guidelines and templates) can be used as a source of good practice and can be found at the DPC Cyber Security web page.
Practice sound information risk management by
- reviewing and updating Standard Operating Procedures (SOPs) on the management of client and employee personal records.
- ensuring knowledge and skills are distributed across geographically dispersed people / offices.

The application of security and information risk policies should be monitored and enforced.
Practice sound knowledge management:
- ensure effective data gathering and sharing processes are in place
- manage critical information through a vital records analysis.

Page last updated : 25 Feb 2022