Close
Public-sector organisations hold millions of private records, from financial information to medical records. Whether it’s a hospital, local council or government agency, robust data security is vital for these vulnerable organisations
The problem is that cybercrime is now mainstream. No longer the domain of disaffected geeks trying to impress each other with their hacking prowess, today cybercrime involves organised crime. In particular, criminals have been targeting patient records to lodge false health-insurance claims. Someone’s medical identity can be bought on the internet for just over $1000.
When Telstra released its Cyber Security Report late last year, it showed that 41 per cent of organisations surveyed had experienced a major cyber-security incident in the past three years, and only 43 per cent of organisations considered themselves well prepared to respond to a cyber-incident.
Security: A job that’s never done
Even for organisations following best practice, cyber safety and security is a journey not a destination, with IT departments regularly reviewing external risk factors and adjusting their policies.
While some companies run regular exercises to simulate a security breach and test the response, few organisations test their controls and systems through engaging ‘white hat’ hackers.
So what can large organisations in the public sector do to ensure their cyber safety and protect their data? While it’s important not to be complacent, the physical hardware and software, like firewalls and antivirus systems, that organisations use are typically good quality and up to date. Similarly, patches for operating systems and applications are usually up to date, although there can be a time lag for these as IT tests a patch before rolling it out across their business.
People: The weakest link
The real root of most security risks is the organisation’s people. Employee-purchased smartphones, tablets and notebook PCs are all vulnerable entry points. Hackers are constantly trying to persuade people to click on links that open malicious attachments or take them to websites with malicious code.
Indeed, the Telstra report found that 45 per cent of internet security incidents were the result of staff clicking on malicious attachments or links within emails.
Given that the workforce has been living with viruses and malware since the late 1990s, it’s surprising that users haven’t got it by now. James Turner, IBRS IT security industry analyst, believes that organisations aren’t taking the human factor seriously. Turner argues that security-awareness campaigns have to be a sustained attempt at behaviour modification, to the point where it permeates the organisation and becomes part of “the way we do things around here”.
Leadership is key
This is not necessarily an easy thing to do. Nevertheless, organisational leadership, from line managers to the C-suite, need to be involved. Turner argues that executives need to accept and commit to changes in their own behaviour and lead by example.
Measurable outcomes
Another key element of a successful security-awareness campaign, Turner says, is to be clear on the desired outcome, setting measurable monthly, quarterly and yearly targets. “Some of these areas include the number of malware outbreaks, the number of calls to the helpdesk reporting phishing attempts (an increase is good as it shows awareness) and a reduction in users sharing credentials.”
Staff engagement
However, Turner believes that all of these measures are meaningless if staff engagement is low. “Before running a security-awareness campaign, IT needs to collaborate with the HR department and understand what the engagement level of staff is within the organisation. Because if engagement is low, you need to fix that before you can tackle security awareness.”
Technology is disrupting the legal world one case at a time. What skills will you need to stay relevant in the world of New Law?
Canon’s uniFLOW print management software can connect with major practice management software
Confidentiality is essential in the legal profession and the stakes are high for your clients and your professional reputation. Canon’s iR-ADV Gen III Series III multifunction devices are designed to boost efficiency and are packed with security features to minimise the risk of cyber-attack.
In the new era of law, contracts are being completely re-designed or even re-imagined in various ways to make them easier to understand
Dr. Hugh Bradlow, Australian Academy of Technology and Engineering, shares his insights on the growing cybersecurity war, and how to manage risks and resilience in a world of unknowns.
With modern technology, the healthcare sector is becoming more connected with an increasing number of ‘things’ now using software, for example medical devices. It’s creating a new world of cybersecurity concerns, but how does the healthcare sector measure up when it comes to managing Information Security?
With cyber crime on the rise in Australia, it’s becoming more important than ever to protect your business with cyber security training. We look at how your employees are your best weapon against cyber attacks.
As technology enters classrooms, auditoriums and libraries, it brings new risks to the education sector. All it takes is one click from a student device to potentially compromise your entire network. Faced with these various threats, does the education sector receive a ‘High Distinction’ for its efforts to protect its troves of student and staff data? Recent findings from the inaugural Canon Business Readiness Index on Security suggest not.
There is a lack of clear standards relating to how school records should be secured. As a result, the level of security varies from school to school, and sometimes within an institution itself. What can you do to ensure your school is exercising best practice with your school records?
In February 2018, Australia’s privacy law will change. If your organisation is covered by the Australian Privacy Act (this includes all Australian government agencies, and businesses and not-for-profit organisations with an annual turnover of $3million or more), then these changes will apply to you.
Digital signatures promise to make doing business faster and easier. Don’t let a lack of legal clarity hamper your adoption efforts.
