Ensuring the cyber safety of your public sector
With cyber crime and data breaches on the rise, how can you protect the cyber safety and security of vital public sector organizations?
Public-sector organisations hold millions of private records, from financial information to medical records. Whether it’s a hospital, local council or government agency, robust data security is vital for these vulnerable organisations
The problem is that cybercrime is now mainstream. No longer the domain of disaffected geeks trying to impress each other with their hacking prowess, today cybercrime involves organised crime. In particular, criminals have been targeting patient records to lodge false health-insurance claims. Someone’s medical identity can be bought on the internet for just over $1000.
When Telstra released its Cyber Security Report late last year, it showed that 41 per cent of organisations surveyed had experienced a major cyber-security incident in the past three years, and only 43 per cent of organisations considered themselves well prepared to respond to a cyber-incident.
Security: A job that’s never done
Even for organisations following best practice, cyber safety and security is a journey not a destination, with IT departments regularly reviewing external risk factors and adjusting their policies.
While some companies run regular exercises to simulate a security breach and test the response, few organisations test their controls and systems through engaging ‘white hat’ hackers.
So what can large organisations in the public sector do to ensure their cyber safety and protect their data? While it’s important not to be complacent, the physical hardware and software, like firewalls and antivirus systems, that organisations use are typically good quality and up to date. Similarly, patches for operating systems and applications are usually up to date, although there can be a time lag for these as IT tests a patch before rolling it out across their business.
People: The weakest link
The real root of most security risks is the organisation’s people. Employee-purchased smartphones, tablets and notebook PCs are all vulnerable entry points. Hackers are constantly trying to persuade people to click on links that open malicious attachments or take them to websites with malicious code.
Indeed, the Telstra report found that 45 per cent of internet security incidents were the result of staff clicking on malicious attachments or links within emails.
Given that the workforce has been living with viruses and malware since the late 1990s, it’s surprising that users haven’t got it by now. James Turner, IBRS IT security industry analyst, believes that organisations aren’t taking the human factor seriously. Turner argues that security-awareness campaigns have to be a sustained attempt at behaviour modification, to the point where it permeates the organisation and becomes part of “the way we do things around here”.
Leadership is key
This is not necessarily an easy thing to do. Nevertheless, organisational leadership, from line managers to the C-suite, need to be involved. Turner argues that executives need to accept and commit to changes in their own behaviour and lead by example.
Another key element of a successful security-awareness campaign, Turner says, is to be clear on the desired outcome, setting measurable monthly, quarterly and yearly targets. “Some of these areas include the number of malware outbreaks, the number of calls to the helpdesk reporting phishing attempts (an increase is good as it shows awareness) and a reduction in users sharing credentials.”
However, Turner believes that all of these measures are meaningless if staff engagement is low. “Before running a security-awareness campaign, IT needs to collaborate with the HR department and understand what the engagement level of staff is within the organisation. Because if engagement is low, you need to fix that before you can tackle security awareness.”
Canon’s uniFLOW print management software can connect with major practice management software
Managing your information security is a complex business. Like any device connected to your network, your printers could be jeopardising your information security if not implemented and managed carefully.
Confidentiality is essential in the legal profession and the stakes are high for your clients and your professional reputation. Canon’s iR-ADV Gen III Series III multifunction devices are designed to boost efficiency and are packed with security features to minimise the risk of cyber-attack.
If you lead an established, market-leading firm, you face a dilemma.
Dr. Hugh Bradlow, Australian Academy of Technology and Engineering, shares his insights on the growing cybersecurity war, and how to manage risks and resilience in a world of unknowns.
With modern technology, the healthcare sector is becoming more connected with an increasing number of ‘things’ now using software, for example medical devices. It’s creating a new world of cybersecurity concerns, but how does the healthcare sector measure up when it comes to managing Information Security?
In this digital world, data management is a significant responsibility and a data breach is an equally significant risk. Should things go wrong, businesses must take steps to minimise the impact. With the changes to the Privacy Act coming into effect this week, Andrew Giles, Head of Public Relations and Communications for Canon Australia, shares insights on how to preserve trust and maintain strong customer relationships.
There is a lack of clear standards relating to how school records should be secured. As a result, the level of security varies from school to school, and sometimes within an institution itself. What can you do to ensure your school is exercising best practice with your school records?
If you're on the Internet, you face security risks. You can no longer afford to assume that your business won't be a target because you're not big enough. Here are some big business takeaways that can substantially benefit your business' security.
In February 2018, Australia’s privacy law will change. If your organisation is covered by the Australian Privacy Act (this includes all Australian government agencies, and businesses and not-for-profit organisations with an annual turnover of $3million or more), then these changes will apply to you.
Have a spare $2.82 million? That’s how much you can expect to pay, on average, if your organisation falls victim to a data breach in Australia.