ACSC urges agencies to think security during COVID-19
The Australian Cyber Security Centre is urging Australian government departments and agencies rushing to implement remote working in response to the COVID-19 crisis to not neglect cybersecurity.
It says it is essential for organisations to incorporate cybersecurity in their contingency planning for the outbreak.
Cybercriminals looking to take advantage of the pandemic may seek to target governments and their employees with remote access scams, the centre warned.
As a result, the ACSC is urging all government entities to implement its advice on the secure use of remote desktop clients, and to ensure work devices including laptops as well as mobile phones are secure.
Entities should also consider implementing multi-factor authentication for remote access systems and resources, including cloud services, and ensure that systems including VPNs and firewalls are secured.
It is also essential to ensure staff and stakeholders are informed and educated about cybersecurity practices, the ACSC added. The centre has advice on improving staff awareness and detecting social engineering attacks.
Meanwhile, the Office of the Australian Information Commissioner (OAIC) has issued advice to help respect privacy while responding to the crisis.
The office noted that the Privacy Act does not stop the sharing of critical information to manage the spread of the coronavirus, and agencies and employers have obligations to maintain a safe workplace for staff and visitors.
But in order to respect privacy, the OAIC advises organisations should aim to limit the collection, use and disclosure of personal information to what is necessary to prevent and manage the outbreak.
Personal information should only be used or disclosed on a “need-to-know basis”, and only the minimum amount of personal information reasonably necessary to prevent or manage the outbreak should be collected or disclosed.
Employers should also consider taking steps to notify staff of how their information should be handled and used, and ensure reasonable steps are in place to keep personal information secure in cases where employees are working remotely, the OIAC added.
Building secure AI: a critical guardrail for Australian policymakers
While AI has the potential to significantly enhance Australia's national security, economic...
Building security-centric AI: why it is key to the government's AI ambitions
As government agencies test the waters of AI, public sector leaders must consider how they can...
State government agencies still struggling with securing user access
Audit reports have shown that Australian government agencies in four states experience challenges...