Cybersecurity

Australia is facing increased cyber risk – here’s how to stay protected

Cybersecurity has been part of the conversation around most boardroom tables for years. Now it’s become a hot topic around family dining tables following last week’s announcement by Prime Minister Scott Morrison.

The Prime Minister took the unusual step of holding a press conference to warn Australians to remain on guard against a rising number of offshore cyberattacks against local organisations.

“It’s vital that all Australian organisations are alert to this threat and take steps to protect their own networks.” – Linda Reynolds, Minister for Defence

Not a uniquely Australian problem

The problem goes far beyond the specific cyber campaign referred to by the Prime Minister.

During the pandemic, there have been a number of high-profile IT security breaches locally.

Toll Group was hit in May by its second ransomware attack this year after recovering from a significant incident just months before. Lion Australia and BlueScope also faced operational disruptions due to ransomware.

For cybercriminals, COVID-19 provides an opportunity to hit people while they’re down. Pressures of remote working, social isolation, distance learning and financial anxiety have increased our vulnerability to clicking a bad link.

Malicious emails have increased by 600% during the pandemic, according to a briefing to the UN Security Council at an informal meeting focussed on cybersecurity.

Related Whitepaper: The Silent Cyber Risk Threat in the Boardroom

Stopping the spread of viruses

Social distancing has helped bring coronavirus under control in Australia, but our reliance on the internet to stay connected has increased our vulnerability to computer viruses.

In both cases, frontline workers have been facing higher risks. Health and medical research organisations have been targeted by cybercriminals since the pandemic began, in a bid to gain unauthorised access to valuable data.

Other threats are designed to target individuals, often under the guise of providing important health information. The government’s cybersecurity agency has taken down hundreds of malicious websites set up to lure people into entering personal information or inadvertently downloading malware that infects their device.

Emails, texts and online messages have also been used to impersonate organisations ranging from Australia Post to the World Health Organisation.

Using specialist closed-loop messaging systems helps keep confidential conversations private. Diligent Messenger is part of a secure platform supporting collaboration at organisations’ highest levels among select groups of authorised individuals.

Related Article: COVID-19: A Steep Learning Curve in Risk Management for Many Boards and CEOs

Two simple steps to greater safety

Cyber risks are continually evolving and need constant vigilance, monitoring and security. While many attacks are becoming more sophisticated, protecting yourself from the current wave of malicious activity is surprisingly simple.

The Australian Cyber Security Centre has highlighted two ways to significantly reduce the risk:

  1. Regular patching

Patch devices, operating systems and software within 48 hours of new updates.

  1. Multi-factor authentication (MFA)

Require MFA for all remote access services, including email, remote desktops and collaboration platforms.

Those actions are part of the Essential Eight, a set of baseline cybersecurity measures the Australian Government recommends all organisations have in place.

They’re also built into Diligent’s rigorous security framework. Our platform supports MFA, including the option to use biometrics for convenience on mobile devices.

We continually update our security measures to keep up with the changing landscape and maintain independent certification, including against ISO/IEC 27001.

The Essential Eight

  1. Implement application controls.
  2. Patch applications promptly and keep versions updated.
  3. Restrict macro settings in Microsoft Office.
  4. Configure web browsers to block Flash, Java and advertisements.
  5. Restrict administration privileges to systems, applications and data.
  6. Patch operating systems promptly.
  7. Use multi-factor authentication.
  8. Perform daily back-ups and test restoration regularly.

Source: Australian Signals Directorate

Related Article: How CISOs can prepare their boards for cyber risk

Managing the risk of remote meetings

The global shift to working from home has changed how we communicate. Online meetings and videoconferencing have become commonplace, used for everything from informal team catch-ups to formal board meetings.

While numerous organisations had already incorporated these tools as part of business as usual, the pandemic sent many others scrambling to adopt online platforms to replace physical meetings. The sheer scale of remote working practices also meant people who were previously less comfortable with digital communication faced a steep learning curve.

Even some of the most sophisticated organisations encountered some unexpected setbacks. Popular online videoconferencing tools have been targeted by cybercriminals eager to exploit this new way of working. Phishing emails posing as links to business meetings are just one

Diligent has recently introduced video conferencing integration to our suite of online governance tools. This adds an additional layer of protection and convenience by sharing meeting details through our secure ecosystem.

Related Whitepaper: The Price of Convenience: Communications, Cyber Risk, and Cybersecurity Practices of Corporate Boards

Be careful what you share

Coronavirus has highlighted one of the ironies in our personal use of technology. While we may be prepared to create a significant digital footprint through our social media and online shopping activity, we can also be wary of our data privacy when we feel we don’t have control.

Cybercriminals regularly scan social media and professional networks such as LinkedIn to find out sensitive information such as the names of employers and job duties to use in phishing and other fraudulent schemes.

It’s crucial not to overshare information that can be used against you or your organisation on public channels.

At Diligent, we never have access to your data. The information you upload on Diligent Boards and the secure messages you send using Diligent Messenger can’t be seen by our team. Your data is encrypted in transit and at rest, on our systems and your devices.

Diligent’s Governance Cloud is specifically designed for boards and senior executives. Securing your sensitive information is our top priority. Our range of intuitive and convenient tools is accompanied by white-glove service that’s available every day of the year, everywhere in the world.

To discover how Diligent can help your organisation, contact us at info@diligent.com or request a demonstration.  

Related Article: How are Boards across ANZ managing increased cyber security risks?

Most Downloaded Whitepapers

Featured Blog