Cybersecurity has been part of the conversation around most boardroom tables for years. Now it’s become a hot topic around family dining tables following last week’s announcement by Prime Minister Scott Morrison.
The Prime Minister took the unusual step of holding a press conference to warn Australians to remain on guard against a rising number of offshore cyberattacks against local organisations.
“It’s vital that all Australian organisations are alert to this threat and take steps to protect their own networks.” – Linda Reynolds, Minister for Defence
Not a uniquely Australian problem
The problem goes far beyond the specific cyber campaign referred to by the Prime Minister.
During the pandemic, there have been a number of high-profile IT security breaches locally.
Toll Group was hit in May by its second ransomware attack this year after recovering from a significant incident just months before. Lion Australia and BlueScope also faced operational disruptions due to ransomware.
For cybercriminals, COVID-19 provides an opportunity to hit people while they’re down. Pressures of remote working, social isolation, distance learning and financial anxiety have increased our vulnerability to clicking a bad link.
Malicious emails have increased by 600% during the pandemic, according to a briefing to the UN Security Council at an informal meeting focussed on cybersecurity.
Related Whitepaper: The Silent Cyber Risk Threat in the Boardroom
Stopping the spread of viruses
Social distancing has helped bring coronavirus under control in Australia, but our reliance on the internet to stay connected has increased our vulnerability to computer viruses.
In both cases, frontline workers have been facing higher risks. Health and medical research organisations have been targeted by cybercriminals since the pandemic began, in a bid to gain unauthorised access to valuable data.
Other threats are designed to target individuals, often under the guise of providing important health information. The government’s cybersecurity agency has taken down hundreds of malicious websites set up to lure people into entering personal information or inadvertently downloading malware that infects their device.
Emails, texts and online messages have also been used to impersonate organisations ranging from Australia Post to the World Health Organisation.
Using specialist closed-loop messaging systems helps keep confidential conversations private. Diligent Messenger is part of a secure platform supporting collaboration at organisations’ highest levels among select groups of authorised individuals.
Two simple steps to greater safety
Cyber risks are continually evolving and need constant vigilance, monitoring and security. While many attacks are becoming more sophisticated, protecting yourself from the current wave of malicious activity is surprisingly simple.
The Australian Cyber Security Centre has highlighted two ways to significantly reduce the risk:
- Regular patching
Patch devices, operating systems and software within 48 hours of new updates.
- Multi-factor authentication (MFA)
Require MFA for all remote access services, including email, remote desktops and collaboration platforms.
Those actions are part of the Essential Eight, a set of baseline cybersecurity measures the Australian Government recommends all organisations have in place.
They’re also built into Diligent’s rigorous security framework. Our platform supports MFA, including the option to use biometrics for convenience on mobile devices.
We continually update our security measures to keep up with the changing landscape and maintain independent certification, including against ISO/IEC 27001.
The Essential Eight
- Implement application controls.
- Patch applications promptly and keep versions updated.
- Restrict macro settings in Microsoft Office.
- Configure web browsers to block Flash, Java and advertisements.
- Restrict administration privileges to systems, applications and data.
- Patch operating systems promptly.
- Use multi-factor authentication.
- Perform daily back-ups and test restoration regularly.
Source: Australian Signals Directorate
Related Article: How CISOs can prepare their boards for cyber risk
Managing the risk of remote meetings
The global shift to working from home has changed how we communicate. Online meetings and videoconferencing have become commonplace, used for everything from informal team catch-ups to formal board meetings.
While numerous organisations had already incorporated these tools as part of business as usual, the pandemic sent many others scrambling to adopt online platforms to replace physical meetings. The sheer scale of remote working practices also meant people who were previously less comfortable with digital communication faced a steep learning curve.
Even some of the most sophisticated organisations encountered some unexpected setbacks. Popular online videoconferencing tools have been targeted by cybercriminals eager to exploit this new way of working. Phishing emails posing as links to business meetings are just one
Diligent has recently introduced video conferencing integration to our suite of online governance tools. This adds an additional layer of protection and convenience by sharing meeting details through our secure ecosystem.
Be careful what you share
Coronavirus has highlighted one of the ironies in our personal use of technology. While we may be prepared to create a significant digital footprint through our social media and online shopping activity, we can also be wary of our data privacy when we feel we don’t have control.
Cybercriminals regularly scan social media and professional networks such as LinkedIn to find out sensitive information such as the names of employers and job duties to use in phishing and other fraudulent schemes.
It’s crucial not to overshare information that can be used against you or your organisation on public channels.
At Diligent, we never have access to your data. The information you upload on Diligent Boards and the secure messages you send using Diligent Messenger can’t be seen by our team. Your data is encrypted in transit and at rest, on our systems and your devices.
Diligent’s Governance Cloud is specifically designed for boards and senior executives. Securing your sensitive information is our top priority. Our range of intuitive and convenient tools is accompanied by white-glove service that’s available every day of the year, everywhere in the world.
Related Article: How are Boards across ANZ managing increased cyber security risks?
Most Downloaded Whitepapers
Board Portal Buyer’s Guide
With the right Board Portal software, a board can improve corporate governance and efficiency while collaborating in a secure environment. With lots of board portal vendors to choose from, the whitepaper contains the most important questions to ask during your search, divided into five essential categories.
April 20, 2021
The Soaring Risks of Financial Services Cybercrime: By the Numbers
Financial services cyber-security must be a top priority for leaders. After all, while no industry has been immune to the increasing threat of cybercrime, financial institutions are particularly and perniciously vulnerable. According to one report, financial services firms are 300 times as likely as other companies to be targeted by…
March 22, 2021
Why 24/7 Cyber-security Visibility is Essential for Boards Today
Boards depend on cyber-security visibility to ensure their organisations are protected against digital threats. But while it’s tempting to look for solutions that offer cyber-security insights, having more tools isn’t always better. In fact,…
February 11, 2021
The Dangers of Unsecure Communication
When the coronavirus pandemic began earlier this year, organisations were forced to move their processes online. Now, sufficient time has passed to assess the systems they adopted when COVID-19 was a new emergency. The patchwork of tools assembled under the urgent conditions of 2020’s first and second quarters should be…