Technology for social justice
image description

News

Read the latest stories about how we’re using technology for good.

image description

The year 2020 has been a challenge for all of us and the way we work. In a year when organisations have had to adapt to many changes, the one constant in the information security arena is that security threats are always changing.

As a typical business would over time, adversaries adapt their operating models to determine how they can best grow their revenue. The market in this case? Primarily the demand for and supply of unprotected data. Data is after all, due to our ever-increasing digital presence, the new currency.

In a two week period of mid-late March 2020, as work and life routines began to shift in response to COVID-19, the Australian Cyber Security Centre (ACSC) received over 45 pandemic-themed security incident reports ranging from advice purporting to originate from the World Health Organisation to COVID-19 relief payment scams and working from home scams.

Verizon Data Breach Investigations Report (DBIR)2020The Verizon Data Breach Investigations Report 2020 (DBIR), which provides global data-driven insights on over 32,000 information security incidents, highlights that the threat landscape is dominated by “financially-motivated” organised crime groups. The primary tactics or methods used to target individuals and organisations include phishing, the use of stolen usernames and passwords and the exploitation of errors made while configuring or maintaining IT systems. The ACSC annual cyber threat report echoes that the same techniques have been seen in Australia.

Phishing, which is a form of social engineering, has been in the bag of tactics used for a number of years due to the success of preying on human vulnerability and toying with emotion. The result has been the disclosure of sensitive personal information, passwords, bank details and more.

Organised crime groups have affiliate relationships, and as the ACSC report points out, form part of a supply chain offering cybercrime-as-a-service. Part of the offerings here could include ransomware, malicious software which when installed on your machine can extract your data and encrypt it, rendering it useless unless you pay a ransom.

When a security incident results in the disclosure of personal information, consideration must be made as to the obligations under the Notifiable Data Breaches scheme of the Privacy Act(1988). The link between security and data privacy was explored in a previous article.

Business email compromise (BEC) is another common attack, targeting businesses for financial gain. Generally involving requests for payment transfers or change of bank account details on supplier invoices or payroll, the intent is to redirect funds to bank accounts controlled by cybercriminals. This could be classed in the category of “secondary” motivations from the DBIR where targeted organisations or individuals are used as a means to an end by having their communications impersonated.

Some ways to protect yourself and your organisation against the common tactics, techniques and procedures used by cybercriminals include:

  • Exercise caution when faced with unsolicited requests for personal information or a call to action requiring links to be clicked or attachments to be opened. These requests could be via SMS, phone calls, emails or instant messaging. If the message is from an organisation you may have dealings with, visit their website or phone them directly to engage in communication. Take this quiz to check if you can spot a phishing message.
  • Secure your access. Use strong, unique passwords and multi-factor authentication (also known as two-factor authentication) on your accounts that hold sensitive information. The use of a password manager is highly recommended.
  • Keep­­ your software updated – this includes your operating systems, web browsers or any software you have installed on your machine. Software updates include new features and fixes to security vulnerabilities that are often found by security researchers.
  • Back up your critical data – ensure you have a process in place for this.
  • Have a robust process for verifying change of bank or account details requested by your suppliers and staff.
  • Report any instances of security incidents to ReportCyber.  This will give you access to assistance and advice and further protect the digital ecosystem.

Read more about how to protect your organisation's information security

One of the biggest lessons we're learning from COVID-19 is how crucial it is to have good, reliable technology. Find out how much you need to be spending on tech so your organisation continues to thrive after COVID-19.

Many tech organisations are providing extra resources to help the workforce cope with the added strain from the coronavirus pandemic - here is a list of resources particularly relevant for not-for-profits.

Working from home is not without its challenges, especially on the social side of things. Here are some of the measures we’re taking to ensure our staff are feeling supported, happy and healthy throughout the COVID-19 crisis:

The COVID-19 crisis has made us more dependent than ever before on the digital world. Here are some of our tips to help everyone stay connected during this time. 

Our “Greener Infoxchange” team share their top tips for reducing energy consumption and waste while working from home during COVID-19.

As more organisations are transitioning to working from home during the COVID-19 outbreak, here are some key points that your not-for-profit should be looking at to manage the cyber risks.

Here are some of the measures we’re taking to support people and our sector as much as possible as the coronavirus crisis unfolds.

 

Find out how your service area is performing when it comes to technology, with data from the "Digital Technology in the Not-for-Profit Sector" 2019 report.

We've just released our “Digital Technology in the Not-for-Profit Sector” report for 2019, providing a comprehensive look at not-for-profit technology use across Australia and New Zealand.

Join us on a trip down memory lane as we look back on some of the important milestones in Infoxchange's history.

I’d like to know more