Protecting your digital information
LG Leader September 2019
While the term ‘cybersecurity’ may conjure up abstract images of ‘Matrix-like’ codes and hackers engaged in a game of cat-and-mouse with IT security teams, the reality is much more mundane. Unfortunately, however, the risks are not, and reputational and financial costs for cyber security breaches can reach millions of dollars.
Because of this, we need to alter our thinking, and instead of focussing on ‘cybersecurity’, we need to consider ‘information security’ as organisations. Councils, are in possession of a whole host of confidential information, including personal identification and banking details, that need to be secure.
Certain industries, such as the banking sector, have long acknowledged the risks posed by cyber criminals. However, it is easy to connect an organisation, such as a bank, to risks of criminal attack, and less apparent to other organisations, such as councils.
Experts in the field of cybersecurity state that organisational complacency is one of the most significant barriers to effectively managing information security, and driving this complacency is often the lack of appreciation of the value of information held by the organisation.
However, securing a person’s private information is becoming a greater priority in Australia and we recommend that councils be proactive regarding information security.
In fact, a recent report prepared by the Australian Competition and Consumer Commission has recommended broader reforms to Australian privacy laws, including contemplating whether the Privacy Act 1988 (Cth) ought to apply to entities which are currently exempt, such as councils.
All employees and Council members have a responsibility to assist in securing council information, which includes recognising the value of the information held (because the cyber criminals certainly do!)
Having in place a sound policy and procedure to deal with information security, and ensuring that employees and Council members receive the training and guidance required to guard against threats, is the strongest arsenal for councils to defend against cybersecurity risks.