The Australian Cyber Security Centre (ACSC) has produced a publication to help professional people outside the public sector avoid being impacted by cyber-criminals by protecting the information they hold.
In its publication, Cyber Security for Agents of Government Services, ACSC says people such as taxation agents and financial advisers often have access to valuable information belonging to their clients and can be authorised to access important information on their behalf.
“To protect your clients use multi-factor authentication for accessing Government services, as well as any computers that you control (where supported),” the publication says.
“Multi-factor authentication adds an additional layer of protection against cyber-criminals trying to compromise your devices or gain access to Government services.”
It says clients should be encouraged to use multi-factor authentication when accessing Government services: “For example, myGov offers the ability to use security codes when logging in”.
“If multi-factor authentication cannot be used, ensure your password is a passphrase that is strong, unique and memorable instead as cyber-criminals will often guess poor passwords,” it says.
“They may do this by using commonly-used passwords or information from websites that list compromised account details. Social media can also expose peoples’ personal details that cyber-criminals may exploit.”
The publication says that computers and mobile devices must always be kept secure.
“This can be achieved by using only legitimate and vendor-supported software; enabling automatic updates; encrypting all data; backing up data regularly; using a screen lock; enabling remote tracking, locking or wiping for mobile devices; avoiding public Wi-Fi networks and locking away mobile devices when not in use or outside of business hours.”
It says agents should prepare for, and know how to respond to, a cyber-security incident.
“Finally, re-familiarise yourself with data breach reporting obligations. Being prepared and responding quickly will minimise damage to your clients should a cyber-security incident occur.”
The ACSC’s two-page advice can be accessed at this PS News link.
