Information security controls are a critical aspect to protect data privacy. In recent weeks, with so many organisations shifting the way they operate, they may also be increasing the chances for an accidental, unauthorised sharing of data, or creating a new vulnerability that the hackneyed hoodied-hacker-in-basement may exploit. With this in mind the Cybersecurity Governance Board, of which the Privacy Commissioner is a participant, developed recommendations:
“Alert staff of the potential for increased phishing attempts and other cyber-attacks.
“Instruct staff to verify by phone or an alternative channel any messages or emails that appear to be from a colleague but make an unusual request.
“Advise staff to obtain their information from trusted official sources.