Wherever you work, viruses are a serious issue, and not just the sub-microscopic infectious agents. Viruses are disrupting life through infecting IT systems, with health service providers being the most common target1.
As with biological viruses, IT viruses have become part of life. Similarities with the coronavirus pandemic are many. We know there are dangers out there and protecting yourself and reducing the spread are key to mitigating the impact.
Recently, Avant found itself subject to a cyber-attack, which we successfully managed to defend with no data loss. This incident provided a reminder of some key security principles that apply to all workplaces.
Phishing is the most common way cyber criminals try to gain access to a system. The attack comes in disguise as a legitimate email but contains malicious links, hoping for an employee to inadvertently allow it in. Although there are many IT security measures in place at Avant, one phishing attack was successful in penetrating our systems. It was quickly picked up by our routine monitoring detecting unusual activity, akin to COVID-19 testing picking up cases in the community.
Having a response plan is paramount in allowing fast and effective action. Most of us have experienced lockdowns in recent months and, although disruptive, they are very effective in stopping the virus spread.
As a precaution, our IT teams took immediate steps to protect information and systems, including shutting down some systems and restricting access to others, while we worked to contain the incident.
We also engaged a top tier cyber security firm to assist us to investigate and respond to the incident. This included finding ‘patient zero’, the source of entry, and employing a full range of diagnostics to assess the situation. We also installed software on everyone’s devices to assist in the investigation.
Pleasingly, due to the rapid action, no member data was lost, and disruption was kept to a minimum.
Back to a new normal
Once the issue was isolated and neutralised, we progressively cleaned up the environment enabling services to be restored safely.
After these kinds of cyber-attacks, it’s common for cyber criminals to conduct follow-up attacks on their targets to try to take advantage when they are vulnerable. We implemented additional security measures to protect confidential data along with other measures to minimise the impact of future attacks.
Some members experienced processing delays as a result of the issue. However, our systems were back up and running within 72 hours, and these delays were resolved.
It has also become apparent that information security can no longer be the sole responsibility of technology professionals. It is the responsibility of everyone in the workplace.
Technology can help build a strong perimeter and having a response plan will help mitigate the impact of a security breach. However, it is often the people working within that perimeter who are the weakest link by having poor security hygiene, such as weak passwords.
Work with your team to develop a high level of security awareness within staff. For example, make sure everyone knows how to spot a phishing email (commercial entities run training on this). Conduct regular cyber security training for staff to create a low appetite for data loss or privacy breaches, and to ensure staff know how to identify and report a suspected security incident. Repeated messaging and set reviews will help keep information security top of mind for staff, which is essential as we know these dangers are not going away.
Cyber security - what you need to know
Steps to protect your practice from a cyber security incident
1 The Office of the Australian Information Commissioner’s Report on the NDB Scheme for the period from 1 July to 31 December 2020.