Cyber Security

Securing our systems

In 2017–2018 Arthritis NSW embarked on a program to secure our cyber environment after a series of attempts by cyber criminals to infiltrate our systems.

Cyber security is a top priority for all organisations to ensure that their customer data and other systems are safe from criminal activity. With attacks becoming noticeably more sophisticated and frequent, the organisation examined the attempts to hack through our firewall and activate malware (viruses) onto the server network.

We completed a variety of internal and external reviews of our policies, process and systems to look at how we can best protect the information that our members and customers entrust to us.

Following the review, we implemented tokenisation of payments within our client management system to ensure that full credit card details are not stored in our database. Instead, data is sent encrypted to be processed elsewhere and our system is provided with a number to identify the transaction.

As a further refinement, the client management system can only be accessed from office computers that are protected by usernames, passwords and are equipped with antivirus software.

Internally, it is now organisational policy to report all phishing emails, which are then investigated and actioned to ensure the email sender is blocked. At our monthly staff and team meetings data security is regularly discussed and information shared on how to identify phishing emails, along with different methods of protecting data.

Our privacy policy was updated to include the introduction of the Notifiable Data Breach Scheme added to the Privacy Act in February 2018. The scheme requires any data breach that would result in serious harm to a person to be reported to the individuals involved, along with the Australian Information Commissioner.