Securing our systems
In 2017–2018 Arthritis NSW embarked on a program to secure our cyber environment after a series of attempts by cyber criminals to infiltrate our systems.
Cyber security is a top priority for all organisations to ensure that their customer data and other systems are safe from criminal activity. With attacks becoming noticeably more sophisticated and frequent, the organisation examined the attempts to hack through our firewall and activate malware (viruses) onto the server network.
We completed a variety of internal and external reviews of our policies, process and systems to look at how we can best protect the information that our members and customers entrust to us.
Following the review, we implemented tokenisation of payments within our client management system to ensure that full credit card details are not stored in our database. Instead, data is sent encrypted to be processed elsewhere and our system is provided with a number to identify the transaction.
As a further refinement, the client management system can only be accessed from office computers that are protected by usernames, passwords and are equipped with antivirus software.
Internally, it is now organisational policy to report all phishing emails, which are then investigated and actioned to ensure the email sender is blocked. At our monthly staff and team meetings data security is regularly discussed and information shared on how to identify phishing emails, along with different methods of protecting data.