Local governments are becoming high value targets for cyber criminals. In the last week we have become aware of the following:
- Across the country several local governments have reported increasing phishing activity.
- A Tasmanian council suffered a cyber-incident that resulted in unauthorised access to its systems.
LGIS encourages members to be aware of this activity and take action to reduce your organisations risk of being subject to a cyber-incident.
LGIS members should:
- Notify staff members of the up-tick in phishing email activity, and remind staff not to respond to any suspicious email, telephone or social media communications;
- Contact their IT teams or IT service providers to:
- ensure multi-factor authentication (MFA) has been implemented across all accounts (see Australian Cyber Security Centre (ASCS) guidance here: https://www.cyber.gov.au/mfa); and
- ensure the most up-to-date patches have been applied across applications and operating systems (see ACSC guidance here: https://www.cyber.gov.au/acsc/view-all-content/publications/assessing-security-vulnerabilities-and-applying-patches).
Tasmanian cyber incident
The Tasmanian council continues to investigate the cyber-incident that has resulted in unauthorised access to its systems. The council is working hard to investigate the incident expeditiously with the assistance of external IT security and cybersecurity experts.
At this stage, there is currently no indication to suggest that the Tasmanian council incident is related to the increase in phishing activity.
Be cautious
As above, on a precautionary basis only, we recommend that you remain vigilant against potential phishing emails and other scam communications purporting to be from someone you trust.
If you receive any suspicious emails, please immediately contact your IT team to confirm the legitimacy of the email, and do not click on any link or document included in the email.
As a matter of urgency, we encourage you to circulate this email to your IT teams or IT service providers for immediate follow up.
Download the LGIS information sheet on how to report a cyber incident
LGIS Commercial Crime and Cyber Liability Protection
If you have any questions about this scam or would like to know more about your LGIS Commercial Crime and Cyber Liability Protection, please contact your Account Manager directly.