The NSW Audit Office has recognised the importance of keeping data of customers and staff safe and embarked on improving its cyber security prioritising it under its Technology and Process Innovation strategic initiative.
"The Audit Office recognised the risk ‘We lose confidential information (including client and personal staff information) resulting in legal or regulatory breaches, or reputational damage’ as our highest priority strategic risk," it said in its Annual Report 2018-19.
It also stated that "significant steps" were taken to enhance its cyber security as part of its plan to move from a reactive to defensive cyber security stance.
Some of the actions taken by the NSW Audit Office include the roll out of multi-factor authentication (MFA), advanced identity and device management systems, multiple disaster recovery and penetration tests and full re-certification of compliance with ISO27001.
Other actions include a full technology policy refresh, the delivery of mandatory cyber security classroom training for all staff and had guest cyber experts speak at one of its all-staff forums.
The Audit Office also implemented a cyber risk assessment process to thoroughly evaluate new systems and revised its technology budget to give specific focus to investment in cyber resilience.
Looking ahead, it plans to increase maturity levels further across the Australian Cyber Security Centre's `Essential Eight'.
"We will also leverage Artificial Intelligence (AI) tools to safeguard our systems, staff and data assets. Working closely with our colleagues at local, state and Commonwealth levels, we will continue to assess and respond to cyber risks while focusing on and investing in our overall defence strategies," the report said.
It also focused on finishing the replacement of its data centre, upgrading our practice management and finance system and uplifting our performance reporting.