The Australian Cyber Security Centre (ACSC) has developed tailored advice to help organisations manage the increased cyber security risks, including when data is being migrated from one system to another.
Businesses undergoing major organisational change, whether it be through a merger, acquisition or machinery of government changes, are an attractive target for cyber criminals because of significant upheaval and disruption to the normal flow of business.
Cyber criminals know that major change brings disruption, making it easier to scam staff and compromise systems with social engineering attacks such as ransomware, business email compromise, payroll fraud and phishing campaigns.
The reality is that organisations must be prepared well before they announce they’re entering an acquisition or merger.
Our Mergers, Acquisitions and Machinery of Government Changes publication includes information on what you should tell your staff to be wary of, including scams and bogus requests for data, payment or access from people they don’t know.
Cyber security is a critical part of major organisational change and to manage the increased risk, organisations should focus on the following three areas:
- minimise the accumulation and compounding of your technical debt
- ensure your data and systems are well integrated and properly patched, supported and monitored, and
- understand the previous operating environment and security controls which protected your data and systems to ensure appropriate and ideally equivalent, or greater, protection is afforded in the new operating environment.
For more information
Read our guidance on how organisations can prepare and respond to a cyber security incident.
Contact IDCare on 1800 595 160 or at idcare.org if you or your colleagues have experienced identity theft.
Go to the Have I been pwned? website to see if email accounts have been breached.
If your organisation has been a victim of a cybercrime, report it to the ACSC's ReportCyber.
To learn more about the OAIC Notifiable Data Breaches scheme, visit the OAIC website.
To report a cyber security incident, go to the ACSC's ReportCyber or call 1300 CYBER1 (1300 292 371).