Reducing the risk of supply chain data breaches

If you are sharing government data with third party service providers, are you certain that information remains secure, even if the sharing is for legitimate government approved purposes?

Amid the increased cyber security threats facing Australian Government agencies over the past 18 months, the theft of government data through third party suppliers has stood out in terms of its impact and likelihood to reoccur.  Securing your sensitive data outside your environment is often overlooked.

Breaches have included personal and financial details as well as sensitive legal information.

Threat actors are targeting supply chains as a “weak link” in an organisation’s cybersecurity posture. For agencies, this means considering those organisations that are not subject to the PSPF and ISM obligations governing the securing of government data.

Agency staff who need to share information with third parties should be mindful in ensuring that the information shared remains under the controls appropriate to their classification and sensitivity.

A simple way to achieve this is to keep shared data within a service that has been IRAP assessed and meets a Protected classification. SIGBox, used by many commonwealth agencies to securely share with third party providers, other agencies, and with the public, delivers a highly secure outcome for agencies.

SIGBox tracks what files are shared with who, with what access permissions (e.g.: create, edit, change, re-share). Certain file types can also be previewed within SIGBox, reducing the need for files to be downloaded.

Optionally, SIGBox can be configured with an additional service that restricts specified users to “view only” shared files, so that the information stays always secured within the SIGBox cloud, which has been IRAP assessed to the PROTECTED classification.

To find out more about SIGBox or request a demonstration, get in touch with Macquarie Government using the form below.