Our approach to cyber security
We take your security and privacy seriously and we have a strong focus on protecting your information. To make sure your data and online transactions with us are safe and secure, we have robust systems and processes in place. We continuously develop and improve our capacity to identify, prevent and respond to known and emerging cyber security threats.
How we protect you
We seek to protect the personal information we hold from misuse or loss, and from unauthorised access, modification or disclosure.
- Information security is managed in accordance with the Victoria Protective Data Security Framework and Standards issued by the Office of the Victorian Information Commissioner (OVIC) under Part 4 of the Privacy and Data Protection Act 2014.
- Our Risk Management Framework aligns with the Victorian Government Risk Management Framework and the AS/NZS ISO 31000:2009 standard.
- Our management of personal information aligns with ISO27001 best practices.
- In accordance with Australian Signals Directorate, we apply the ‘Essential Eight’ mitigation strategies to minimise systems being compromised.
- We undertake continuous scanning, logging and patching of systems.
- For more information about data privacy, refer to our Privacy Strategy and Policy.
Scam alerts
We’re seeing an increase in email phishing scams claiming to be from the SRO.
Some of the ways you can identify a scam email include:
- the domain of the email address is not legitimate. All SRO emails will come from a sender with the domain sro.vic.gov.au
- the subject line is of a general nature. SRO emails will have more information specific to the content of the email
- the format of email is not in accordance with SRO templates
- a sense of urgency, such as asking you to action within 60 minutes. Most scam emails incorporate a phrase promoting a sense of urgency to entice the user to take action quickly
- a suspicious link or file is attached prompting you to provide personal information.
The Australian Cyber Security Centre provides more information on how to spot a scam email.
Staying safe online
We have policies and procedures in place to protect personal information that we have under our control. However, you should be aware that there are inherent risks associated with transmitting information via the internet.
While we strive to protect information, we cannot ensure or warrant the security of any information transmitted to us online and individuals do so at their own risk. After any personal information comes into our possession, we take reasonable steps to protect that information from misuse or loss and from unauthorised access, modification or disclosure.
If you do not want to use the internet, we provide alternative ways of obtaining and providing information, such as by phone and mail. In some circumstances, our security guidelines may also require us to send information to you by non-electronic means.
The following tips are useful for keeping your data safe and secure when interacting with the SRO online.
Passwords
- Strong passwords are one of the most important steps for online privacy and security.
- Create long passwords that incorporate numbers and symbols rather than plain words.
- Don’t use the same password on more than one account.
- Change your passwords on a regular basis and don’t share them with anyone.
Networks and firewalls
- Ensure you’re always using a network that is secure. This is particularly important if you are completing a high-risk transaction. Public Wi-Fi often is not the best place to connect devices, as it could potentially have malicious users lurking for devices that can be manipulated or penetrated.
- Use a firewall and keep it up to date. We recommend leaving the firewall enabled on your device, even if it is a secure network.
Software updates
Keep your computer’s operating system and browser software up to date. Installing the latest updates for devices will ensure the most recent security patches are in place.
Antivirus protection
Install antivirus software and keep it up to date. Many antivirus programs also include email scanning, which will help you to identify threats and scams.
Sharing information online
Keep your identity protected and limited. If the information you post online is publicly available, anyone can view it and use it to exploit you. Use privacy settings to control what you share, and don’t share personal information publicly on social media and online forums.
Be scam aware
If you receive communications that claim to be from the SRO, whether by phone, email or post, the following tips can help you avoid being scammed.
If you’re in doubt, stop and contact the SRO Contact Centre to verify the communication is legitimate before you respond or provide any information.
Emails
Never reply to emails with passwords or other sensitive information, such as your bank account details.
If you receive an email that looks suspicious:
- contact us on 13 21 61 or email at cybersecurity@sro.vic.gov.au
- check the domain used in the sender’s email address to ensure it appears legitimate (e.g. @sro.vic.gov.au). Look out for misspellings or variations to the domain
- think before you click. Check where the links go before you open them. If you can, hover over the link to see the actual web address it will take you to. Like the email address, the link should direct you to the correct domain
- we do use hyperlinks in emails to direct you to information on our website. If you don’t want to click links in an email, you can always visit our website and search for information.
Stay informed to stay safe online
You can find more information about staying safe online from the Australian Cyber Security Centre.
Report a cyber security issue
If you are concerned about a cyber security issue involving the SRO, please report it to us as soon as possible by contacting us at cybersecurity@sro.vic.gov.au
More information
- Privacy concerns and enquiries
- Privacy Strategy and Policy
- Office of the Victorian Information Commissioner
- Australian Cyber Security Centre
- Scamwatch
