Skip to main content Go to home page

Our approach to cyber security

We take your security and privacy seriously and we have a strong focus on protecting your information. To make sure your data and online transactions with us are safe and secure, we have robust systems and processes in place. We continuously develop and improve our capacity to identify, prevent and respond to known and emerging cyber security threats.

How we protect you

We seek to protect the personal information we hold from misuse or loss, and from unauthorised access, modification or disclosure.

  • Information security is managed in accordance with the Victoria Protective Data Security Framework and Standards issued by the Office of the Victorian Information Commissioner (OVIC) under Part 4 of the Privacy and Data Protection Act 2014
  • Our Risk Management Framework aligns with the Victorian Government Risk Management Framework and the AS/NZS ISO 31000:2009 standard.
  • Our management of personal information aligns with ISO27001 best practices. 
  • In accordance with Australian Signals Directorate, we apply the ‘Essential Eight’ mitigation strategies to minimise systems being compromised.
  • We undertake continuous scanning, logging and patching of systems.
  • For more information about data privacy, refer to our Privacy Strategy and Policy.

Scam alerts

We’re seeing an increase in email phishing scams claiming to be from the SRO.

Here’s an example showing what to watch out for:

Some of the ways you can identify this as a scam email include:

  • the domain in this email is not legitimate (yourremittance.com.au). All SRO emails will come from a sender with the domain sro.vic.gov.au 
  • the subject line is of a general nature. SRO emails will have more information specific to the content of the email
  • the format of email is not in accordance with SRO templates
  • a sense of urgency – asking you to action within 60 minutes. Most phishing emails incorporate a phrase promoting a sense of urgency to entice the user to take action quickly. 
  • hovering over the ‘Open’ button will reveal a non-legitimate domain. 

The Australian Cyber Security Centre provides more information on how to spot a scam email.

Staying safe online

We have policies and procedures in place to protect personal information that we have under our control. However, you should be aware that there are inherent risks associated with transmitting information via the internet. 

While we strive to protect information, we cannot ensure or warrant the security of any information transmitted to us online and individuals do so at their own risk. Once any personal information comes into our possession, we take reasonable steps to protect that information from misuse or loss and from unauthorised access, modification or disclosure.

If you do not want to use the internet, we provide alternative ways of obtaining and providing information, such as by phone and mail. In some circumstances, our security guidelines may also require us to send information to you by non-electronic means.

The following tips are useful for keeping your data safe and secure when interacting with the SRO online.

Passwords

  • Strong passwords are one of the most important steps for online privacy and security.
  • Create long passwords that incorporate numbers and symbols rather than plain words.
  • Don’t use the same password on more than one account.
  • Change your passwords on a regular basis and don’t share them with anyone. 

Networks and firewalls

  • Ensure you’re always using a network that is secure. This is particularly important if you are completing a high-risk transaction. Public Wi-Fi often is not the best place to connect devices, as it could potentially have malicious users lurking for devices that can be manipulated or penetrated.
  • Use a firewall and keep it up to date. We recommend leaving the firewall enabled on your device, even if it is a secure network.

Software updates

Keep your computer’s operating system and browser software up to date. Installing the latest updates for devices will ensure the most recent security patches are in place.

Antivirus protection

Install antivirus software and keep it up to date. Many antivirus programs also include email scanning, which will help you to identify threats and scams. 

Sharing information online

Keep your identify protected and limited. If the information you post online is publicly available, anyone can view it and use it to exploit you. Use privacy settings to control what you share, and don’t share personal information publicly on social media and online forums.

Be scam aware

If you receive communications that claim to be from the SRO, whether by phone, email or post, the following tips can help you avoid being scammed.

If you’re in doubt, stop and contact the SRO Contact Centre to verify the communication is legitimate before you respond or provide any information.

Emails

Never reply to emails with passwords or other sensitive information, such as your bank account details.

If you receive an email that looks suspicious:

  • contact us on 13 21 61 or email at cybersecurity@sro.vic.gov.au
  • check the domain used in the sender’s email address to ensure it appears legitimate (e.g. @sro.vic.gov.au). Look out for misspellings or variations to the domain
  • think before you click. Check where the links go before you open them. If you can, hover over the link to see the actual web address it will take you to. Like the email address, the link should direct you to the correct domain
  • we do use hyperlinks in emails to direct you to information on our website. If you don’t want to click links in an email, you can always visit our website and search for information.

Stay informed to stay safe online

You can find more information about staying safe online from the Australian Cyber Security Centre

Report a cyber security issue

If you are concerned about a cyber security issue involving the SRO, please report it to us as soon as possible by contacting us at cybersecurity@sro.vic.gov.au.

More information

 

Last modified: 23 November 2023
Back to top