30 June 2017
Following recent media reporting on the Auditor General’s Government Information Systems Audit Report issued 29 June 2017, the Bond Administration team has been contacted by some agents seeking clarification on the security levels around the Bonds Online eTransactions system and whether any threat against agency and clients’ personal data from cyber-attacks was possible.
The Department of Energy, Mines, Industry Regulation and Safety (the Department) wants to reassure agents that it operates in a secure environment with updated firewalls. The Department has all appropriate patch levels in place and has a continuing updating program.
The Department continually monitors our internet traffic for unusual activity especially at this time and takes all reasonable precautions, including the monitoring of scams and other cyber activities with the intent to gain access to systems through user logons. These activities are used to also warn the public as necessary.
The security of the Bonds Online system (including eTransactions) has added security. The system was subjected to external security checks by a leading cyber security company. Additionally, all electronic transactions are monitored, including a manual verification process, before payments are processed and details are sent to bank institutions for payments to be transacted.
The Department recognises that cyber threats are real and no organisation, Government or public, is 100% immune. As a result, a robust approach to monitoring and updating system security is applied by the Department.
Agents are also encouraged to be vigilant about their own online security. In order to protect your business it is essential you update yourself regularly about the types of scams that are evolving and how to protect yourself. Information can be sought from the Department’s ScamNet website and the federal government’s ScamWatch website.
Tips to ensure online security
- All BondsOnline users should have their own individual login and should not share passwords with other staff members in their Agency.
- If a staff member leaves, it is important the Agency disables the login to prevent unauthorised access.
- Users of BondsOnline with administrator level access have the ‘Maintain eTransactions Users Tab' which makes creating and disabling logins easy. If you are unsure who is the Administrator in your Agency, please email BondsOnline team.