OAMS embraces cyber security, empowering staff to be first line of defence

Background

Orange Aboriginal Medical Service (OAMS) is an Aboriginal Community-controlled Health Organisation working to improve the health of Aboriginal families and the wider community of Central Western NSW.  Founded in 2005 with only a handful of staff members, OAMS now spans six locations, providing a wide range of medical and health care services.

Like all large, multi-site organisations, managing IT infrastructure is core to successfully running the organisation. IT Basecamp was chosen as OAMS’s ICT Technology Partner in early 2024.  As part of this partnership, IT Basecamp started with a full review and assessment of OAMS’s IT structure, capabilities, strengths and weaknesses.

According to Harriet Atkins-Ronda, Information & Project Officer for OAMS, this was an eye-opening process on many levels, particularly with regard to cyber security:  “Every organisation these days has some level of awareness and concern about the risk posed by cyber criminals, but knowing what to do to protect against an attack is a whole different level.  

“After spending time with the IT Basecamp team, I grew to understand our organisational weaknesses and became increasingly alarmed at the potential consequences a breach would have for our vulnerable community. We knew we’d had a few near misses and it became a priority of our leadership team to address this.”
 

Our work

IT Basecamp’s Cyber Heroes program is built for organisations just like OAMS.  It is a program designed specifically to de-risk the digital universe and build a culture of cyber savviness.  It combines:
 

1. Education and empowerment: often the greatest risk to an organisation is a simple mistake by staff - that split second it takes to click a fraudulent link. Empowering staff to recognise a mistake and take action immediately is the best first line of defence.  The earlier a business is made aware of an incident, the better the chances of recovery; therefore, instances of staff reporting mistakes need to be celebrated, not reprimanded.
2. Stress-testing: security goes beyond the keyboard, through education and proactive monitoring. Regularly and proactively testing systems and staff responses keeps cyber security front-of-mind.
3. Rapid response and recovery: the Cyber Heroes Hotline is available to members 24/7 with a team ready to remotely isolate the attack and deploy an emergency incident response.
4. Compliance without compromise: accredited in the internationally recognised standards of ISO 9001 Quality Management Systems (QMS) and ISO 27001 Information Security Management Systems (ISMS), we have the technical know-how and understanding to develop structured and systematic processes and procedures that prioritise information security.

“The Cyber Heroes team is doing absolutely amazing work, and I would love to see programs like this rolled out across other Aboriginal organisations.” 
- Harriet Atkins-Ronda, Information & Project Officer, OAMS

Based on the initial review and assessment of OAMS, IT Basecamp's Cyber Heroes program strengthened OAMS’s cyber security posture in the following areas:

The outcome

“It’s been four months since we initially engaged with the IT Basecamp Cyber Heroes team and I am encouraged by the conversations I'm having with employees around cyber security,” said Ms Atkins-Ronda. “I was expecting push-back from staff about extra training, but the feedback has been really positive.  People are finding it empowering and useful both in their personal and professional lives.

“Originally, the number of employees failing the phishing campaign tests was frightening.  Now we hardly see any failures.  I now hear phishing being discussed in conversations around the office, showing people are alert and aware, and staff regularly notify me proactively if they’re concerned about a potentially dodgy email.

“As an Aboriginal healthcare provider, trust is crucial. Many of our patients or their family members have had traumatising experiences in the past with institutions, namely the Stolen Generation.  It is our responsibility to build trust with this community for them to be able to confidently share their personal information so that we can support them.  I feel we are really doing our due diligence to make sure we live up to that trust.”