Skip to main content

Cyber Security


Be a Marathon Health Cyber Smartie 

We have, and will continue to, put measures in place to strengthen our cyber security. For this to be successful, we rely on you, our staff, to do your part. Cyber security is about protecting you – and in turn protecting Marathon Health and the people we work with – from online threats and malicious attacks.
Here you will find information, resources and tips to build your awareness and help you understand what you can do to protect yourself from online scams and attacks. Protect yourself online, do your part and help us #BeCyberSmart. 

Marathon Health Cyber Operations Group

The Cyber Operations Group (COG) has been formed to identify, review and resolve cyber security issues (and their risks) – both as they impact our day-to-day functions as well as in response to cyber breaches that may occur. The role of the COG is to understand our cyber security priorities, raise awareness of cyber security and promote education to all staff.

The COG comprises a range of staff in various roles across the organisation, and is currently made up of:

  • Chief Financial Officer
  • Group Manager, Information and Communication Technology
  • Group Manager, People and Culture
  • Group Manager, Mental Health
  • Marketing and Communications Manager
  • Risk Manager and Company Secretary
  • Quality Manager
  • Corporate Services Manager
  • Clinical Manager, headspace Lithgow
  • IT Support officer

What is a cyber threat? 

A few of the most common scams and cyberattacks are detailed below, as well as some tips you can follow to protect yourself. 

Phishing attacks (pronounced like fishing) 

This is one of the most common attacks – it’s when an attacker contacts you pretending to be somebody you know or an organisation you trust, and tries to get you to give them personal information or open a malicious website or file. 

They can be by email, text, direct messages on social media or even phone calls. They can: 

  • Be from a trusted sender (or mimicking a trusted sender). These can include your bank, the Government, Netflix, Microsoft, Apple, Amazon - or even try to impersonate your manager or a family member.
  • Contain an urgent request claiming you need to act now. Often these messages include content such as something will be cancelled, you will need to pay a penalty, or that you are going to miss out on a special deal.
  • Include a link to a website or an attachment. The website is fake and designed to get you to enter your username and password (or other personal information) so they can steal it.
How to protect yourself
  • Look carefully at any messages you get that want you to take urgent action 
  • Pay attention to the email address of the sender to ensure it's legitimate
  • Never open any links or attachments you weren’t expecting; even if they appear to come from somebody you trust. Reach out to the sender, preferably via a different method (eg text, Teams, phone) and confirm the attachment is genuine before you open it.
Find out more here.
Malware is malicious software and is sometimes referred to as a ‘virus’. It can be designed to do many different things including stealing your personal data, identity theft, using your device to quietly attack other machines, using your computer’s resources to mine cryptocurrency, or any number of other malicious tasks. The most common ways your machine can get infected by malware are by: 
  • Opening a malicious file attachment 
  • Downloading and opening a file from an unsafe website 
  • Opening a file or installing an app that appears to be useful but is actually malicious
How to protect yourself
  • Don’t open attachments or links you weren’t expecting 
  • Don’t open attachments or links you weren’t expecting
  • Be especially careful about downloading files or applications from torrent or file sharing sites 

Find out more here

How can you protect yourself from cyber threats? 

There are a number of ways you can protect yourself from common cyber threats: 

  • Turn on automatic updates 
  • Activate Multi-Factor Authentication (MFA) 
  • Regularly backup your devices 
  • Use passphrases to secure your important accounts 
  • Secure your mobile device 
  • Develop your cyber secure thinking 
The Australian Cyber Security Centre (ACSC) has a fantastic First Steps guide to personal cyber security.  

How can you secure your personal data and protect your devices? 

Here are 10 easy rules to keep your email, accounts and devices safer, and avoid identity theft: 

  • Share your personal information in real time only, preferably in person or by phone. Be careful of what you share on social media.
  • Be sceptical of messages with links, especially those asking for personal information
  • Be on guard against messages with attached files
  • Go passwordless and use an authenticator app for stronger security
  • If you must use passwords, make them strong and unique with a password manager
  • Enable the lock feature on all your mobile devices
  • Install software updates immediately
  • Ensure all the apps on your device are legitimate
  • Use Windows 11 and turn on Tamper Protection to protect your security settings
  • Keep your browser updated, browse in incognito mode, and enable Pop-Up Blocker 

Read more about these 10 tips, as well as some simple tactics to help you.

Marathon Health training 

We have a range of training resources available on the MYGO1 Platform (enter Cyber in the search function to view a full listing). We also run targeted training sessions via Teams, throughout each year. 

Marathon Health case studies

Case Study 1: Phishing attack

Case study 1: Phishing attack

Staff member opened a phishing email on work mobile after hours, resulting in up to 100 staff/contractors' employment information being compromised.

Read more

Marathon Health simulation exercises

As part of the COG Cyber Awareness Development program, we run planned phishing simulations across the organisation. The simulations are emailed to all staff, and are designed to replicate a real scam email. From these exercises, we are able to:

  • Determine how aware staff are of the risks
  • Identify how capable staff are of handling an attack appropriately
  • Gain an indication of our risk of phishing exploitation

How to protect yourself

Staff are always encouraged to follow our procedure – DO NOT open the email, simply delete the email from both your Inbox and your Deleted items folders. You should never:

  • Click any links
  • Open any attachments
  • Provide login details or provide any personal/financial information

If you do, notify the IT Service Desk immediately and RESET your password.

More information and general resources 

Go to top of page