Cyber safety starts with protection, awareness and preparation
There are many steps you can take before, during and after a cyber incident that can help contain and manage the damage if not prevent it. A couple of key observations made by the Australian Government include a good reaction plan and robust preventative measures:
- “Your actions in the first 24 hours after discovering a data breach are often critical to the success of your response”; and
- “You should create and test your plan before a data breach occurs”.
We’ve broken some of the key insights around cyber safety down into 3 easy steps for you:
Identify and protect your assets – Identify the data, devices and systems that enable your organisation to achieve its business purposes.
Manage cyber risk – Identify, assess and manage the cyber security risks to your organisation’s data, systems, people and supply chain.
Know who has access – Manage physical access to facilities and logical access to systems and devices.
Back up – Ensure you regularly back-up important data and information to reduce the damage in case a breach occurs.
Strong passwords – Ensure that you use ‘smarter passwords‘ and where possible multi-factor authentication.
Smarter Protection – Have clear policies & security measures relating to your systems, data protection and privacy in case a breach occurs. Ensure your business is aware of this.
Acceptable use – Put in place a policy that stipulates the constraints and practices a user must agree to for access to your network and systems. Ensure that individuals are aware of and attest to having read and understood the policy.
Awareness is action – Train your staff on the risks and importance of protecting sensitive information – especially personal information.
On-going education – Provide regular awareness sessions to staff on how to identify irregular behavior and how to be vigilant.
Response – Ensure that you have plans in place to respond to an incident and test them regularly, if possible, with internal and external stakeholders (i.e. legal, PR, crisis management etc.).
Recovery – Ensure that processes are in place to minimise the downtime of systems and assets impacted by a cyber event and test them regularly.
The impact of a cyber-attack can be severe. Consider building and testing your safety plan and investing in insurance cover.