Reading Time: 2 minutes

Cyber safety starts with protection, awareness and preparation

There are many steps you can take before, during and after a cyber incident that can help contain and manage the damage if not prevent it. A couple of key observations made by the Australian Government include a good reaction plan and robust preventative measures:

  • “Your actions in the first 24 hours after discovering a data breach are often critical to the success of your response”; and
  • “You should create and test your plan before a data breach occurs”.

– Data breach preparation and response, July, 2019

We’ve broken some of the key insights around cyber safety down into 3 easy steps for you:

  1. Protection

Identify and protect your assets – Identify the data, devices and systems that enable your organisation to achieve its business purposes.

Manage cyber risk – Identify, assess and manage the cyber security risks to your organisation’s data, systems, people and supply chain.

Know who has access – Manage physical access to facilities and logical access to systems and devices.

Back up – Ensure you regularly back-up important data and information to reduce the damage in case a breach occurs.

Strong passwords – Ensure that you use ‘smarter passwords‘ and where possible multi-factor authentication.

  1. Awareness

Smarter Protection – Have clear policies & security measures relating to your systems, data protection and privacy in case a breach occurs. Ensure your business is aware of this.

Acceptable use – Put in place a policy that stipulates the constraints and practices a user must agree to for access to your network and systems. Ensure that individuals are aware of and attest to having read and understood the policy.

Awareness is action – Train your staff on the risks and importance of protecting sensitive information – especially personal information.

On-going education – Provide regular awareness sessions to staff on how to identify irregular behavior and how to be vigilant.

  1. Preparation

Response – Ensure that you have plans in place to respond to an incident and test them regularly, if possible, with internal and external stakeholders (i.e. legal, PR, crisis management etc.).

Recovery – Ensure that processes are in place to minimise the downtime of systems and assets impacted by a cyber event and test them regularly.

 

The impact of a cyber-attack can be severe. Consider building and testing your safety plan and investing in insurance cover.

Cyber insurance for SMEs

Chris McLaughlin

Chris McLaughlin  

Director, Cyber Solutions Group
Contact Chris