I always hunch my back, but that’s not what we’re referring to today.
Do you know what your Cyber Security Posture looks like, and what you need to do to improve your information security?
I know you’re thinking… my IT guy, Google, or Microsoft force me to use passwords that I can’t remember and make my daily life harder than it should be with Two-factor Authentication, so yes everything is safe and locked away. Unfortunately, that’s a very small part of protecting yourself and your business from cyber security threats these days.
We’re all affected. Practical examples range from global impact (countries hacking each other’s critical infrastructure) to individual impact (your friend’s Instagram account being hacked) and everything in between.
We recently completed ISO27001 Lead Auditor training to help us understand what good practice looks like from an international standards perspective, and to enable us to help clients understand what they can do to make internal and client information as safe as possible.
We’re fully aware this topic can be as boring as an antiques roadshow marathon (unless you’re into that type of thing), so let’s keep things simple.
Cyber security should be a regular consideration for your business if…
- You classify as Critical Infrastructure. If so, the government has legislation you need to follow.
- You retain employee or client personal information on your systems? (Laptops, servers, cloud etc.) If so, you have an obligation to keep it safe.
- You care about your business reputation. Yes, of course you do. So imagine how bad you would feel if in a worst-case scenario, you have to tell your clients there data has been hacked.
If you classify as critical infrastructure, certification with ISO27001 covers you from a legislative perspective. ISO27001 currently specifies 133 security measures to help business identify what they can do to protect information. But implementing all 133 is an overwhelming amount of work.
For smaller businesses, this isn’t vital but it is good to understand what you need to do to protect your business from cyber security threats.
The Australian Government has developed a handy tool that you can use to assess your business from a 30,000-foot perspective. The resulting report gives you actionable steps that you can take to secure your information – Access the Tool here.
It’s not as scary as it sounds. A lot of the day-to-day systems and software that we use are already implementing measures to help us keep information safe, and this will only improve in at time goes by. However, this doesn’t absolve us from doing what we can to protect our personal and business information.
So, what can you do?
- PROTECTING AGAINST MALWARE
- Automatically update your operating system
- Automatically update your software applications
- Regularly back up your business’ data
- FEELING UNSURE
- If you think a message or call might be spam, but it appears to be from a regular supplier (like a bank or a supplier) reach out to the organisation using a contact method you can trust (i.e. a phone call to a publicly listed number)
- Do not use the links or contact details in the message you have been sent or given over the phone as these could be fraudulent.
- PREVENT AND RECOVER FROM RANSOMWARE
- Regularly backup your important data
- Automatically update your operating systems, software, and apps
- Where possible, require multi-factor authentication to access services
- Audit and secure your devices (including servers if you have them) and any internet exposed services on your network (Remote Desktop, File Shares, Webmail). Discuss this with an IT professional if you’re unsure.
- CONSIDER USING A PASSWORD MANAGER
- Password managers (which can also be used to store passphrases) enable good cyber security habits. We use and recommend Last Pass.
- Having a unique passphrase for every valuable account may sound overwhelming; however, using a password manager to save your passphrases will free you of the burden of remembering which passphrase goes where.
- Ensure that any password manager you use comes from a trusted and reputable source and is protected with its own strong and memorable passphrase.
- CYBER SECURITY AWARENESS TIPS
- Train your staff to recognise suspicious links and attachments
- Provide updated cyber security training on a regular basis
- Create a cyber security incident response plan
- Encourage a strong cyber security culture
- Share examples of scam messages to help staff identify cyber security threats