“Lack of preparation creates business risk. In today’s business environment, being right is only half the battle. Companies also need to execute at speed - intensely pursuing strategy with confidence and discipline as the environment changes.”
- Mike Harris Executive Vice President, Research & Advisory, Gartner
When it comes to cybersecurity, failing to prepare truly is preparing to fail. Unfortunately, cyberattacks are no longer a case of ‘if’, but ‘when’ for organisations. An ABS survey revealed that 1 in 10 Aussie businesses suffered a cybersecurity data breach last year, and that figure is steadily increasing.
By now, CIOs and IT teams should have well and truly finalised reviewing their cybersecurity strategy for the New Year. If you haven’t, it’s not too late to ensure you include these three simple 'cybersecurity New Year resolutions' in your strategy.
Resolution #1: Prioritise cyber education
According to Small Business Trends, 1 in 99 emails are a phishing attack. When you consider the high accumulative volume of emails that your team receive each week, the importance of training your staff to identify harmful emails becomes apparent. What's more startling, is that Small Business Trends go on to say that 30% of phishing emails make it past default security, leaving your employees as the last line of defence to protect your organisation.
Training for all levels of users on cybersecurity awareness is proven to raise people’s vigilance on what to look for to spot a cybersecurity threat. Holistic cybersecurity training will give your employees the tools and knowledge they need to identify and manage cyberthreats to protect your organisation.
Frequent Cybersecurity training for all levels of employees is every bit as important as the other means of protection, including software, hardware and security practices in keeping your data safe.
During the first six months of 2019, more than 4 billion records were exposed by data breaches, so it's important to note that cybersecurity education is not simply a tick box training session. Training should be frequent throughout the year and updated to include the ever changing range of cyber risk to your organisation.
Resolution #2: Ensure your policies and procedures are reviewed and compliant
In Cisco’s annual report in 2018, research indicated that only 26% of all cybersecurity threats can be protected by equipment and software alone. The remaining 74% required user training, policy and procedure or combinations of these elements.
Cybersecurity policies and procedures are one of the most critical tools to protect organisations. They provide staff with an understanding of how they should handle sensitive and personal information, and they demonstrate a level of diligence, not only internally, but also externally to customers.
Policies need to be defined and regularly updated to provide the right balance between security and productivity for your workplace. As data breaches are now an event that has requirements for mandatory reporting under Australian Law, one of the most important procedures that most organisations are often missing is a Data Breach Response Plan. Often organisations are also unaware that a cybersecurity policy should cover disaster recovery and backup, restoration of data, password complexity requirements, mandatory reporting of breaches, cybersecurity training, multi-factor authentication, personal usage of equipment and more.
If your policies and procedures do not address the above at minimum, now is the time to prioritise a review to ensure they are compliant and fit to protect your organisation against cyber risk.
Resolution #3: Take your strategy for a check-up
The New Year is the perfect time to take your entire cybersecurity for a check-up. With the risk landscape evolving at an unprecedented pace, its vital to review the overall 'health and fitness' of your cybersecurity strategy to ensure it is not only compliant but prepared for the potential of any kind of attack.
A health check on your cybersecurity strategy and processes not only improves your organisation's defences but puts you in good stead with ever evolving regulations.
Having an independent third party review your cybersecurity health can identify any weaknesses, vulnerabilities or abnormal user behaviour and provide recommendations to remediate them.
Some questions you can ask as part of your check-up include:
- How do your current security protocols stack up against Microsoft best practice?
- Do you know what your network requirements during peak hours are? Are you optimising the performance of your network?
- Are any of your devices and applications at risk? Do you frequently assess your Firewall security?
- Do you have a Back up and Recovery plan?
- How will you respond to a data breach?
- Do your employees know how to avoid, identify, and report cybersecurity risks?
How can we help:
We can help you ensure your technology, policy and staff education programs align with best practice. Our Business Technology Managers (BTMs) are specialists in improving your internal cybersecurity.
- Cybersecurity technology and policy assessment
- Cybersecurity awareness training and mock events
- Cyber and Data Breach consulting and forensic analysis
- Disaster Recovery (DR) planning
Want more information about Cybersecurity?
See some of our recent blogs:
- The greatest cybersecurity threat is your team
- Warning signs you have malware
- Your web browser is betraying you
If you need advice on how you can ensure your cybersecurity strategy is ready to protect your organisation from risk in the New Year, our Team of Cybersecurity experts are ready to help. Reach out to our team today.