The importance of cyber security during times of global unrest
Almost all organisations rely heavily on being digitally connected for basic operations in 2022, but unfortunately it is this connection that leaves us somewhat vulnerable to sinister cyber attacks particularly during periods of international upheaval.
In light of the recent tensions between Russia and Ukraine, the risk of cyber attacks across the world has escalated. There has never been a more important time to ensure that your organisation is prepared to withstand a cyber security breach. While the Australian Cyber Security Centre isn’t currently aware of any immediate threat to Australian organisations, they have urged businesses and organisations across the country to review and enhance their cyber security protocols.
So where do you begin as a cyber security manager, or as the person responsible for the protection of your organisation's systems and data?
1. Assess the health of your current cyber security protocols
This process doesn’t need to be overwhelming. Rather than looking at your current situation as “risk elimination”, look at it as risk mitigation.
Assess the following areas to gain an understanding of where you’re at, and where you need to be:
- Mitigation controls: Have you taken the time to learn about the "Essential 8" areas of cyber security risk mitigation? These eight mitigation controls were developed by the Australian Cyber Security Centre and will give you an excellent overview of strategies you could take to secure your IT systems and information.
- Security policies: Do you have a cyber security policy that outlines expectations for your staff?
- Information classification and security: Look at how you’re storing sensitive data and who within your organisation has access to it. Does your staff understand how and where to securely store data?
- Device management: Are all company devices such as laptops and phones secure? Are their anti-virus and firewall protections up-to-date and monitored regularly?
- Network threat detection: How does your organisation monitor for data breaches and network security threats?
- User education: Do you have regular staff cyber security awareness training and do they understand the importance of complying with security policies and protocols?
If you’re keen to dive a little deeper, the Digital Transformation Hub has a straightforward cyber security health checklist that allows users to answer questions on the above areas and will provide recommendations on how your organisation can improve cyber security protocols.
2. Multi-factor authentication is essential
According to Microsoft, over 99 percent of cyber security breaches can be prevented by having multi-factor authentication in place.
By enabling multi-factor authentication, you’ll dramatically reduce the risk of data breaches and is one of the easiest things you can do as part of your cyber security health check.
For more information on how to set up multi-factor authentication across particular platforms, check out this handy guide published by the Australian Cyber Security Centre. You can also check out our blog post for more on why multi-factor authentication is so important.
3. User education
Staff who might be unfamiliar with cyber security measures are more likely to make innocent mistakes that may put your organisation and the data you store at risk of a breach or attack.
Take the time to educate employees about what sensitive information looks like, and why storing it correctly is so important.
Phishing is one of the most common means by which information may be compromised, so providing staff with examples of what malicious emails may look like is an excellent way of ensuring they don’t fall victim to a phishing attack.
Other points to educate your employees on include:
- How to choose a strong secure password.
- How to spot scam or phishing-style emails with suspect links or attachments.
- Making staff aware that reputable organisations or businesses will never ask for personal or financial information via email. Encourage staff to question any email that doesn’t look or feel right.
- How and where sensitive information is stored.
- How to secure devices.
- What to do in the event that a suspected or actual security incident or data breach occurs.
For practical, in-depth training it is well worth attending one of the webinars available on the Digital Transformation Hub. In February, Connecting Up and PwC delivered a free webinar on cyber security threats with a particular focus on the not-for-profit sector. You can access a recording of this webinar here.
Also worth considering is the upcoming Cyber security 101 webinar, designed for those who consider themselves relative beginners in the space. This webinar is free, and a fantastic way to give your staff a crash course on the fundamentals of cyber security. Cyber security 101 will run on Wednesday 20 April 2022 from 1.00pm-1.30pm. You can register here.
4. Make cyber security governance a priority
For cyber security to be fully embraced by the entire organisation, it’s crucial that your executive leadership team is across the fundamentals of why this area is so important.
If you rely solely on the IT team (or in some cases, this might be one person) to completely own and manage cyber security practices, you may risk the organisation losing grasp of how important this area is.
It’s up to the leadership team to lay good foundations by embracing cyber security and data protection protocols and lead by example.
5. Monitor the current threat landscape
The current Russia-Ukraine conflict does mean that there is a considerably higher risk of potential cyber security attacks across the globe, including Australia.
Given the dynamic nature of the situation, it is important to ensure you are abreast of any change to the risk level in Australia.
Setting up Google Alerts with keywords and phrases related to cyber security in Australia is a good way to stay abreast of the latest developments and news. Some examples might include “Ukraine phishing attack” or “data breach”.
Scan reputable news sources daily for any information regarding to potential cyber security concerns in Australia. A good place to start is the Australian Cyber Security Centre, where you can set up alerts to help you remain on top of any developments.
If you have any particular questions or concerns regarding cyber security, you can always schedule a free session with one of our Digital Transformation Hub Experts, who can assess your situation and provide you with recommendations tailored to your organisation.