With over 15 years experience securing IT systems for all sizes of organisations, the team at eStorm understands that there is no one-size-fits-all solution when it comes to cyber security. We take the time to understand how your business operates and apply a practical approach to ensuring your data is protected.
1. Conduct a Cyber Security Audit
A cybersecurity audit will uncover what you are doing wrong when it comes to your network and systems security. For this reason, conducting a cyber security audit or assessment at least once every year is vitally important.
While there are self-assessment resources available, we suggest employing a cyber security expert for your initial audit. An expert will be able to provide unbiased perspective and will create an actionable and airtight approach to mitigating problems identified.
2. Encourage a Culture of Cyber Security Awareness
It’s not just the responsibility of your IT team (if you have one) to be on top of your cyber security precautions. Everyone within your organisation should at least have a basic understanding and awareness of cyber security. You don’t even have to hold a seminar or course for this – sending out an infographic or document with actionable steps for your employees to reference would be a huge step in the right direction.
3. Implement an Information Security Management System
To help eliminate or mitigate the risk of an information systems security breach that could have legal or business continuity effects, organisations should implement an Information Security Management System (ISMS).
There are multiple approaches to implementing an ISMS and depending on the level of certification required, the burden of implementation can be high. When in place however, an ISMS provides the following benefits:
- Information is protected from getting into unauthorised hands
- Information is accurate and can only be modified by authorised users
- The risks of a breach have been assessed and the impacts mitigated
- Improved customer and business partner confidence
Some Examples of ISMS:
The gold standard for ISMS is the ISO 27001 certification. This is an internationally recognised accreditation covering 114 controls across 14 sections and is applicable for any sized organisation. This requires external auditing and typically takes an internal team many months to achieve full implementation and certification.
Many small to medium organisations do not have complex IT environments and can achieve adequate protection from adopting a subset of the controls that a larger entity would require. The Australian government has acknowledged this and developed the Essential Eight – a series of baseline mitigation strategies derived from the full list of Strategies to Mitigate Cyber Security Incidents and the Information Security Manual (ISM) that applies to Government departments and the defence forces, designed to provide a high level of information security protection without the onerous implementation costs of a full ISO 27001 certification.
The ’Right-size’ Approach
If you are not a large organisation, an ISO 27001 certification might be impractical. On the other hand, if you are medium sized company with complex customer relationships, the Essential Eight may not provide sufficient scope to cover your requirements.
In this case a blended methodology may better suited, and you may consider using the Essential Eight as a baseline and augment it with controls from ISO 27001 that have relevance to your needs.