How robust is your NFP cybersecurity? Simple strategies to mitigate cybersecurity incidents & where to start

How robust is your NFP cybersecurity? Simple strategies to mitigate cybersecurity incidents & where to start

In our recent blogs Mitigation strategies for cyber-attacks: Essential 8 for NFPs and What are the pillars in the ACSC Essential 8 and how does your NFP stack up? we have been exploring strategies to mitigate cybersecurity incidents, by adhering to the Essential 8 framework.

To summarise, the Essential 8 provides an indication of an organisation’s cybersecurity maturity. This is particularly useful for NFP compliance requirements. But where do you start, and how does the Essential 8 work in practice?  

To unlock a greater cyber capability maturity model with the Essential 8, it helps to enlist specialist guidance.

“If you are looking at strategies to mitigate cyber security incidents, it can be daunting to know what to look at and where to start. The Essential 8 is actually a simple framework but you do need IT and cybersecurity skill to put it in place,” says Techware CEO David Sia.

“NFPs operate differently to corporate businesses. Government compliance for NFPs is an added element that needs to be considered. To ensure your cyber security mitigation strategies are effective, you need someone who understands the intricacies and requirements of an NFP,” adds David.

Techware’s four steps to the Essential 8

According to David, there are five key steps for an NFP to take when implementing the Essential 8.

#1: Seek help! As mentioned above, the Essential 8 framework is simple to interpret if you are an IT and cybersecurity specialist. Without the right skills, you cannot be confident the steps are being correctly executed.  

#2: Audit everything! To understand where to focus your attentions first, you need to have an accurate and granular overview of your NFP. Without a trained expert assessing your network regularly, how can you know if there are any vulnerabilities that cybercriminals can exploit, systems that are underperforming, or government regulations you aren’t in compliance with?

“We always complete a comprehensive audit of all our customers’ systems and ensure they are in the right place and functioning correctly before making any changes or recommendations,” explains David.   

Techware audit and risk assessment will ensure your NFP is operating more securely and efficiently and gives you peace of mind knowing where threats have come from and how we will protect you going forward.

#3: Establish maturity levels! Armed with a rich understanding of your NFP and the systems you have in place, it is now time to establish your maturity levels across the Essential 8 pillars.

“This is essentially where you set your individual strategies to mitigate cyber security incidents. By assessing your NFP against each pillar, you can quickly identify a level of maturity and pinpoint any gaps. It’s important to note that you can have good maturity at level two and still have gaps at level one. By establishing your maturity levels, you can then create a targeted roadmap to improve and maintain your maturity,” notes David.

#4: Monitor and adapt! Once you have your roadmap and you have begun implementing steps to improve your Essential 8 maturity, it might seem tempting to consider your cyber security job done. According to David, this will simply render the work already completed, pointless.

“When it comes to cybersecurity, there is no set and forget, you need to be constantly monitoring and adapting your strategies to mitigate cyber security incidents. Cybercrime has increased dramatically over the last year and will continue to do so. Hackers will continue to find new ways and it is so important you have someone who is regularly checking and updating your systems” says David.

The Essential 8 in action

Staff at the Australian Child Foundation (ACF) were becoming increasingly frustrated with their IT provider. With significant growth plans, the not for profit needed a proactive partner to provide the guidance and technology needed to take ACF into the future. Techware were appointed to support ACF.

“David and the team came in, completed a thorough analysis of IT maturity before mapping out a three-year blueprint aligned to our growth plans. They outlined where they could take us and how, all the time showing consideration for our regional staff structure,” says ACF CEO Joe Tucci.

In the following years, Techware stayed true to the roadmap and have successfully migrated ACF to the cloud, decommissioned servers, introduced a flexible software licensing structure, strengthened security, and enabled ACF to scale with ease.  Read the full case study.

Ready to embrace the Essential 8?

The Essential 8 provides excellent strategies to mitigate cybersecurity incidents for NFPs. However, you need to have expert support and guidance from a partner who understand the intricacies of an NFP and cybersecurity.  

To find out how your NFP fares and to learn more about the Essential 8, contact Techware today.


Leave a comment!

Your email address will not be published.