Your people are your real cybersecurity risk

Your people are your real cybersecurity risk

There is a lot of talk about cybersecurity these days. Smaller organisations and Not for Profits know it is important and they should have some level of cyber protection. But how do organisations ensure they are cybersafe?

At its core, cybersecurity is about business risk, not just an IT problem” says Techware CEO and cybersecurity specialist, David Sia. Once organisations grasp that, they understand cybersecurity is critical not just for business operations, but for business survival.

This usually leads to two questions:

• How safe is the organisation?
• How can cybersecurity be managed?

The Australian Cyber Security Centre (ACSC) Essential 8 answers both questions. The Essential 8 provides a framework to assess your organisation’s level of protection and defend against most threats.

Where do cyberthreats come from?

Cyber threats are becoming smarter and increasing all the time. Viruses and malware can gain access through out-of-date security software and firewalls, or a link in your email, SMS, or website. Even a phone call can be used to open the door for an attacker.

Once this occurs, your organisation can be exposed. In fact, you may not even notice a breach has occurred.

It can be a fast or slow process,” says David. “More sophisticated attacks can sit in the background until something the hacker wants comes up, such as a password. But when it hits, it can be all-encompassing.

Whatever the cyber threat, ultimately, it’s a business threat. This can come in the form of financial loss, reputational damage, or in the worst case, a complete inability to trade.

Are smaller organisations more prone to attack?

This depends on the maturity of your cybersecurity. Small to mid-sized businesses and Not for Profits often have limited budgets and skills for security. This can increase exposure to threats.

The main risk to smaller organisations is being underprepared to deal with a breach, and not having the capability to recover when it happens. Implementation of the ACSC Essential 8 framework can save your organisation from preventable cyberattacks.

What happens if a breach occurs?

If your organisation is only using installed cyber security software which is not being monitored, or you have not had your cyber protection reviewed within the last 12 months, you are at a higher risk of being breached.

Having a managed service provider (MSP) or cyber security expert to implement the appropriate level of the Essential 8 framework in your organisation is crucial to your organisation’s security posture.

If there is a breach in your systems, containing the threat is the best hope for recovery. Once you have contained the breach, contacting your IT team immediately and isolating the compromised device is recommended.

Early stages of attack are generally simple to contain however as the stages of attack progress; limiting the damage will depend on your restricted admin access policy and backup as the last line of defence” says David

What should organisations do to stay safe?

Knowing how protected your organisation is against cyber-attacks will give you confidence. But how do you know how safe you are? What are you basing your level of safety on?

The only way to know your level of cybersecurity is to begin the implementation of the Essential 8”, says David.

In the past, it was often enough to have a firewall and desktop security or anti-malware. These security measures are still important to include as part of your cyber security arsenal, but today we need to go further.

The sophistication of cyber-attacks now means the people in your workplace now pose the biggest cyber threat. Personal mobile phones, laptops, and tablets can be breached, and any organisational data accessed via these devices through the cloud could lead to a system breach. Whatever people use to access corporate systems or cloud applications should be secured and verified.

We all know infrastructure needs to be secure - IT companies have been doing that for years. The challenge now is securing the people” says David.

Staff education is important. It is not just the role of the “IT person” to monitor cyber security, it needs to be a team effort. Staff need to be trained properly, and rules and policies should be in place about opening suspicious emails, what to look for when clicking through to websites, how to safely use passwords and so on.

Why is the Essential 8 important?

Most people think they have cybersecurity covered, especially if they employ an IT service provider. The problem is many IT companies do not prove how well they have protected the organisation.

Too many times we’ve seen clients surprised at their level of unpreparedness when they thought they were doing all the right things,” says David Sia.

This is where the Essential 8 is so valuable. It provides a checklist of what needs to be done and verifies that it has been done. By utilising the Essential 8 checklist you can be confident your organisations IT Service Provider has met the standards of security your organisation needs.

In our article Improve your business’ online security with the pillars of the ACSC Essential Eight, we talk about the mitigation strategies to implement good security practices.

The Essential 8 also has three maturity levels, allowing you to increase protection step by step. Your organisation only needs the maturity level that matches your level of risk.

When we start working with a business to roll out the ACSC Essential 8, we do a lot of information gathering first. Then we go through the information provided, validate it, and assess it against the criteria,” says David.

It is important to regularly review your level of security. Techware recommends a security review every 12 months to check your organisation is still compliant.

How does Techware help?

If you lack the in-house IT resources to implement the Essential 8, the expertise of an experienced IT company like Techware is invaluable.

Techware will work with you to understand not only your vulnerabilities, but also your budget constraints. They can then implement the Essential 8 according to your priorities in the most cost-effective way using their proven methodology: identify, protect, detect, respond, and recover. This will ensure all your cyber security bases are covered.

The team at Techware has worked closely with our internal ICT team. They have assisted us by strengthening our security systems. Recently we have engaged Techware for Managed services, such was our trust and confidence in the team to manage our environment” – Nehme Tabet, ICT Manager Healthability

Security cannot be set and forget

Techware can help you implement the Essential 8 framework in your SMB or NFP. Our team are experts in cyber security, and we will work towards providing you the highest level of security, within your budget. Book in for one of our complimentary 30 min discovery calls. We will give you on the spot actionable advice from this call, to give you peace of mind on your organisation’s cybersecurity.