Cyber security and the process of where to start reviewing it can be overwhelming for business owners who don’t have in-house expertise. Fortunately, there are some excellent, free resources available on-line. Here’s a round-up of some of them.
Get informed, be prepared
eLearning. Having yourself and staff aware of the risks, what to look out for and how to deal with cyber threats is a critical part of defence. Many cyber threats require a user to perform an action such as clicking on a link to a malicious website or opening a malicious attachment. eLearning is always available, can be run as part of an on-boarding process, repeated at a frequency that suits the business and doesn’t need to be delivered at a specific time and place by a person. Check out the free eLearning modules from CommBank and EdApp at https://www.commbank.com.au/support/security/how-to-protect-your-business.html.
Read up and implement
Small Business Guide – Protect your business in 5 minutes. Published by Stay Smart Online, part of the Australian Cyber Security Centre, the guide contains a list of common cyber threats, five key areas of your business to pay attention to, plus a comprehensive section on ensuring your website is secure. The guide is an easy read but with important action points to review and implement. [Download]
Security Awareness Implementation Guide. This guide provides tips for businesses ranging in size and at varying stages of developing information awareness and security programs. From businesses with limited budgets to those looking for more advanced actions, this guide supplements and goes a few steps further than the Small Business Guide. [Download]
Strategies to Mitigate Cyber Security Incidents. Developed by the Australian Cyber Security Centre, this prioritised list of 37 mitigation strategies is designed to assist organisations in protecting their systems against a range of adversaries. The mitigation strategies are technically a lot more difficult to implement, but the advice is free of charge. See https://www.cyber.gov.au/publications/strategies-to-mitigate-cyber-security-incidents for more information.
Measure-up and continually improve
Essential Eight Maturity Model. The Essential Eight Maturity Model is derived from the Strategies to Mitigate Cyber Security Incidents. As the name suggests, the maturity model consists of the eight most effective mitigation strategies. Assessing your business’s cyber security maturity against the Essential Eight allows you to develop a clear plan to uplift your capability maturity. Implementing the Essential Eight pro-actively can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident. Visit https://www.cyber.gov.au/publications/essential-eight-maturity-model for an overview of the model and login to the Assessity capability maturity assessment tool to self-assess and develop your uplift plan.
Get professional assistance
Cyber security experts. Nothing can really replace getting a professional cyber security expert in. Whether as paid staff or on a consultancy basis, cyber security experts are fully immersed in the cyber landscape. A professional will be able to identify the weaknesses in your organisation’s defences and prioritise them accordingly.