Australian organisations should be looking at their ICT security as part of their planning process for the new financial year - and making sure they have adequate ICT security measures in place for networks, data and devices for the next 12 months and beyond.
Adelaide-based cybersecurity consultancy firm CQR has provided a quick checklist to help businesses sort their security.
Check your cover
A new financial year is a good time to review your various insurance policies. Determining whether your organisation would benefit from cyber liability cover should be part of the process. This is a form of cover designed to help organisations mitigate the frequently significant costs associated with recovering from a cyber related attack or security breach.
A niche product just a short time ago, cyber insurance has gone mainstream, in the wake of a tsunami of businesses of all stripes shifting their operations online and embracing social media as a means of communicating with customers.
A reputable broker can provide you with information about your cyber liability insurance options and assist you to secure cover which is suited to the size and scale of your organisation.
It’s important to note that cyber liability insurance should not be regarded as an alternative to implementing robust cyber security measures. In fact, businesses may struggle to get cover if they’re unable to demonstrate that they have reasonable measures in place. These may include implementing appropriate software tools, updating them regularly and training staff to reduce the likelihood of internal security breaches occurring.
Ramp up security education and training
Prevention is better than cure. When it comes to warding off cyber infiltrations and privacy breaches, ongoing education is the most effective pre-emptive action you can take.
Now is a good time to put a training program in place to educate staff about day-to-day security practices that can help keep company and customer data out of the wrong hands.
Ensuring security awareness is ingrained in every employee takes time and training will only be effective if it’s a regular occurrence, not a one-off initiative or an afterthought to the induction process for new starters.
Understand your privacy reporting responsibilities
Experts estimate thousands of serious data breaches occur each month. There are stiff penalties for Australian businesses which fail to inform customers and the Office of the Information Commissioner if they experience or suspect one.
A serious data breach is any situation where personal information is compromised – think customer names, contact details or personal records. Penalties for not reporting breaches within 30 days can be as high as $1.8 million for serious or repeat offenders.
Keep data safe in the cloud
If your business hasn’t moved some or all of its ICT activity to the cloud, it’s likely you’re assessing the business case for doing so and finding it a compelling one. Addressing data security implications is a vital part of this process. Having experts evaluate your technology, people and processes can help ensure applications are migrated smoothly and safely.
While it’s not technically an IT risk, invoice fraud is a broader security issue. End of financial year is the peak season for it, as businesses look to close off their accounts and square up with suppliers, and experts say this year has seen an unprecedented level of activity.
Ensuring your account payable process is robust and you have checks in place to identify rogue invoices is a sensible addendum to your end-of-financial-year cyber security review.
Sometimes the toughest thing about implementing a cyber-security strategy can be getting started. Start by acknowledging that cyber-security isn’t just an IT problem – it’s an enterprise-wide matter.
Staff from across the organisation will be the strongest line of defence in your campaign to protect company and customer data from privacy breaches and malicious activity.
Input from employees in the finance, human resources and executive teams can help identify areas within the business which are especially vulnerable while a security audit by an external consultancy may flag any risks or gaps you’ve missed.
Source: IT Brief