I recently passed three workers perched on a roof wearing harnesses – that were NOT attached to anything. Every business owner would immediately ‘get’ the possibilities of this scenario, but could the same be said for the cyber security risks?
Australia has seen a 600% increase in cyber security attacks since COVID-19. According to the Australian Institute of Company Directors Sentiment Index, cyber security is the number one issue keeping Australian directors up at night. It affects business continuity, resilience, market participation and reputation management.
Historically, cyber security has been seen as an IT issue, today it is everybody’s business, and is a multifaceted workplace safety challenge that requires a comprehensive approach that includes strong governance, risk management and a Cyber Fit Culture.
Recent high-profile breaches such as Optus and QUT were not caused by sophisticated attacks. Rather, they were the result of a perfect storm of systematic failures in governance, information management and people.
If you want to protect your business and reputation, preserve customer trust and be able to demonstrate due diligence and fiduciary responsibility, you need to be Cyber Fit.
LET’S LOOK AT THREE AREAS WHERE YOU WILL GET THE BIGGEST BANG FOR YOUR BUCK
1. Governance – Where does cyber security sit in your board discussions?
Cyber Fit Culture starts at the top. There needs to be as much attention on cyber security as there is on finances and workplace health and safety. Things to consider include but are not limited to setting the cyber risk appetite, reviewing optimal skills matrices, allocating budget, establishing reporting and KPI requirements, identifying scope and context for information security management systems and defining roles and accountabilities.
2. Policies – Do all policies contain cyber security element?
Cyber security does not sit to the side of business, it is horizontal across every single element of your business. Policies need to be contextual, and data driven to be effective. Things to consider include but are not limited to identifying and analysing assets and information, compliance requirements and risks. Understanding and data drives robust policies and to guide for example how data is handled, secured, and accessed as well as how incidents will be responded to and what regular assessments will be done to assess effectiveness of controls.
3. Culture- Is everyone in the organisation cyber fit?
A company’s culture is critical to protecting against cyber threats. A strong culture of cyber security can help to create a sense of shared responsibility and ownership for protecting data and systems and can foster a culture of vigilance and awareness. While technology and policies can help to mitigate risk, it is ultimately up to individual employees to put those policies into practice. This requires a workforce that is trained, informed, and engaged in the company’s cyber security efforts, with a culture of openness and clear channels of communication.
Visit cybersense.au for more information.
CLICK HERE to read other Guest Articles submitted to BDmag.
