Welcome to the second article in the five-part series on Cybersecurity 2021. ICYMI (in case you missed it) here is the link to the first article - Five signs that your organisation is at high risk of cyberattack - in the series.
A targeted cyberattack happens every 39 seconds on average. While it is easy to think it will never happen to your organisation, with around 164 cybercrime reports per day in Australia, or one every 10 minutes, it is a matter of when, not if, your organisation will become a victim.
Reading through the latest ransomware report provided by Datto and collated from 200+ Managed Services Providers across Australia and New Zealand, I grew concerned about how Australian Small-Medium Businesses may be thinking about the growing threat landscape.
As a Director on the Subnet board, I find that my business partner and I debate and discuss many things including our staff, our customers and the things that impact us driven by the world around us.
Sometimes the decisions we make are based on clear paths, legislative changes imposed on us by the government, changes to the industry imposed by shifts in the market or even changes in the competitive landscape. Unfortunately, in many cases, the choices aren't clear, and it takes a robust discussion and working with third parties to highlight the right path.
I find that cybersecurity is falling more into the unclear direction bucket, partially because of the breadth of the issue and partly due to the ever-changing risks associated with it.
In talking to our customers, we often find they are in the same boat; some see the problem as an insurance piece where they can pay a fixed amount per month to pass on the risk. Unfortunately, this has proven not to be a great approach - as some insurers are classing cyber-threats as 'acts of war' which negates any compensation.
Most boards that I have discussed CyberSecurity concerns with have an understanding that something needs to happen, but many have limited depth of knowledge on the issue, thus how to combat the breadth of the issues becomes the problem.
In Subnet's case, we chose to take the following approach to cybersecurity:
1. Upgraded our perimeter - while we understand that a firewall box doesn't fix security, it was the low hanging fruit to kick off the journey. In our case, we landed on a Fortinet appliance that scans and detects threats coming into our network.
2. Create and Implement a Security Policy - this is not an 'Acceptable Computer Use' policy that we commonly see still in place at customer's sites. Instead, it is an in-depth security policy that defines:
- what happens if a device is breached or an end-user leaks information,
- what settings are in place on our infrastructure to protect us,
- what data/hardware/software is allowed within our environment,
- how we manage our data,
- how we provide ongoing training our end users,
- how we interact with third parties, and how they could impact us.
Once completed, we had it reviewed and critiqued by a third-party to ensure we hadn't missed a threat vector or any gaps in our thoughts, and finally,
3. Create a Security Working Group - we understand that security is a journey and not a destination. That's why we have a working group that meets fortnightly to discuss issues and implement changes as we see them surface in the landscape.
If you want to talk more about how Subnet implemented our policies over a coffee, or how Subnet's Consulting team can help implement yours or speak to your board about the real risks, please reach out.
Transitioning to the cloud can be a great move for your not-for-profit organisation.
You will have more control over your usage and costs, and the flexibility to scale as required. The cloud also enables more effective collaboration between your team, brings efficiencies to your processes, and can reduce the time your IT department spends on maintenance.
With so many organisations adopting the cloud, it may no longer seem a question of if, but when you will follow suit. However, depending on the work you do, sticking with your traditional infrastructure might be the best solution.
Here we’ll share 10 important points to consider to ensure a successful cloud transition for your not-for-profit.
From February 2018, the Notifiable Data Breach (NDB) scheme comes into effect.
For businesses with an annual turnover of $3 million, this means strict new reporting requirements if a serious data breach occurs. Failure to comply can result in hefty fines, for both the organisation, and the individuals involved.
If the new mandatory disclosure laws affect your business, it’s important you fully understand your responsibilities and take steps now to ensure your sensitive data is secure.
Here, we’ll share the key points of the new legislation and provide some tips to help you make sure your organisation has the right security measures in place to minimise the risk of a data breach.
As the number of cyber attacks around the world continues to grow, organisations of all sizes, including not-for-profits, are faced with a very real threat. So, how prepared are you? According to the ASX 100 Cyber Health Report, over 80% of Australia’s biggest businesses expect cyber risk to increase in the short term. While the majority of large companies have security strategies in place, there are still many smaller organisations who are yet to take the necessary steps to minimise their risk.
Unfortunately, many not-for-profits are among those that are under-prepared. The good news is that you don’t need big budgets and endless resources to tackle cyber security. There are plenty of simple and affordable steps you can take right now to protect your organisation.
Here are 7 top security tips that will minimise your risk today.