Creating a Culture of Cybersecurity in your Business

Cyber security has never been more important for Australian businesses. With the increase in threats and attacks, creating a culture of cybersecurity within your business and team is essential.

People are your first line of defense against threats and cyber-attacks. They are the ones using the technology, browsing the web, opening emails and attachments, and transferring money. If staff don’t have a good understanding of cybersecurity and how to protect themselves, then your business will suffer and no amount of technology and controls will be able to overcome the issue.

Establishing a comprehensive cybersecurity policy is a great start. The policy should outline things such as acceptable use of company technology and services, password requirements for complexity and storage, and data protection guidelines. Data protection guidelines include educating employees on how to protect sensitive company data. This includes how to securely share documents, for example via password protected links and encrypted emails.

Training and awareness programs help to train staff in topics such as password security, phishing attacks, safe browsing habits and mobile device security. Train and provide examples to your staff on how to identify and avoid emails with suspicious links or attachments and emails that have come from a spoofed sender trying to trick your staff (A sender using an email address they are not authorized to).

Encourage staff to set strong passwords. In systems that let you set password requirements, set strong requirements that include upper and lower case, numeric and special characters. Systems such as Active Directory and Microsoft 365 will allow you to do this. Set an overall company policy in which password requirements are outlined for staff to follow.

Ensuring staff have a thorough understanding of cybersecurity is an excellent starting point to ensure cyber safety at your business. You can complement this with a range of hardware and software security measures. These can include ensuring you have an up to date Antivirus/Anti-malware/Anti-ransomware solution on all computers and servers, a secure and up to date firewall and VPN solution, and regular patching and updating of all systems.

Mobile device security for devices such as laptops and mobile phones is also paramount. You must ensure devices that have access to company documents and emails are secure. Requirements can include setting a passcode or using biometrics to lock devices with company access, avoiding public Wi-Fi to access company resources and keeping devices and operating systems up to date. On devices such as windows laptops, enabling full disk encryption with Bitlocker will ensure that files cannot be taken if the device is lost.

It is also important to foster a culture of reporting in your business, if a staff member is unsure or sees something that doesn’t look right, you want them to report it straight away. The sooner it is investigated and resolved the less risk it poses. This could be to your Managed service provider such as FordhamIT or someone internally. They will be able to investigate the issue and determine if it poses a threat.

A combination of staff training and awareness and the right IT technology and policies will help cement a culture of cyber security in your business. It is important to regularly update and re assess your cybersecurity policies and procedures. This will keep your business and staff confident in their ability to detect and prevent cyber threats in your business. Managed service providers such as FordhamIT can assist in helping staff understand the risks and work with them to gain confidence. As well as provide a secure overall and ongoing baseline for your IT systems and devices.