Maintaining cyber security during global unrest

In 2022, organisations universally rely on digital connection to operate. But, this very connection can leave us vulnerable to sinister cyber attacks during international upheaval, writes David Spriggs.

The current Russia-Ukraine conflict has created a considerably higher risk of cyber security attacks globally, and Australia is far from immune to this threat. Given the war’s dynamic nature, it’s important to be abreast of escalated risk levels in Australia.

Ensuring your organisation’s ability to withstand a cyber-breach has never been more important. While the Australian Cyber Security Centre is currently unaware of any immediate threat to Australian organisations, they have urged the country’s businesses and organisations to review and enhance cyber security protocols.

There are ramifications for all manner of organisations: have you considered the potential impact on yours? 

As a cyber security manager – or the staff member responsible for protecting organisational systems and data – where do you begin?

1. Assess the health of your current cyber security protocols.

The goal here can be “risk mitigation” as opposed to “risk elimination”– and it needn’t be overwhelming. 

First, assess current protocols, and then, determine where you need to be. Consider the following points to help you do that:

1. Mitigation controls – Take time to learn about the “essential eight” areas of cyber security risk mitigation. The Australian Cyber Security Centre developed these eight mitigation controls, and they provide an excellent overview of strategies to secure your IT systems and information.
2. Security policies – Do you have a cyber security policy that outlines your staff expectations? 
3. Information classification and security – How are you storing sensitive data? Who within your organisation has access to it? Does your staff understand how and where to securely store data?
4. Device management – Are all company devices such as laptops and phones secure? Are their anti-virus
   and firewall protections up-to-date and regularly monitored?
5. Network threat detection – How does your organisation monitor data breaches or network security threats?
6. User education
   Do you train your regular staff about cyber security awareness training? Do they understand the importance of complying with security policies and protocols?

If you’re keen to dive a little deeper, the Digital Transformation Hub has a straightforward cyber security health checklist that allows users to answer questions on the above areas and will provide recommendations on how your organisation can improve cyber security protocols. 

2. Multi-factor authentication is essential

According to Microsoft, over 99 per cent of cyber security breaches can be prevented by having multi-factor authentication in place.

Enabling multi-factor authentication dramatically reduces the risk of data breaches: it’s one of the easiest aspects of a cyber security health check.

If you need assistance creating multi-factor authentication across particular platforms, check out the Australian Cyber Security Centre’s handy guide. Read our blog post for more on why multi-factor authentication is a vital priority. 

3. Staff and the security mindset

Staff unfamiliar with cyber security measures may make innocent mistakes, and risk compromising your organisation’s data.

Take the time to educate employees about the nature of sensitive information, and why correct storage is so important.

Phishing is one of the most common methods employed by unfriendly parties to extract private information. A strong way to educate staff is to provide examples of online red flags. What are some typical characteristics of malicious emails used in a phishing attack? 

Other points to educate your employees on include:

1. Choosing a strong, secure password.
2. Spotting scams or phishing-style emails, with suspect links or attachments.
3. Making staff aware that reputable organisations or businesses will never ask for personal or financial information via email. Encourage staff to question any email that doesn’t look or feel right.
4. Where sensitive information is stored, and how. 
5. Providing clear steps to secure devices.
6. What to do in the event of a suspected or actual security incident, or data breach.
   

Webinars available on the Digital Transformation Hub provide practical, in-depth training, and are  recommended. In February, Connecting Up and PwC delivered a free webinar on cyber security threats, with a particular focus on the not-for-profit sector. You can access a recording of this webinar here.

There is also an upcoming Cyber security 101 free webinar on Wednesday 20 April 2022 from 1.00pm-1.30pm, which is designed for those who consider themselves relative beginners in the space. It’s a fantastic way to give your staff a crash-course in cyber security fundamentals.

4. Prioritise cyber security governance

The entire organisation needs to embrace cyber security, but it’s crucial that your executive leadership team is across the fundamentals, and understand why this area is so important.

If you rely solely on an IT team, or one isolated individual, to completely own and manage
cyber security practices, you may risk losing the organisation’s grasp of the area’s importance. 

The leadership team must lay good foundations, embrace cyber security and data protection protocols, and lead by example.

Learn more about cyber security governance and best practice

5. Monitor current threats

The war in Ukraine is a strong example of global upheaval creating considerable uncertainty. Setting up Google Alerts with keywords and phrases related to cyber security in Australia will help stay you abreast of the latest developments and news. Examples may include “Ukraine phishing attack” or “data breach”. 

A daily scan of reputable news sources, to gain information on potential cyber-security concerns in Australia is strongly recommended. A good place to start is the Australian Cyber Security Centre, you can set up alerts and remain across any concerning developments.

If you have any particular questions or concerns regarding cyber security, you can always schedule a free session with one of our digital transformation hub experts, who can assess your situation and provide you with recommendations tailored to your organisation.