1. Guides
  2. Cyber Security
  3. Achieving intermediate cyber security

Achieving intermediate cyber security

How to plan for and implement a road map to intermediate-level protection from cyber attacks.
Achieving intermediate level cyber security

Keeping your information safe from cyber security threats can be complex, with new threats and new solutions emerging all the time. For many organisations, working with a good IT support provider is one of the best ways to make sure your computers and website are safe.

Achieving intermediate-level cyber security should be a key target for every not-for-profit. Assessing your security against the Australian Cyber Security Agency’s Essential 8 mitigation controls will tell you where your organisation is along the road to being protected.

In broad terms, intermediate cyber security protection can be broken down into four main areas:

Information classification & security

  • Classifying stored information into security categories (e.g. sensitive, confidential, public)
  • Defining systems and repositories that can be used for each information category
  • Educating staff about how and where to securely store different data types

User device management

  • Appropriate firewall and antivirus protection (see Network threat detection & alerting, below)
  • Secure encryption and password protection of all user devices (PCs, laptops, phones and tablets)
  • Capacity to remotely wipe sensitive data.

Network threat detection & alerting

Protecting your organisation’s network generally needs to be done by an experienced IT professional. One of the key ways you can add an extra layer of security to your network is to use a firewall. Firewalls can act as a gatekeeper between the internet and your network or computer.

Many broadband routers will have a firewall built-in with basic settings available to get started quickly. Individual computers may also have firewalls installed as software or operating system.

Depending on your security needs, you may want to purchase more robust firewalls or be more stringent in the settings available to you in any existing firewalls you may already have.

  • Centrally managed network firewalls with monitored alerting during business hours, with antivirus and intrusion protection features
  • Custom email phishing rules provide additional protections for key staff such as your CEO and CFO
  • Automatic action triggers for suspicious account activity

Policies, user education & compliance

  • Key security policies are activated, covering acceptable use of technology and cyber security incident response 
  • These same security policies are effectively covered in the staff induction process
  • Bi-annual phishing and network penetration tests are conducted to identify any weaknesses
  • Security risks are identified, prioritised and actioned appropriately. 

Rate this guide

Average: 4 (3 votes)

Status message

Thanks for rating this guide.

CAPTCHA

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Related posts

Information Security policy for not-for-profits
Guide
Intermediate
Information Security policy for not-for-profits
To define and formally document your cyber security practices and processes, you can download and customise this template for your not-for-profit.
End user security policy template
Guide
Intermediate
DIY end user security policy
Download a high quality end user security policy template that you can adapt to your organisation's needs.
Privacy guidelines for not-for-profit organisations
Guide
Intermediate
Privacy guidelines for not-for-profits
Download these privacy guidelines for detailed advice on how to protect your organisation's data.
Achieving best-practice cyber security governance
Guide
Intermediate
Best-practice cyber security governance
An overview of how to incorporate cyber security policies and governance into your organisational processes.