If you’re starting from or near scratch, cyber security can seem daunting. But if we think of it as risk management rather than risk elimination, there are some effective first steps that can greatly reduce your exposure to breaches.
So what are the most basic, fundamental security measures to get your organisation to a minimum standard of adequate protection?
Step 1: Multi-factor authentication for each of your core systems
- 99.9% of attacks can be blocked with multi-factor authentication
- Most data breaches involve weak, default or stolen passwords
- 73% of passwords are duplicates
- 81% of breaches are caused by credential theft.
Enabling multi-factor authentication dramatically reduces your cyber security risk and should be completed quickly to minimise the potential for data breaches.
Step 2: User education
If staff don’t know what they should be doing, they’re more likely to make innocent mistakes. Without staff training, email can be a point of vulnerability. Phishing continues to be the most common and highly effective means by which information is compromised. If something looks wrong, staff should feel encouraged to call it out rather than ignore it. Read more.
Step 3: Essential Eight
As the old saying goes, an ounce of prevention is worth a pound of cure. To help organisations big and small, the Australian Cyber Security Centre has developed a customisable list of mitigation strategies to help protect against a range of risks, the Essential Eight. The ACSC website offers advice and resources for small and medium-sized entities, including a range of step-by-step guides to setting up basic protections and a small business cyber security guide.
Step 4: Make cyber security risk management and governance a priority
An organisation’s defence is as strong as its weakest link. That’s why cyber security is an issue for the whole organisation to own, starting with the executive team. If left just to the IT team, others can lose awareness of what they should and shouldn’t be doing and clicking – which is why laying good foundations always beats simply throwing money at the IT budget. As well as developing appropriate policies and guidelines, your organisation may find value in an independent security review or intrusion test of your environment. Our top cyber security governance recommendations can be found here.