Whether you’re a sole trader, small business or a large corporation, cyber security is becoming essential for everyone. However, once you’ve either employed or reskilled someone in cyber security in your organisation, what should you do next? Although a plan will need to be customised to suit your organisation’s needs, there are some basic steps that everyone can take to get started.

Training and awareness

There is no point having a cyber security specialist or indeed a cyber security plan in place if your employees are not educated on the topic. You could have the best technical defences in the world, but they are still fallible to human error. Whether it is unintentional or malicious, human actions are one of the biggest threats to your network. By educating and raising awareness in your employees, you will significantly reduce potential negligence and security violations.

Risk assessment

Risk assessments are also a great tool to utilize in understanding where you currently stand and where you need to go. By assessing what strengths your network already possesses, you will also be able to identify areas for improvement. Once you know this, you can allocate your resources more appropriately and ensure that your assets are secure. This free cyber security assessment tool created by the Department of Industry, Science, Energy and Resources is a great place to start until you have your own in house cyber security specialist.

Deter insider threats

As we mentioned earlier, insider threats (whether malicious or not), are one of the biggest threats you will need to deal with. To try and reduce the potential of an inside threat taking down your network you should:

• Ensure you enforce secure password storage and policies, which includes changing passwords regularly.
• Use the principle of least privilege, ensuring employees have the least amount of permissions necessary to perform their duties.
• Make sure your policies and procedures are thorough and up to date, aligning with current legislation.
• Pay attention to staff morale, because if your employees love working for you, they’ll be less likely to do something maliciously.

Backup data

Backing up data seems like a pretty silly thing to point out, because most of us would consider this to be common sense. However, despite knowing it, how many of us actually do it? By backing up your data, you’ll be ensuring that if you do experience a data breach, you won’t lose all your sensitive data. One of the most popular attacks, ransomware attacks, will compromise the integrity and availability of your data. So, by having your data already backed up, you’ll be able to stay one step ahead of your attackers.

We are yet to find any system, procedure or policy that is 100% fool-proof. There will always be workarounds and human error that will allow for cyber security breaches. However, that doesn’t mean we should just sit back and be relaxed about it. Your best chance to stay ahead of cyber criminals is to take every step possible to protect your assets. Although Google is a great tool and the above tips are a great starting point, the best thing you can do for your organisation is to employ its own cyber security specialist. By having someone on hand ready to tackle everyday troubles and be actively taking steps to prevent attacks, you will minimise your expenses and increase your security.

If you don’t know where to start looking for a cyber security specialist, look at your current employees. The Australian Government currently has multiple funding options for organisations looking to upskill or reskill their employees. You might find you have someone in your IT department who would take to cyber security like a fish to water, or perhaps there’s someone in administration who has some hidden talents that could be utilised. CTIA has pre-training review tool that can help you identify these people in your organisation. Once you’ve found them, you can put them through a course like our Cyber Security Analyst program. After they’ve completed the course, you will then have an in-house cyber security specialist and can take the next step in securing your virtual assets.