ACSC: Keeping Australian Organisations Secure This Cybersecurity Awareness Month
Table Of Contents:
As part of global cybersecurity awareness month, the Australian Cyber Security Centre (ACSC) has created a bank of tips, advice, and tools to enable individuals and organisations to improve their information and privacy security practices.
The ACSC is Australia’s national cyber security agency and provides strategic leadership for developing and implementing Australia’s cyber security strategy.
Why Should Organisations Care About Cybersecurity?
Head of the ACSC, Abigail Bradshaw, has outlined their focus on capability uplift for cybersecurity practices within organisations to deliver on the aim to make “Australia one of the safest places to do business.”
This, along with the growing regulatory, financial, and reputational risks to organisations should they fall victim to a cyber breach or incident, means implementing good cybersecurity practices at all levels of a business should be a key priority.
Good Cybersecurity Practices Start With Your People
An organisation’s staff is the first line of defence for many of the routes cyber criminals will attempt to gain access to company systems, data, and information. Therefore, ensuring your staff is equipped with the necessary training and tools to spot these approaches can be one of the most effective ways an organisation can manage its risk.
To address some of the common themes facing organisations, the ACSC created their ‘Have you been hacked?’ tool, which they launched as part of cybersecurity awareness month.
The tool aims to help users assess if they’ve been hacked by guiding them through various scenarios that will advise how to best respond to the situation.
Scenarios include:
- Ransomware attacks
- Malware threats
- Email compromise and identify theft
- Phishing
- Fake website scams
The tool includes typical warning signs, scenario explanations, and easy-to-follow steps to remediate the situation.
How to Implement Effective Cybersecurity Processes
The ACSC also focuses on another valuable tool for any organisation looking to ensure a robust security culture, an information security policy.
Creating a strong information security policy not only sets the tone for your organisation by defining the culture, values, and processes, but it is also essential to achieving ongoing compliance with industry regulations.
To be effective and encourage users to work within your desired processes, any policy should:
- Be clear, concise, and written in non-technical language with the end user audience in mind
- Have regular reviews and be updated as regulations, compliance requirements, and threats change
- Be readily available and regularly referred to within the organisation
Many frameworks exist to help organisations create effective processes for cybersecurity in the workplace, such as Australia’s Essential 8, ISO/IEC 27001 standards for information security management systems, which are increasingly being made mandatory in many states and the Information System Manual (ISM).
Technology’s Role In Effective Cybersecurity
Creating awareness around good cybersecurity behaviours and ensuring you have transparent processes and policies in place is one part of the puzzle for organisations. The other is having the right technology.
The right systems and technology will help create the solid foundation any organisation needs to ensure cybersecurity is at the heart of everything they do on an ongoing basis. The ACSC outline some of these in their toolkit, such as:
- Multi-factor authentication
- Password managers
- System backups
A robust information security management system can also be invaluable here, enabling you to operate, maintain, and improve your cyber, information, and privacy security practices in one place and ensure ongoing compliance, transparency, and effectiveness.
Where Can You Find More Information?
The ACSC tool kit and further information around specific frameworks, policies, and technology have been linked to throughout this article and can also be found via their website: www.cyber.gov.au
If you would like to find out more about ISMS.online or ISO 27001; there are plenty of resources available on our website: www.isms.online