Versions Compared

Old Version 8

changes.mady.by.user Jodie Miners

Saved on

compared with

New Version 9

changes.mady.by.user Jodie Miners

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

(If you have a server, or do custom software development, read ahead, and there will be more for you to do than is mentioned here).

There are three sectionslevels, each building on the section level before:

  • Easy Mode - you don’t have a cybersecurity plan in place, and you and your team don’t know much about cybersecurity, but you want to sleep better at night.

  • Get it Done - you just need to get better and more rigorous at doing cybersecurity in your business.

  • The Journey - your business has some cybersecurity in place and is on the way to becoming certified by an external audit program like ISO27001.

...

Easy Mode

Get it Done

The Journey

Just as you have had to check what you didn’t understand and ask for help, start this process with your team also.

https://www.cyber.gov.au/learn-basics

  • No question is too silly,

  • No one will be penalised for asking a question about something that looks strange,

  • Let the team know that you are all together embarking on a journey to get the business better at cybersecurity.

  • Talk about what ideas they have, and what areas they see as needing improvement.

  • Come to an agreement on some baseline rules:

    • No more hidden data - eg spinning up a spreadsheet and then maintaining it weekly forevermore.

    • No more signing up to a new online service without approval.

    • No more emailing documents and spreadsheets to anyone, including another team member.

    • No more taking data home on USB sticks.

  • Take the Quiz, share the results with the team, and talk through the answers.

  • Talk them through the next steps.

    • Passwords

    • Access Control

    • Application Control

  • When they groan, and complain, remind them what you discovered in Step 0 - how does getting better at cybersecurity fit with your business values?

You may want a few key team members to become “cyber wardens” but take the course yourself first. Be aware that this is not everything you need to know, and it can be a bit too simplistic at times.

Talk to your IT specialist about what cybersecurity training they recommend.

Never recommend training that shows your team as the “weakest link” or the “first line of defence” or any other scare tactics. It’s your job to get your business to a position that a team member clicking on a link does not grind your business to a halt.

Training must also include Data Privacy and your obligations under the Privacy Act.

Cybersecurity training is a core part of your business.

Your team has cybersecurity training as one of their measurable points.

You may have cybersecurity training included as part of some of the software you have already.

But just watching a few videos per year, or watching a video if you happened to click on a phishing test that your IT provider sent out, is not enough.

Cybersecurity and data privacy is a key part of business as usual for you and your team, and it is a key part of your business values, and therefore you are helping your suppliers and customers with their cybersecurity challenges also.

Step 4 - Email and Websites

Easy Mode

Get it Done

The Journey

  • You’ve already ensured that Multi Factor Authentication is turned on for your Email Account, so don’t forget your Website (along with all other apps that you use for business).