You’ve already ensured that Multi Factor Authentication is turned on for your Email Account, so don’t forget your Website (along with all other apps that you use for business). Your team does not log into another team member’s email. You have procedures in place for dealing with emails while a team member is away, or after they have left. Understand the key terms you need to know to be more secure with your Email. ASD has a great reference page on this topic. The UK Gov has a good page with examples of phishing emails that may be helpful. Don’t click on links from emails you are not expecting. If you are using Chrome, Google should spot a malicious website, but it’s the seemingly legit websites that can be tricky. Use some https://tddprojects.atlassian.net/wiki/pages/createpage.action?spaceKey=CYZ&title=URL%20Tips%20and%20Tricks&linkCreation=true&fromPageId=3011117160 to check the URL if it is something you are not quite sure about but really want to open.
| I have an email scanning tool linked to my main email account. I use Guardz, which is great, and cost effective. Bleach Cyber is another similar tool. Your email may have some built in settings to help reduce spam that gets to your inbox. Check with your Technical Advisor. Training for your team must include topics on best email practices. At a minimum, the ASD website has some great content. Cyber Wardens is a good program to enrol your team in, and my email scanning tool, Guarz, has cybersecurity awareness training built in. If you want to buy additional email training, there are some great options out there, Huntress, My Business, and Cyber Eclipse but remember, we don’t blame team members who click on links, we educate.
| You will have up to date, or automated patching of your email software. You will have a vulnerability scanner for your email (and other business systems software). Your Technical Adviser can suggest some advanced settings on your M365. (And no, the Australian Government’s Essential 8 does not give advice for any other platform than Microsoft 365, so talk to your Technical Advisor if you use Google Workspace. But Google has some documentation and here is an easy to read guide.
|
Who looks after your Website? Does it have the latest version of your website software (eg WordPress) Are all the plugins and themes updated to their latest version? Who checks this at least monthly? Who checks that the website up and working as intended. Who checks that the privacy policy on your website is accurate and reflects what your business does? Does your website have a login function for clients, or a shopping cart, or do you store client data? (if so, the scope of this document is not enough, so talk to your Technical Advisor). Does your website have other apps that link in to it? Like Email Marketing, a Booking System, or similar. These services are just as important as your website, so make sure your Technical Advisor knows about them and how everything works.
| Set up website scanning tool to monitor your website and ensure it is free from malware and other issues. I use https://sucuri.net/ but your website hosting provider may have it included also. Think about the difference between data and content. Data does not belong on your website. Data you collect should be removed as soon as practical after you have done something with it. Many forms tools have an auto delete function. Where is your website hosted? Does your hosting provider provide details of when their systems have last been updated and patched? Do you have a dedicated server? Do you know what the hosting company does for patching and updates, or do you have to look after some aspects of this yourself?
Do you have someone actively looking after your website, and ensuring it is regularly updated and all the plugins updated and working smoothly?
| If you are at this level, your website is most likely a key part of your service delivery, and |