As technology opens doors for increased efficiency, connectivity and sharing, it opens our work and home to cyber risk. The controls we implement to address these cyber risks are often referred as cyber security. Here are some tips for staying secure:
Know your risks
Understand where valuable information is stored and processed. What are the critical systems we want to protect? What threats are other similar entities seeing? How about implementing an Information Security Management System (ISMS)? Through an ISMS, entities can use a risk-based approach to implement policies, practices and control activities to protect critical information assets. From 1 October 2018, Queensland government agencies must work towards implementing and operating an ISMS according to the international standard ISO 27001[1].
Be security aware
You play a key role in the security of your personal information and that of your organisation. Each employee is key in mitigating cyber risks. Some things you can do are:
- Choose a secure password—easily guessed passwords are easily cracked. In December 2017 data security experts found a database on the dark web containing 1.4 billion clear text credentials! The top three passwords? ‘123456’, ‘123456789’ and ‘querty’. The Office of the Auditor-General Western Australia made similar findings in its report[2] released last month, with ‘Password123’ the most-used weak password. It is much more secure to choose a passphrase that incorporates multiple random words, numbers and special characters.
- Don’t click on suspicious emails— beware of phishing emails. If it sounds too good to be true, it usually is. Add these to spam filters and report them to your IT department. Make sure that your IT team has implemented countermeasures for phishing emails.
- Keep up to date with the latest threats—subscribe to the Queensland Government Chief Information Office’s weekly cyber security bulletin and/or the Australian government’s Stay Smart Online alert service[3]
Plan your response
Unfortunately, it is not case of if you are attacked, but when. Targeted attacks on Australian organisations have increased by 80 per cent[4] in 2018. Most organisations plan for business continuity and recovery in the event of a natural disaster. Have you planned for how you will recover from a cyber incident that may have wide-scale sustained information technology breach and may result in multiple system failures? How will you recognise attacks against critical systems? Perhaps, the business continuity and disaster recovery plans need to be re-visited in light of cyber risks!
[1] https://www.qgcio.qld.gov.au/documents/information-security-policy
[2] https://audit.wa.gov.au/reports-and-publications/reports/information-systems-audit-report-2018/
[3] https://www.staysmartonline.gov.au/alert-service
[4] https://www.accenture.com/au-en/insights/security/2018-state-of-cyber-resilience-index