Cyber Security is nothing more complex than providing protection for the Information that your business needs to operate. In the following xx blog articles, we will explore the basics of protecting your business data from theft, destruction and alteration - and no, none of this requires the installation of thousands of dollars of complex hardware!
Part 1 - Know your business!
There are some great resources available through organisations such as the Australian Cyber Security Centre which deal with HOW to protect yourself and what particular threats look like - however, none of this has much relevance if you don't firstly understand WHAT a "threat actor" (bad person looking to steal something) is actually looking for. To answer this question, you truly need to understand your business from an INFORMATION perspective.
Key in this information perspective is known WHAT information is gathered (from clients, prospects, suppliers, partners, employees, etc), WHERE it is stored (Spreadsheets, databases, online applications, paper records in the bottom drawer) and WHO has access to this information.
If the answer to the above is a long drawn in breath followed by some form of expletive based rant of "how would I know", then the assumption would be that you are at an above average risk of enduring a Cyber event of some form in the near future - drop us a line, we CAN help you find where everything is!
Now that you have a list (don't panic if it is incomplete - it's a starting point), it's a matter of assessing EACH type of information for its relative value - not only from the perspective of your business, but also from the provider of said data.
This is like putting together a list of valuables in your house so you can work out where to store them securely.
Part 2 - Storage and access controls
Part 3 - Transmission and sharing
Part 4 - Auditing and Reporting
Part 5 - Response and Contingency