What is Cyber Security?
Cyber Security is the practice of protecting systems, networks, and programs from digital attacks.
These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
Common methods you might have heard of include viruses, trojan horses, malware, phishing emails and credit card fraud.
There are three key pillars of Cyber Security:
- People – every employee needs to play their part
- Processes – clearly defined rules and proedures to protect the business
- Technology – things like anti-virus and password protection
Who can use this template?
- All types of business
- Any business which uses the internet – for email, banking, running a website or other activities
- You want to protect your business from online attacks and breaches
- You want to inform employees or contractors about how to handle sensitive information and infrastructure
- You want to improve security in your business
What is a Cyber Security Policy?
A Cyber Security Policy sets out guidelines to protect the security of technology and information assets in your business.
Our Cyber Security Policy template includes rules and processes your employees should follow.
Some of the issues the policy covers are:
🔹 the type of business information that can be shared and where
🔹 acceptable use of devices and online materials
🔹 handling and storage of sensitive material.
🔹 rules and controls for protecting your business
Do I need a Cyber Security Policy?
Yes, it’s important to create a cyber security policy for your business – particularly if you have employees.
Cyber crime is on the rise in Australia and small businesses are not immune!
According to a 2016 report by cybersecurity firm Symantec, 43% of cyber-attacks are targeted against small businesses.
Businesses who don’t have a cyber security policy in place could be leaving themselves open to attacks and legal issues.
What does the Cyber Security Policy template cover?
Our Cyber Security Policy template covers:
- Your responsibilities – responsibility of each team member to follow the guidelines
- Anti-Virus Software – use and installation of anti-virus
- Password policy – password protocol, changing passwords, sharing passwords etc
- Email filtering and web traffic filtering – description of any email filtering or web traffic filtering
- Bank account and payment details – recommend confirming bank details with suppliers by phone before payment
- Two-factor authentication – any programs that need two-factor authentication
- Removeable Hardware – rules around using removable hardware (eg. USB drives) for storing and sharing information
- Office Wireless Network and Public WiFi – access to networks and rules around using public/private WiFi
- Backup – protocols for backing up company information
- Disaster Recovery Plan – details of key resources, software and contact details, recovery procedures and arrangements
- Data Breach Plan – checklist of things to do in the event of a data breach
- Training and awareness– onboarding and cyber security training for team members
- Cyber Insurance – details of any cyber insurance cover taken out by the business
- Cyber Risk Assessment – annual review and risk assessment by the cyber security officer
How do I use a Cyber Security Policy?
We recommend that you complete the following:
- Complete our Cyber Security Policy template for your business, including all of the rules you want to set
- Conduct a regular audit of cyber security in your business
- Provide the Cyber Security Policy to all employees and require them to sign off on it
- Complete regular training and send reminders to all staff about their obligations
- Check your insurance policy to make sure it covers cyber crime.
The Australian government has a website called Stay Smart Online which has some great tips on cyber security too.
How often should we update our Cyber Security Policy?
We recommend that you complete an audit annually to update your cyber security policy and procedures.
What are the different types of cyber security threats?
There are a number of different types of cyber security threats:
- Phishing – sending fraudulent emails that resemble emails from reputable sources. This is the most common type of cyber attack. The goal is usually to steal sensitive information like credit cards and login information.
- Ransomware – malicious software which is designed to exort money by blocking access to files or the computer network until the ransom is paid
- Malware – type of software designed to gain unauthorized access or to cause damage to a computer.
- Social Engineering – a tactic where hackers trick you into revealing sensitive information. They can solicit a monetary payment or gain access to your confidential data. Social engineering can be combined with any of the threats listed above to make you more likely to click on links, download malware, or trust a malicious source.