Cyber Security Small Business Guide

Cybersecurity planning is the process of identifying, assessing, and mitigating risks to an organisation’s data, systems, and networks.

This process typically involves identifying potential threats, assessing the vulnerabilities of the organisation’s systems and networks, and implementing measures to prevent or mitigate the effects of attacks.

This can include things like installing firewalls, implementing strong password policies, and training employees on how to identify and avoid potential security threats.

Ultimately, the goal of cybersecurity planning is to protect an organisation’s data, systems, and networks from data breach, unauthorized access, damage, or destruction.

62% OF SMALL BUSINESSES HAVE EXPERIENCED A CYBER SECURITY INCIDENT

(Australian Cyber Security Centre 2020)

HOW SAFE IS YOUR BUSINESS?

Find out how to protect your business from cyber attack.

For more information contact eResources Business Systems
1300 612 094

Step 1: IDENTIFY

Identify potential threats & vulnerabilities:

The first step in cybersecurity planning is to identify the potential threats & vulnerabilities that could affect the organisation’s data, systems, and networks. This can include things like malware, phishing attacks, ransomware, insider threats & bring your own devices (BYOD).

Step 2: ASSESS

Assess the organisation’s current security measures:

Once potential threats & vulnerabilities have been identified, the next step is to assess the organisation’s current security measures to determine how effective they are at preventing or mitigating attacks. This can include things like firewalls, intrusion detection systems, & security policies.

Step 3: DEVELOP

Develop a plan to mitigate identified risks:

After identifying potential threats & vulnerabilities & assessing the organisation’s current security measures, the next step is to develop a plan to mitigate the identified risks. This plan should include specific measures that will be implemented to prevent or mitigate attacks, such as installing firewalls, implementing strong password policies, & training employees on how to identify & avoid potential security threats.

Step 4: IMPLEMENT

Implement the plan and monitor its effectiveness:

Once the plan has been developed, the next step is to implement it and monitor its effectiveness. This can include things like installing new security measures, training employees on how to use them, and regularly reviewing the organisation’s security policies to ensure that they are up-to-date and effective.

Step 5: REVIEW

Regularly review and update the plan:

Finally, it’s important to regularly review and update the organisation’s cybersecurity plan. As threats and vulnerabilities evolve, the organisation’s security measures will need to be updated to keep pace. By regularly reviewing and updating the plan, organisations can ensure that they are always protected against the latest security threats.

WHAT DOES IT ALL MEAN?
LET US HELP EXPLAIN.

Endpoint protection is a type of security measure that protects devices and endpoints within a network from cyber threats. This can include antivirus software, firewalls, and intrusion detection systems

Application whitelisting is a security measure that allows only pre-approved programs and applications to run on a device or network

An asset inventory is a list or database of all the hardware and software assets within an organization. This can include devices such as computers, servers, printers, and Internet of things (IoT) devices, as well as software applications and licenses

Custom threat intelligence refers to the collection and analysis of data on potential cyber threats that are specific to an organization or industry. This can include information on known or potential threats, vulnerabilities, and trends in the cyber threat landscape

Data loss prevention (DLP) is a security measure that is designed to prevent the unauthorized access, use, or disclosure of sensitive or confidential data. This can include measures such as preventing the downloading of sensitive files to unauthorized devices, blocking the transmission of sensitive data over unsecured networks, and detecting and preventing the accidental or intentional deletion of important data

DDoS mitigation refers to the various measures and technologies that are used to protect against distributed denial of service (DDoS) attacks. DDoS attacks are a type of cyber attack in which a large number of internet-connected devices are used to overwhelm a website, network or firewall with traffic, rendering it unavailable to users

DNS filtering is a security measure that involves analyzing and controlling the DNS queries that are sent from a network. DNS, or Domain Name System, is the system that is used to translate domain names (e.g. www.google.com) into IP addresses that can be understood by computers. DNS filtering involves monitoring DNS queries and blocking those that are deemed to be malicious or unwanted

Employee awareness training is a type of training program that is designed to educate employees about the importance of cybersecurity, and to teach them how to identify and avoid potential threats

An incident response plan is a set of procedures and protocols that are followed in the event of a security incident or breach. The incident response plan typically outlines the roles and responsibilities of different teams and individuals, and specifies the steps that should be taken to contain and remediate the incident, as well as to prevent similar incidents from occurring in the future

An intrusion detection system (IDS) is a security measure that is designed to detect and alert on potential security threats or breaches. An IDS typically monitors network traffic and looks for patterns or anomalies that may indicate the presence of a threat

Mobile device encryption is a security measure that is designed to protect the data on mobile devices from unauthorized access. Encryption involves using a mathematical algorithm to encode data in such a way that it can only be accessed by someone with the correct decryption key

Penetration tests, also known as pen tests or ethical hacking, are a type of security assessment that involves simulating an attack on a computer system or network in order to identify vulnerabilities. Pen tests are typically performed by security professionals who use a variety of tools and techniques to try to gain unauthorized access to the system or network

Perimeter firewalls are a type of security measure that is designed to protect the network of an organization from external threats. A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A perimeter firewall is typically placed at the boundary between an organization’s internal network and the internet, and is used to block or allow traffic based on the source and destination of the traffic, as well as the type of traffic

Security information and event management (SIEM) is a security discipline that involves the real-time collection, analysis, and correlation of security-related data from various sources, such as network devices, servers, and applications. The goal of SIEM is to provide a comprehensive view of the organization’s security posture, and to identify potential security threats or incidents as they occur

Multi-factor authentication (MFA) is a security measure that requires the use of at least two different authentication factors in order to access a system or service. The most common form of MFA involves using something that the user knows (e.g. a password) in combination with something that the user has (e.g. a physical token or a smartphone). This provides an additional layer of security, as an attacker would need to have both the password and the token in order to gain access to the system

Vulnerability scans are a type of security assessment that involves using automated tools to scan a computer system or network for known vulnerabilities. Vulnerability scanners typically use a database of known vulnerabilities and corresponding signatures to identify potential weaknesses in the system or network

A web application firewall (WAF) is a security measure that is designed to protect web applications from a variety of threats, such as cross-site scripting (XSS) attacks, SQL injection attacks, and malicious bots. A WAF typically sits between the web application and the internet, and analyzes incoming traffic to identify and block potentially malicious requests

Web content filtering is a security measure that involves controlling or blocking access to certain types of online content. This can include blocking access to websites that are known to host malware or other malicious content, as well as blocking access to websites that fall into certain categories (e.g. gambling, pornography).