Top five tips for mitigating cyber risk

Cyber HackerCyber-crime is not just an issue for large companies but for any organisation that collects and maintains customer records, like property managers and agents. 
Personal information needs to be safeguarded, and one company that has been helping companies minimise and mitigate the risk of potential cyber-threats in Australia since 1999 is Gratex International. It works with clients, providing a range of services including security assessments, network monitoring, incident response management and penetration testing.
Michal Gonos, who is director of IT & Infrastructure Services at Gratex, shares his top five tips for combating cyber-crime:
  1. Partner with a reputable IT organisation with expertise in security to develop a plan to mitigate cyber-risk within the organisation and regularly review this plan. This is particularly important for organisations with limited internal IT resources. Some third-party IT companies offer network behaviour monitoring tools that create a baseline for normal activity and flags any unusual activity within an organisation’s network. Where this is combined with proper response strategies or even a Computer Incident Security Response Team (CISRT) to investigate and react to threats, it can be an effective tool for mitigating risk.
  2. Perform regular security audits and penetration tests. These will give an organisation a snapshot of the strength of its security and identify potential threats. Organisations can use this information to put in place better protection strategies. It is, however, important to understand that this only gives insight at a single point in time and new threats are emerging on a daily basis.
  3. Educate management and staff on common cyber-risk, identity theft and data protection. Employees need to be aware that their individual online behaviour can have consequences for a business and its clients.
  4. Categorise data based on how sensitive the information is and the potential consequences of misuse. Put in place policies and controls to determine who has access to what information and how they can use it, as well as seeking options to integrate those policies and controls within line of business application, if possible. 
  5. A fundamental to minimise security risks is to understand that the IT world is a rapidly changing environment. What works from a security point of view today may not work tomorrow and assessing cyber-security is not a once off task. Businesses need to be constantly monitoring and adapting the strategies they use to prevent security breaches and protect their organisation and clients.
Watch our ‘Who needs cyber insurance?’ video to find out how having a broker can reduce the risk of cyber breaches.