Explore all our services
Design services
Discovery & research
Journey mapping
Prototyping
Accessibility
UX & UI design
Development services
Front-end development
Back-end development
Website development
Mobile development
AWS consulting services
React JS development
Delivery services
Project management
Testing & auditing
Support & maintenance
See our live solutions
Solutions
Service finder software
Booking software
Learning management software
Member service portals
Packages
Digital assurance
Idea to prototype
Idea to version one
Business sizes
Startups
SMEs
Enterprise
Read our case studies
Industries
Healthcare
Education
Government
Finance
Arts & recreation
Media & technology
Professional services
Recent client projects
Hunter Health
Macquarie University
Service NSW
Westpac
Museums of History NSW
Val Morgan
Ark
Business sizes
Startups
SMEs
Enterprise
Learn more about us
Explore our careers
Meet the team
How we work
Agency model
Team augmentation
Check out our blogs
Latest blog posts
The insights from AGS2024 shaping Airteam
Unlocking the power of health informatics with FHIR
Revolutionising health insurance for the digital age
How long does it take to develop a mobile app?
Airteam has reached AWS Advanced Tier Partner status
Delivery
4
min read

Airteam’s guide to getting on top of cyber security essentials with CISA

Rich Atkinson
December 13, 2022
A half closed laptop with a glow coming off the screen.

If your business handles customer data, the past few months might have raised some worrying questions about how secure your systems are and the implications of bringing them up to scratch.

The good news is that cyber security isn’t necessarily an expensive investment in new tech or personnel.

If you’re a small or medium size business looking for practical cybersecurity advice, then a great place to start is CISA.gov, the USA’s Cybersecurity & Infrastructure Security Agency.

While there is already great information available here in Australia, the recent attacks on Optus and Medibank and their commonalities suggest that digital security needs to be prioritised.

Owning Digital Security

The great thing about CISA’s guidelines is that they break down advice into manageable chunks, distinguishing between roles within a business. They also make an important point: company directors must not assume that cyber security is the sole responsibility of IT professionals.

To protect a company against malicious attacks, the key thing is to create a culture of cybersecurity that starts at the top. The CEO or MD must commit to putting in place people and procedures designed to minimise the possibility of a data breach.

A crucial step CISA suggests is the appointment of a Security Program Manager. The key takeaway is that this person need not be a security expert or an IT professional.

This person’s responsibility is to ensure that cyber security processes and procedures are followed and report to senior leadership at least once a month on progress made and any roadblocks encountered.

Think of them as your cybersecurity implementor rather than a tech wizard.

Multi-Factor is Essential

Once this person is in place - or even before if you’re able – the next step is to implement Multi-Factor Authentication across the company. MFA is not the final word in protecting against cyber-attacks, but the great thing about it is that it protects against so many different types of attacks.

To get started, your Security Program Manager should audit your business’s systems and data to create a list of the endpoints that need to be protected and the data they contain.

If it helps, picture a physical filing cabinet containing all your customer’s key information. Now, who in your business has the keys to that cabinet? And what is the potential for them to inadvertently let those keys slip into the hands of an opportunistic thief?

Once the initial audit and enablement are done, don’t stop there. Implement compliance protocols ensuring that MFA continues to be enforced across future system launches, updates, user onboarding and offboarding.

Don’t be the Low-Hanging Fruit

Another key thing to remember about cyber security is that many criminals look for the most vulnerable systems to focus their attacks on.

So, if you don’t want that to be your business, don’t be the low-hanging fruit.

By making it more difficult for criminals to gain access to your data, they are far more likely to move on to the next potential victim that hasn’t been as diligent in their defence, rather than go to extra lengths to gain access to your systems.

Endpoint Awareness

The last thing to be conscious of is your company’s various endpoints, with mobile phones likely at the top of the list for many organisations.

Using that filing cabinet analogy, think of a mobile phone as a filing cabinet the size of a stadium that can be lifted out of a pocket or accidentally left on an Uber seat. Now ask yourself, how secure are those devices, what access points do they contain, and what would be the implications of someone outside your company getting access to it?

This brings us back to MFA as a multi-purpose line of defence and why it should be the first thing on every company’s cyber security agenda.

Minimise your Data Footprint

While this advice has been focused on preventing bad actors from accessing your data, one other crucial thing that all businesses can do to prevent data from falling into the wrong hands is not to have it in the first place.

Conduct a data audit and ask yourselves seriously as a business whether you need to hold onto all client and customer data. Get rid of anything you don’t need – responsibly and thoroughly, of course.

So, there you have it. That’s just our top-line guide on how to begin the journey to become a cyber security-conscious business, and for more info, we’d encourage everyone to head over to cisa.gov/small-business for the guidance in full. And if you’re looking for help putting this advice into action with your new or existing apps, websites, and software solutions, we’d love to help, simply contact us here.

Share this post
Rich Atkinson
Rich Atkinson
Executive Director

Related posts

Australian Governance Summit 2024
6
min read

The insights from AGS2024 shaping Airteam

Sharing how Patrick’s attendance of the Australian governance Summit is shaping Airteam's governance, diversity in leadership, and continuous innovation.
Patrick Goffin
March 26, 2024
A doctor using healthcare software on an ipad at her desk.
5
min read

Unlocking the power of health informatics with FHIR

Explore the impact FHIR is having on the healthcare industry, simplifying data exchange between healthcare systems, enhancing patient care, reducing costs, and improving efficiency.
Rich Atkinson
February 6, 2024
A doctor using telehealth software on her laptop.
5
min read

A perspective on medical app development with SMART on FHIR

Explore the Impact of SMART on FHIR in healthcare software. Discover how it is transforming medical app development with EHR Integration.
Rich Atkinson
November 8, 2023
View all
The Airteam logo.

Australia's trusted software development partner

Suite 209/56 Bowman St, Pyrmont, NSW 2009
hello@airteam.com.au
We acknowledge the Traditional Owners of country throughout Australia and recognise their continuing connection to land, waters and culture. We pay our respects to their elders past, present and emerging.
ServicesCase StudiesDMSHealthtech
TeamCareersArticlesContact
AWS Advanced Consulting Partner badge.Luma Institute certificationISO 27001 certification for software development companyISO 9001 certification for software development companyGoogle 4.9 Stars BadgeGood Design Award Badge
© Airteam 2024
ABN: 52 613 107 618
Privacy Statement