News

Cyber Security: Let’s take a look at best practice

If there's an area that all business leaders should invest their time in 2023, it's cyber security. This year, the Federal Government is working on its new strategy - outlining changes to Australia's cyber security & privacy policies, that will impact every single business. Let's take a look at what best practice cyber security is, and the steps you should take to protect your business (and customers).

March 28, 2023

If there's an area that all business leaders should invest their time in 2023, it's cyber security.

This year, the Federal Government is working on its new strategy - outlining changes to Australia's cyber security & privacy policies, that will impact every single business.

Leaders of best practice go beyond their need to tick legislative boxes.

In 2023, business leaders will experience an increased pressure from clients, customers, shareholders, board of directors, regulators - to get up-to-speed on cyber security best practice.

Dealing with cyber risks is listed in the top #3 of key challenges that Australian business leaders will face this year, according to a KPMG report released in January.

Those already investing in their cyber security and data strategy, will understand the importance of having these in place, to gain trust from their stakeholders.

Cyber security has been a critical part of data strategy and data governance for decades, however, businesses' have not yet reached the required level of maturity needed for Australia to protect itself from cyber threats. Over the coming months, we will see stronger policy and more onus on businesses to "step up".

Let's take a look at what best practice cyber security is, and the steps you should take to protect your business (and customers).

Cyber Security isn't just about the "technical stuff". In fact, much of the work is led as part of data strategy, data governance, via a company-wide approach.

Cyber security can be broadly divided into non-technical and technical areas, and it is critical to consider both aspects.

Non-technical elements include governance frameworks and accountability mechanisms, cyber security culture and risk management planning:

  • Businesses that already employ a company-wide approach to data privacy and security (Make it part of organisational culture, not just something that belongs to a technology division.)
  • Data Security forms part of the KPIs of every role similar to a meeting budget KPI.
  • A stage gate or part of the criteria for changes (either technical or business) to be applied and approved is an assessment or impact analysis on what this change means (or not!) for data security
  • Empowering the whole business to understand their individual impact on the company’s protection against cyber attack; and addressing future critical skills shortages by upskilling their employees (such as NAB’s women in tech program)
  • Leadership: understanding that protecting assets, systems and customer data is a business critical strategy for crisis mitigation planning and day-to-day prevention,
  • Priorities and the scope of both projects and business as usual activities set by Senior Leadership and managers reflect the importance of data security
  • “De-risking the innovation cycle” by aligning technology strategy with business outcomes: implementing a technology roadmap and embedding security into the beginning of each new process.

Technical aspects include elements such as:

  • Inventory management
  • Legacy systems
  • Variation across systems
  • Attack surfaces

Read these articles, for more cyber security insights:

Hard to miss, it's been a big 12 months (and still going).

It's every Australian businesses' responsibility to protect our data. So, why hasn't this happened?

We read the 2023-2030 Australian Cyber Security Strategy, so you don't have to.

Questions about cyber security, data governance, data quality or data strategy? Feel free to reach out to Lisa to chat.

Lisa has 30 years' industry experience in Business Intelligence, Data Governance, CyberSecurity and Master Data Consultant, together with MBA, CPA and GAICD qualifications and specialist skills in developing Business Intelligence solutions - including data warehouse project management, master data and business process optimisation.