Cyber Strategy 2020 for Non-Techies
By Natalie Darby
Cyber Security is one of the biggest risks facing Australian businesses right now. It is important HR, managers and business owners are on top of this significant threat. Cyber Security is the new WH&S as far as risk, compliance and safety is concerned. It is ill-conceived to think Cyber Security is something the IT department can take care of with a firewall and anti-virus software. There must be a whole of business, people approach to Cyber Security.
On 6 August the Australian Government released Australia’s Cyber Security Strategy 2020. On the back of this they’ve published their Consultation Paper for Protecting Critical Infrastructure and Systems of National Significance. Here we strip back the technical stuff and look at what the majority of us need to know.
Cyber Security is the new WH&S as far as risk, compliance and safety is concerned.
1. Combined Effort. To realise the vision of a secure online world for Australia there needs to be complementary actions by governments, businesses and the community.
No business is immune to the threat of a cyber attack. We all have a role to play in creating a more cyber secure Australia. All businesses have a responsibility to grow a Cyber Savvy skilled workforce and protect customers from known cyber vulnerabilities. As individuals we need to take responsibility for practising secure online behaviours.
2. New Skills. We are more connected than ever before. As we upskill our teams to work remotely, conduct business online, shop online and trust the internet for healthcare we need new skills to be Cyber Savvy.
We need increased situational awareness of cyber threats and what to do in the event of an attack. Toolkits and online training will be published on cyber.gov.au to help SMEs raise cyber security awareness. Check cyber security is on your competency management / capability development matrix and check what funding is available for upskilling staff.
3. Integrated Behaviours. Cyber security needs to be a fundamental and integrated part of everyday life, just as a pool fence provides security and peace of mind.
We need to create a new social norm, a culture of cyber savvy people so we can reap the benefits of the internet safely. We all need to know and practise secure online behaviours
4. New Compliance Requirements. Cyber Security training will be an essential for onboarding, just as Work Health and Safety has become. The Government’s strategy introduces moves towards Codes of Practice, legislative changes which set a minimum cyber security baseline and obligations for industry through regulatory reforms. The strategy introduces the concept of practised incident responses by way of an incident response playbook.
Rather than looking at the impost of new regulations, businesses need to embrace the benefits of a Cyber Savvy workforce and start building this into their onboarding and other risk / compliance related activities. Just as a safe workplace brings benefits in productivity and staff wellbeing, a focus on Cyber Security reduces risks and enables staff to transfer skills to keep them safe in their personal lives as well. A cyber security response drill timetabled along with their evacuation drill.
For more information see the Department of Home Affairs and / or Australian Signals Directorate at cyber.gov.au. Reach out to us about our Cyber Security eLearning and Change Plan.