With cyber-crime a real risk for every business every day, cyber security should be a priority. A cyber security strategy can help you to manage the risk. However, one of the biggest challenges is knowing where to start.
It is critically important to recognise that the development of a cyber security strategy needs to be driven by executive and senior leadership. Cyber is not just an IT issues, it is a whole of business issue.
There are many different articles written on this topic, but many neglect what we consider is the essential first step – identify your assets. Instead, the articles recommend jumping right into the next stage – protect your assets.
We ask, how can businesses protect something if they don’t know anything about where it is, who has access to it and how it is
We see there are four key stages to establishing a cyber security strategy – identify, protect, detect and respond/recover. This article describes the first step. Future blog articles will look at the other steps.
The process of asset identification needs to concentrate on information security — the systems that hold the information and the devices that contain information that could be compromised.
Every business should know where its information assets are, who has access to them and how they are accessed. Importantly, every business should be aware of any vulnerabilities.
To help with this, here’s some questions of the questions you should be asking:
- Have we identified what our highest priority information is?
- Where is our critical information held?
- Who has access to it?
- How is it secured?
- How can they access it?
- What are the risks around our IT systems and information?
- What are the vulnerabilities around our IT systems and information?
Critical types of information that businesses may have include:
- Intellectual property – including designs and patents
- Tax file numbers
- Medical records
- Personal details
- Building plans
- Financial transaction data
- Client records
- Employee records
- Trade secrets… and more.
The key to success in identifying assets is not to do it on your own. The risks of cyber-attack is too great and the consequences could be devastating. Instead, we encourage you to engage an expert to assist you in identifying your information assets and designing a suitable cyber security strategy.
Read the other Cyber Security Strategy blogs in this series:
Cyber Security Strategy: Step 1 –
If you need any assistance with your cyber security or you don’t know where to start please call us on 1300 478 738 or email us at firstname.lastname@example.org.