{"id":65192,"date":"2023-04-04T09:42:39","date_gmt":"2023-04-03T22:42:39","guid":{"rendered":"https:\/\/riskinfo.com.au\/news\/?p=65192"},"modified":"2024-10-30T08:41:26","modified_gmt":"2024-10-29T22:41:26","slug":"the-three-stages-of-cyber-security","status":"publish","type":"post","link":"https:\/\/riskinfo.com.au\/news\/2023\/04\/04\/the-three-stages-of-cyber-security\/","title":{"rendered":"The Three Stages of Cyber Security"},"content":{"rendered":"

There are three stages to data security, says Fraser Jack<\/strong>, head of The Cyber Collective<\/a>.<\/p>\n

Speaking at Riskinfo\u2019s Riskinfocus 23 CPD Tour event in Melbourne, Jack said every company that stores information is responsible for protecting it, that data security is a team sport, and that every company should have a cyber security champion on the staff.<\/p>\n

\"\"<\/a>
Fraser Jack presenting at the Riskinfocus 23 CPD Tour event\u00a0 in Melbourne last week.<\/figcaption><\/figure>\n

\u201cThe champion, an existing member of staff who ideally enjoys IT, can make sure members of the team are using strong passwords, seeing that those passwords are changed every few months, ensuring company apps are updated, and take control of that for the company,\u201d he says.<\/p>\n

Jack says every firm should review their IT systems and identify any risks to their data being seen by people who should not have access to it (that includes staff and hackers).<\/p>\n

\u201cUnderstand what the risks are, how people might get in to your network, and put protections in place,\u201d he says.<\/p>\n

Jack says the three stages of data security are:<\/p>\n

    \n
  1. Before an attack – identify the threats and mitigate<\/li>\n
  2. During an attack – have a robust response plan<\/li>\n
  3. After an attack – restore data and recover<\/li>\n<\/ol>\n

    Jack recommends companies have a plan to follow when a cyber attack happens, and that each step of the plan is rehearsed with all staff \u2013 much like a fire drill when everyone is asked to leave the building.<\/p>\n

    He says: \u201cYou can\u2019t sit there wondering what to do during an active attack on your business. You need a plan in place so all staff know how to react, what to do\u2026And that will include taking all your computers off line while the intrusion is assessed and dealt with.<\/p>\n

    \u201cThat means you need a business continuity plan to cover you until all your computer systems can go back online. We all know the phrase \u2018If you fail to plan, you plan to fail\u2019, but that isn\u2019t strong enough in this case.<\/p>\n

    …if your business is attacked, you\u2019ve been punched in the mouth…<\/p><\/blockquote>\n

    \u201cAs Mike Tyson says, \u2018we all have a plan until we get punched in the mouth\u2019. So if your business is attacked, you\u2019ve been punched in the mouth. The adrenalin kicks in and you won\u2019t know what to do unless you have a pre-arranged plan in place.<\/p>\n

    \u201cYou need to keep your guard up, train your staff, and understand that somebody is coming for you. It could be a teenager having fun or something far more malicious that leads to your data being shared on the dark web until you pay a ransom.\u201d<\/p>\n

    Jack also cautions that once inside your computer network, a hacker can go undetected – sometimes for months \u2013 until a staff member notices something is wrong.<\/p>\n

    He suggests installing software to identify intruders along with two-factor authentication for a belt and braces approach to system access and email logins.<\/p>\n

    \"\"<\/a>
    One of the slides used during Fraser Jack\u2019s presentation on cyber security at Riskinfocus 23 CPD Tour showing the three stages of cyber resilience.<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"

    There are three stages to data security, says Fraser Jack, head of The Cyber Collective. Speaking at Riskinfo\u2019s Riskinfocus 23 CPD Tour event in Melbourne, Jack said every company that stores information is responsible for protecting it, that data security is a team sport, and that every company should have a cyber security champion on […]<\/p>\n","protected":false},"author":23,"featured_media":65232,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,8285,3,248],"tags":[],"class_list":{"0":"post-65192","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-compliance-regulation","8":"category-cyber-security","9":"category-general","10":"category-training"},"_links":{"self":[{"href":"https:\/\/riskinfo.com.au\/news\/wp-json\/wp\/v2\/posts\/65192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/riskinfo.com.au\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/riskinfo.com.au\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/riskinfo.com.au\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/riskinfo.com.au\/news\/wp-json\/wp\/v2\/comments?post=65192"}],"version-history":[{"count":0,"href":"https:\/\/riskinfo.com.au\/news\/wp-json\/wp\/v2\/posts\/65192\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/riskinfo.com.au\/news\/wp-json\/wp\/v2\/media\/65232"}],"wp:attachment":[{"href":"https:\/\/riskinfo.com.au\/news\/wp-json\/wp\/v2\/media?parent=65192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/riskinfo.com.au\/news\/wp-json\/wp\/v2\/categories?post=65192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/riskinfo.com.au\/news\/wp-json\/wp\/v2\/tags?post=65192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}