22/03/2024
Cyber incidents are increasing in frequency across all sectors including charities and not-for-profits. As a result, the Australian Signals Directorate’s Australian Cyber Security Centre is encouraging charities and not-for-profit organisations to protect their information and systems. The steps that these organisations can take are the same steps that all types of organisations can take – that is, they are not limited to charities and not-for-profits. The Cyber Security Centre recommends organisations:
- Turn on multi-factor authentication where possible.
- Check automatic updates are on and install updates as soon as possible.
- Back up important files and device configurations often, and test backups on a regular basis.
- Use a reputable password manager to create strong, unique passwords or passphrases for all accounts.
- Provide cyber security training, particularly on how to recognise scams and phishing attempts.
- Use access controls and review them often so staff can only access what they require for their duties.
- Use only reputable and secure cloud services and managed service providers.
- Test cyber security detection, incident response, business continuity and disaster recovery plans often.
- Review the cyber security posture of remote workers and connections.
- Report a cybercrime, incident or vulnerability.
- Join ASD’s Cyber Security Partnership Program as a business or network partner.
Cyber incidents cost organisations a lot, not just in money but also in time and reputation, and in addition it can jeopardise the health and wellbeing of those whose personal information is accessed as part of an incident. This causes unnecessary harm to individuals and communities.
Organisations should also be ready for a cyber incident including by ensuring that they have a current data breach plan, which covers off matters from reporting incidents to communication plans for stakeholders and managing business as usual. Boards should ensure the risk of a cyber incident is one their organisation is ready to detect and respond to, and recover from.
Griffin Legal regularly assist organisations with their cyber governance and risk management. Please consider saving the mobile numbers of the Griffin Legal personnel you routinely work with in the event you need to contact us should a cyber incident occur within your organisation.
As always, we are here and ready to assist in responding to your queries and to assist you.