Skip to content
Journal

CEO Memo October – Cyber security standards and awareness to help mitigate risks for your organisation

By: Megan Motto FGIA, Chief Executive Officer, Governance Institute of Australia

October is Cyber Security Awareness Month and there is no time like the present (as in RIGHT NOW!) to put yourself and your organisation to the test. Cyber security challenges continue to strike from all directions. We have seen the ramifications of data breaches and software malfunctions hitting some of the nation’s leading companies and organisations. As governance and risk management professionals, it’s our job to ensure practices, procedures and guidelines are followed to ensure the utmost protection for what can be your organisation’s most valuable asset – data.

Our own research compiled late last year in our Data Governance in Australia report found nearly two-thirds of organisations believe their boards lack a sufficient understanding of current data governance challenges.

Just under three-quarters of organisations link data governance to the overall governance/risk management strategy. But less than half report data governance to the board, and the frequency of reporting varies significantly.

With cyber threats on the rise and the increasing value of data, it is imperative for boards and senior managers to develop and implement robust data governance frameworks. By doing so, they can protect their assets, enhance customer trust, and ensure long-term organisational resilience.

To assist organisations to maintain robust cyber security protocols, the Governance Institute’s Effective Cyber Risk Management Guide is a best practice governance guide for digitally secure and resilient organisations. This practical tool is comprehensively designed to fortify your organisation’s digital defences and guide you through the complexities of cyber security.

In a significant move to enhance the security of Internet of Things (IoT) devices, Standards Australia has adopted a new standard, AS/NZS ISO/IEC 27400:2024. This standard, based on existing ISO guidelines, aims to provide comprehensive guidelines on the risks, principles, and controls necessary for the security and privacy of IoT solutions.

IoT devices, such as smart home devices like Alexa and Google among numerous others, are becoming increasingly prevalent. The new standard is designed to address the unique security challenges posed by these devices, ensuring that they are protected against potential threats.

Addressing these challenges requires a multi-faceted approach, including the development of robust security standards, regular updates and patches, secure communication protocols, and effective device management practices. By tackling these issues, organisations can better protect their IoT devices and the data they collect.

So, as we enter into Cyber Security Awareness Month, double-check your organisation’s workforce is across the key basics as a minimum:

  1. Activate multifactor authentication: Encouraging the use of multifactor authentication to add an extra layer of security.
  2. Apply all software updates: Highlighting the importance of keeping software up to date to protect against vulnerabilities.
  3. Avoid password reuse: Promoting the use of unique passwords for different accounts to prevent unauthorised access.
  4. Phishing email awareness: Educating users on how to recognise and avoid phishing emails.

These are the initial, crucial steps in fostering a culture of cyber security awareness and resilience across the nation’s businesses – especially SME’s that don’t necessarily have the specialist IT resources of larger organisations.

We know that as cyber threats continue to evolve, these measures will play a vital role in protecting key digital infrastructure. Combined with an effective data governance and cyber risk management framework, these are the essentials for maximizing the commercial value of data while minimising the increasing risks of a rapidly moving, digitally driven world.

Acting for You, October 2024 

Next article