The strategy outlined in the JSON format focuses on achieving Maturity Level 1 of the Essential Eight, a cybersecurity framework by the ACSC. One of the primary components is implementing daily backups, which involves daily automatic scheduling, encryption of backup files, and restricting access to backup systems, ensuring data protection in case of loss or breach. For example, a company might schedule overnight backups, storing encrypted files offsite.
Another key focus is hardening user application settings. This involves applying security patches promptly and restricting unauthorized software installations to safeguard against vulnerabilities. For instance, disabling unused features on devices limits potential security risks.
Finally, enforcing baseline cyber hygiene emphasizes installing antivirus software and conducting regular security awareness training. Educating employees on phishing threats enhances overall security awareness, akin to providing seasonal workshops on recognizing scam emails.
The strategies
⛳️ Strategy 1: Implement daily backups
- Schedule automatic daily backups using reliable software
- Test backup restoration processes monthly to ensure reliability
- Store backups in a different physical location from primary data sources
- Encrypt backup files to secure sensitive information
- Maintain a log of all backup and restoration activities
- Limit access to backup systems to authorised personnel only
- Inform team members about backup procedures and responsibilities
- Regularly update backup software to the latest version
- Review and update backup policies annually
- Ensure cloud-based backups comply with organisational policies
⛳️ Strategy 2: Harden user application settings
- Disable unnecessary software features on all user devices
- Apply security patches to applications within 30 days of release
- Restrict user ability to install or run unauthorized applications
- Implement application whitelisting to prevent execution of unknown software
- Regularly audit applications for vulnerabilities or outdated versions
- Conduct bi-annual training for employees on application security best practices
- Monitor application behaviour for anomalies and report incidents
- Enforce password policies for applications requiring complex credentials
- Limit access to sensitive applications based on user roles
- Document and review application security settings quarterly
⛳️ Strategy 3: Enforce baseline cyber hygiene
- Install antivirus software on all organisational devices
- Schedule regular updates for all software to maintain the latest security patches
- Implement a user education programme focusing on phishing and online threats
- Restrict administrative privileges based on user needs and responsibilities
- Conduct security awareness sessions twice a year
- Establish a protocol for reporting suspicious cyber activity
- Regularly review access controls to critical systems
- Use multi-factor authentication for securing access to important accounts
- Log and monitor all network and system activities continuously
- Review and update the organisation's cybersecurity policy annually
Bringing accountability to your strategy
It's one thing to have a plan, it's another to stick to it. We hope that the examples above will help you get started with your own strategy, but we also know that it's easy to get lost in the day-to-day effort.
That's why we built Tability: to help you track your progress, keep your team aligned, and make sure you're always moving in the right direction.
Give it a try and see how it can help you bring accountability to your strategy.
