Blog Post: Why Western Australian Businesses Should Follow Government Cyber Security Advice

In today’s digital age, cyber security is a critical concern for businesses of all sizes. The Western Australian Government has recently updated its Cyber Security Policy, providing a comprehensive framework for protecting sensitive information and ensuring the resilience of digital infrastructure. This policy is not only essential for government entities but also offers valuable guidance for businesses looking to enhance their cyber security posture.

The Importance of Cyber Security

Cyber security threats are constantly evolving, and businesses must stay ahead of these threats to protect their assets, reputation, and customers. A cyber security incident can lead to significant financial losses, legal liabilities, and damage to a company’s reputation. By following the government’s cyber security advice, businesses can mitigate these risks and ensure their operations remain secure and resilient.

The NIST Framework 2.0

One of the key components of the Western Australian Government’s Cyber Security Policy is the adoption of the NIST Cybersecurity Framework 2.0. This framework provides a structured approach to managing and reducing cyber security risks. It consists of six core functions:

1. Govern: Establish essential governance and foundations of cyber security management.
2. Identify: Develop an organisational understanding to manage cyber security risks.
3. Protect: Implement safeguards to ensure the delivery of critical services.
4. Detect: Develop and implement activities to identify the occurrence of a cyber security event.
5. Respond: Take action regarding a detected cyber security incident.
6. Recover: Maintain plans for resilience and restore any capabilities or services impaired due to a cyber security incident1.

By aligning with the NIST Framework 2.0, businesses can create a robust cyber security strategy that addresses all aspects of risk management.

The Essential 8

Another critical element of the policy is the implementation of the Australian Cyber Security Centre’s (ACSC) Essential 8 controls. This clearly falls under the Protection section in the NIST framework.  These controls are designed to protect systems against a range of cyber threats and include:

1. Application Whitelisting: Ensuring only approved applications can execute on systems.
2. Patch Applications: Regularly updating applications to fix security vulnerabilities.
3. Configure Microsoft Office Macro Settings: Restricting the use of macros to prevent malicious code execution.
4. User Application Hardening: Reducing the attack surface by disabling unnecessary features.
5. Restrict Administrative Privileges: Limiting the use of privileged accounts to reduce the risk of compromise.
6. Patch Operating Systems: Keeping operating systems up to date with the latest security patches.
7. Multi-Factor Authentication: Implementing additional layers of authentication to secure access.
8. Daily Backups: Regularly backing up data to ensure it can be restored in the event of an incident1.

By adopting the Essential 8, businesses can significantly enhance their cyber security defences and reduce the likelihood of a successful cyber-attack.

Government fines, it is also important to understand that the government can not impose significant fines for companies that it believes have not take reasonable steps to secure Personally Identifiable Information or PII. More details can be found in this press release. Parliament approves Government’s privacy penalty bill | Our ministers – Attorney-General’s portfolio

Conclusion

The Western Australian Government’s Cyber Security Policy provides a valuable blueprint for businesses to follow. By adopting the NIST Framework 2.0 and the Essential 8 controls, businesses can create a comprehensive and effective cyber security strategy. This not only helps protect their assets and reputation but also ensures they remain resilient in the face of evolving cyber threats. It is crucial for businesses to take proactive steps in aligning with these guidelines to safeguard their operations and contribute to a more secure digital environment for all.

Therefore, we urge all businesses to take immediate action by implementing these measures. Begin by assessing your current security posture and identifying areas for improvement. Engage with cyber security experts if necessary, and invest in the tools and training required to fortify your defences. Your commitment to cyber security is not merely an operational necessity; it is a fundamental responsibility to your stakeholders and the wider community.

Qbit IT Solutions (www.qbit.com.au)can assist you in navigating these steps and ensuring your business is well-protected. Call Fabio Suffell on 6364 0600 or reach out to us today for an obligation-free chat to discuss how we can help secure your operations.

Take the first step towards a more secure future today.

1: Western Australian Government Cyber Security Policy Overview 2024  wacybersecurityoverviewmay.pdf