Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses how to manage cyber risk
[Start of transcript]
Hi, my name is Roger. And today I’d like to talk to you about how you manage your cyber-risk in a small organization. Now cyber-crime, the insider threat, script kidddies, are all making your small organization a target. And because they’re making you a target, it’s not because you are doing anything in particular, it’s the simple fact that you are attached to the digital world that makes you a target of cyber-crime.
So to make sure that you’re not at risk of being attacked, as a cyber-criminal would attack you, you have to make sure that you’ve gone through your risk management process within the business. So if something does happen, you have a large number of opportunities to take it to the next level and protect yourself properly.
Now cyber risk is a really complicated process. But it can be done basically, and improved on, to start off with. So you know you’ve got a cyber-risk if you don’t protect your PCs. You know you’ve got a cyber-risk if everything you’ve got is in plain language. And those are the first steps of understanding what you need to do.
The other steps are, you need to know what information is critical to your business, what information is critical to your clients, so that you’re not going to go out and, if you are hacked, that information is not going to get out of your work.
So once you’ve defined what your information is, you then need to look at how you’re going to protect it. Are you’re going to manage it in a certain way? Are you going to encrypt the information where it is? Are you going to encrypt the information while it’s moving backwards and forwards?
And then after that, once you’ve worked out what you’re going to do, you then have to take a process of doing what you said you were going to do. But this also leads into things like business continuity, disaster recovery.
You need to know if you get hacked, what are your processes to get your business back to where it belongs, or if you have a disaster, and your technology fails, what is your next step to being able to get back to work?
[End of transcript]