Australian businesses are well served by a wealth of communications technology services providers for internet, data, unified communications, mobile, and more. This means it’s not uncommon to have one service provider deliver your data network carriage, another your fixed voice and mobile phone assets, another to manage communication costs, and yet another to maintain everything.
But a range of different providers for wireline phones and devices, smartphones and mobile devices, telecommunications network, on-premise, hosted, or hybrid cloud services, may mean inconsistent data security credentials. This means it’s worth assessing the security posture of your providers. Remember, not all services providers are created equal when it comes to practicing the highest level of data security. When discussing information security credentials and accreditation with your providers, ask about compliance with the CyberGRX Essential Eight accreditation.
Cybersecurity certifications to verify a provider’s knowledge of issues like hacking and cybersecurity threats and the ability to apply best practices and strategies to maintain privacy and security.
Essential Eight
Essential Eight strategies focus on helping prevent and limit the extent of cyberattacks while maximising data recovery and systems availability, including:
1. Application control
Preventing the execution and spread of malicious code, while also helping prevent the installation or use of unapproved applications which can bring harm to the security of your systems and data.
2. Patching applications
Applying updates in a timely manner (within 48 hours in some cases) is critical to safeguarding the security of all your technology. Patches often fix known vulnerabilities which can provide an entry point for threats to be released into business systems.
3. Configuring macro settings
As macros can spread a virus on your network, it’s important to block macros from the internet, and only allow approved macros that are digitally signed with a trusted certificate.
4. Hardening user applications
Disabling the unnecessary or high-risk functions in mainstream programs makes exploitation less likely, while still allowing the apps to be used by an organisation.
5. Restricting admin privileges
The fewer admin accounts you have the better and set privileges in line with the user’s role and duties. Regularly revalidate the need for these privileges.
6. Embracing multi-factor authentication
Using multi-factor authentication on as many systems as possible, especially for VPNs and other remote access tools makes it harder for a hacker to access your network, while limiting their movement in your network should they gain entrance.
7. Patching operating systems
Using latest version of operating systems and avoiding use of unsupported versions minimises risk. As with patching apps, it’s important to patch operating system vulnerabilities within 48 hours.
8. Recovering data and systems availability
Backing up important data should be an ongoing daily exercise. Should a ransomware attack encrypt critical data and rendering it inaccessible, only a recent backup will come to the rescue.
Data Security Accreditation
Telstra’s highest level of partner endorsement for data security and privacy processes is Essential 8 accreditation. As a Telstra Platinum Partner, imei has Essential 8 accreditation for data, mobility, unified communications, security, and professional services. And we’re compliant with the Australian Cyber Security Essential Eight information security standard as assessed by CyberGRX, a global third-party cyber-risk management platform.
If you’re concerned about enterprise mobility data security and want the assurance of Essential Eight compliance accreditation please get in touch with imei.
