HSA July 2023
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
M E M B E R A D V I C E<br />
Implement a privileged access<br />
management solution that<br />
enforces the principle of least<br />
privilege. Regularly monitor and<br />
audit administrative activities to<br />
detect any unauthorized access<br />
attempts.<br />
By implementing these four<br />
controls, you can significantly<br />
enhance your organisation's<br />
cybersecurity posture and reduce<br />
the risk of cyber attacks. However,<br />
it is important to remember that<br />
cybersecurity is an ongoing process<br />
and requires continuous monitoring<br />
and improvement.<br />
IMPLEMENTING THE<br />
REMAINING FOUR CONTROLS<br />
OF THE ESSENTIAL EIGHT<br />
FRAMEWORK<br />
5. Patching operating systems:<br />
Just like patching applications,<br />
keeping your operating systems<br />
up to date is crucial in preventing<br />
cyber attacks. Establish a patch<br />
management process for your<br />
operating systems similar to the<br />
one for applications. Regularly<br />
apply security patches and<br />
updates to address known<br />
vulnerabilities.<br />
6. Multi-factor authentication<br />
(MFA): Implementing MFA adds<br />
an extra layer of security to<br />
your authentication process. It<br />
requires users to provide multiple<br />
forms of identification, such as<br />
a password and a unique code<br />
sent to their mobile device, to<br />
access systems or applications.<br />
By implementing MFA, you can<br />
significantly reduce the risk of<br />
unauthorized access, even if<br />
passwords are compromised.<br />
7. Daily backups: Regularly backing<br />
up your critical data is essential<br />
to ensure business continuity<br />
in the event of a cyber attack<br />
or data breach. Implement a<br />
comprehensive backup strategy<br />
that includes regular backups of<br />
all important data, regular testing<br />
of backups to ensure data<br />
integrity, and offsite storage to<br />
protect against physical damage<br />
or loss.<br />
8. User application hardening:<br />
This control involves<br />
implementing additional security<br />
measures for web browsers,<br />
PDF viewers, and other common<br />
applications. Configure these<br />
applications to restrict potentially<br />
malicious activities, such as<br />
automatically executing scripts<br />
or downloading files without<br />
user consent. Regularly update<br />
these applications to ensure<br />
they have the latest security<br />
enhancements.<br />
THE ROLE OF EMPLOYEE<br />
TRAINING IN CYBERSECURITY<br />
While implementing the Essential<br />
Eight controls is critical, it is equally<br />
important to educate and train your<br />
employees on cybersecurity best<br />
practices. Employees are often the<br />
weakest link in an organization's<br />
cybersecurity defenses, as they<br />
can inadvertently click on malicious<br />
links, fall for phishing scams, or<br />
mishandle sensitive information.<br />
By providing regular training<br />
and awareness programs, you<br />
can empower your employees<br />
to become the first line of<br />
defense against cyber threats.<br />
Start by creating a comprehensive<br />
cybersecurity policy that outlines<br />
the expected behaviour and<br />
responsibilities of your employees.<br />
In a hotel setting, this is for finance<br />
and other back office staff, people<br />
handling social media, users of<br />
your business email accounts etc.<br />
This policy should cover topics<br />
such as password management,<br />
acceptable use of company<br />
resources, safe browsing habits,<br />
and incident reporting procedures.<br />
Conduct regular training sessions<br />
to educate your employees about<br />
the latest cyber threats, phishing<br />
techniques, and social engineering<br />
tactics. Reinforce the importance<br />
of following security protocols<br />
and provide practical examples<br />
of real-world scenarios to help<br />
employees understand the risks<br />
and consequences of their actions.<br />
30 | Hotel SA | www.ahasa.asn.au Back to Contents