How to Protect Your Not-for-Profit with the Essential 8 Controls in 2024

"Bremmar really brings together the strategy element, project element and managed service element all in one. They also have solid knowledge of the Aged Care sector which is pretty niche."

How to Protect Your Not-for-Profit with the Essential 8 Controls in 2024 

Cyber security threats become more prevalent as Not-for-Profits increasingly rely on technology to manage their operations. Fortunately, the Australian Signals Directorate (ASD) created a set of cyber security controls called Essential 8 to help Australian businesses and nonprofits mitigate the most common cyber threats and navigate the digital space more securely. 

Since November 2023, these controls have been updated to suit the current landscape better and improve response times to diminish risks. In this article, Zubair Khan, Bremmar’s Cyber Security Technical Consultant, will explain the Essential 8 controls, how they work, why they benefit Not-for-Profits and how the changes make the controls even more helpful. 

The Essential 8  

The controls consist of different maturity levels, each becoming more robust than the last. “By implementing these controls, human services organisations can significantly reduce their risk of becoming victims of cyber attacks”, explains Zubair. “Although the Essential 8 framework is not currently mandated for all organisations, it is highly recommended that nonprofits of all sizes implement at least Maturity Level 1 of the controls to start their cyber security journey”, he affirms. “The Essential 8 Maturity Level 2, on the other hand, is a mandatory requirement for all Australian non-corporate Commonwealth entities subject to the PGPA Act (as per PSPF Policy 10)”, completes Zubair.

According to the Microsoft Digital Defense Report 2023, basic security hygiene, such as Multi-Factor Authentication (MFA), protects organisations against 99% of attacks. However, applying and enforcing the cyber security policies correctly is crucial to guarantee stakeholder buy-in. “Having MFA on one application and not the other, for example, does not complete the control of implementing MFA”, explains Zubair.   

Still, according to Microsoft’s report, fewer than 15% of Non-governmental organisations have cyber security experts on their staff. That’s why partnerships with companies such as Bremmar, with more than 15 years of experience in the NFP sector, are critical to organisations trying to protect their data.  

  • Patch applications: applications should be updated with the latest security patches to fix any vulnerabilities attackers could exploit. 
  • Patch operating systems: Operating systems must be updated with the latest security patches to fix any vulnerabilities attackers could exploit.  
  • Multi-factor authentication: This control requires users to provide more than one piece of evidence to verify their identity when accessing systems or online services. 
  • Restrict administrative privileges: Organisations must limit the number of users with administrative rights on systems and ensure they only use them when necessary. 
  • Application control: This control prevents the execution of unapproved or malicious programs on systems.  
  • Restrict Microsoft Office macros: The use of macros in Microsoft Office documents should be restricted to prevent malicious code from running on systems. 
  • User application hardening: This control configures web browsers and PDF viewers to block or limit the functionality of features that attackers could use to compromise systems. 
  • Daily backups: This control ensures that data is backed up regularly and stored securely to enable recovery in case of a cyber incident. 

Changes to the Essential 8 in 2024  

The Essential 8 controls will undergo some changes in 2024 as part of the Australian Government’s new 2023-2030 Cyber Security Strategy (published in November 2023).

“The cyber security threat landscape is ever evolving, and there are always more risks and attackers. As a countermeasure, the Australian Cyber Security Centre (ACSC) is continuously publishing changes and updates to improve the controls”, says Zubair.  

Some of the recent changes revisit the use of the MFA control, requiring the type of authentication to include something you have and something you know. “A mobile device plus a passphrase, for example, fits the control”, explains the consultant. “Another significant change is the frequency at which vulnerabilities must be addressed in the organisation”, he completes.  

 The timeframe for patching vulnerabilities in high-risk software has changed from one month to two weeks for Maturity Level 1. However, according to the ASD, when vendors assess a vulnerability to be of a critical nature – both on applications and operating systems – (e.g. it facilitates authentication bypasses that grant privileged access or facilitates remote code execution without user interaction), organisations should patch, update or otherwise mitigate vulnerabilities within 48 hours.

Swift actions are critical in minimising the impact of security incidents. However, the consultant emphasises that the organisations must, in parallel, create a roadmap to implement the controls properly. “Organisations should decide on which maturity level to aim for – the minimum being Maturity Level 1 for most – as it is also a commercial decision – the cost to maintain and implementation should be balanced against certain risk factors”, affirms Zubair.

Such changes aim to improve the effectiveness and efficiency of the Essential 8 controls and align them with the six cyber shields that will be implemented by the Australian Government until 2030.   

Cyber Security Shields to be implemented by 2030.

1 – Strong businesses and citizens
Citizens and businesses are better protected from cyber threats and can recover quickly following a cyber attack. 

2- Safe technology
Australians can trust that their digital products and services are safe, secure and fit for purpose. 

3- World-class threat sharing and blocking
Australia has access to real-time threat data and can block threats at scale. 

4 – Protected critical infrastructure
Australia’s critical infrastructure and essential government systems can withstand and bounce back from cyber attacks. 

5 – Sovereign capabilities
Australia has a flourishing cyber industry, enabled by a diverse and professional cyber workforce. 

6 – Resilient region and global leadership
Australia’s region is more cyber resilient and will prosper from the digital economy, continuing to uphold international law and norms and shape global rules and standards in line with its shared interests. 

Implementing the Essential 8 controls can provide many benefits for Not-for-Profits, maintaining a pristine reputation being one of the major ones.   

“The biggest risk to organisations is their reputation. Suppose an attacker gains access to the system and obtains notifiable data. In that case, the business must notify customers that it has been breached, which could damage their image and result in financial loss”, explains Zubair.   

Following the controls results in Improved security posture, Enhanced compliance, Increased customer trust and Reduced costs and losses due to a cyber attack.

To start their Cyber Security journey and implement the Essential 8 controls, Not-For-Profits can follow a few simple steps, such as assessing their current cyber security situation. Bremmar’s self-assessment tool can be a valuable resource, as organisations receive a report summarising their maturity level across all areas of the Essential 8 model. 

“We can assist organisations in implementing and maintaining these controls. Our team has experience in each area and is focused on keeping up to date with changes from the ACSC while helping you achieve the maturity layer you need continuously”, says Zubair.  

Contact us if you want to learn more about the Essential 8 or need help implementing the controls! 

Free Essential 8 security assessment
Take our free assessment to get a summary report of your compliance level and secure your not-for-profit organisation.

Further reading

Are outdated manual processes holding your business back?

Transform the way you digitise your business processes.

How to build a comprehensive security suite with your existing M365 licensing.

Organisations with Bremmar's Digital Edge

Ready to get secure?

Book a discussion with a consultant today

NFP Cyber Security: Highlights from CPA’s Strategy Briefing

In today’s digital age, every click can be a potential threat, so the importance of cyber security awareness cannot be overstated, especially for Not-For-Profit organisations. However, balancing the technical needs of vulnerable sectors like disability, community services, and aged care with the ever-present spectre of cyber threats is no small task and many NFPs require support to achieve it. Enter Bremmar’s engagement with the human services sector and events designed to educate those industries.

Brenton Harris, Bremmar’s Managing Director, provided invaluable cyber security insights at the recent ‘Cyber Security Strategy, Compliance, and Reporting’ briefing at a CPA breakfast meeting. Keep reading to discover his key takeaways.

Understanding the Cyber Security Landscape for NFPs

To boost productivity and improve customer satisfaction,  NFPs must harness technical advancements daily. However, as a result, the technical challenges, especially within the cyber security landscape, become increasingly complex and demanding.

Current Cyber Landscape

“Every seven minutes, a cybercrime is reported,” states Brenton Harris.

While this statistic is startling, the changing nature of these attacks is even more troubling. Cybercriminals aren’t merely seeking to steal data. Instead, they also threaten to disclose sensitive information, holding organisations to ransom.

As Brenton Harris outlines, it takes an attacker a median time of just 72 minutes to access private data following a phishing attack. “From there, it’s a mere 102 minutes for that attacker to invade the network and potentially deploy a ransomware attack. Their speed within the digital realm is astonishing.”

Why are NFPs Prime Targets?

NFPs often handle a sensitive information. From client details, financial transactions, to personal stories, thus making them a treasure trove of data. Cybercriminals recognise the value of this data, either for direct financial gain or for resale in the dark web. What’s more, on average, NFPs operate on tight budgets prioritising their cause over operational aspects of their data security. Consequently, making the industry be viewed as a soft target.

Paying the Price for Cyber Complacency

Recent incidents starkly highlight the perils of downplaying cyber threats. Despite many organisations’ belief in their immunity against the cunning strategies of today’s cybercriminals, the reality tells a different tale. No sector is safe.

There are real-life examples happening daily of the the magnitude and intricacies of cyber threats that highlight the vulnerabilities even  big corporations face.

Attack

The NFP was ensnared by a ransomware attack, leaving its email system paralysed. The culprits? A seemingly innocuous phishing attack. Yet, this was no ordinary breach. Cybercriminals capitalised on a Customer Virtual Assistant (CVA) vulnerability to infiltrate the organisation’s digital realm.

Technical Details

The attackers targeted an unpatched vulnerability in the organisation’s exchange server. Even though the organisation had transitioned most of its operations to the cloud it maintained certain on-premises infrastructure, including the vulnerable exchange server.

Consequences

Once inside, the attackers swiftly encrypted the organisation’s data. The NFP found itself in a race against time, striving to restore access to their encrypted files. The financial impact? A hefty 200,000 AUD. The organisation grappled with four days of operational standstill to add to the turmoil before resuming its usual activities.

Lessons

The essential lesson from this incident is the importance of timely patching. The organisation’s IT team struggled to keep up with the necessary patching cycles, leaving their digital environment vulnerable. Whether the organisation was unaware of this lapse or deemed it an acceptable risk remains unclear. However, the consequences of this oversight were undeniably severe.

Conclusion

It’s clear that even organisations who think they’re off the radar need to step up their cyber security game. It’s not just about playing defence anymore; it’s about staying two steps ahead. Regular updates, keeping a keen eye on systems, and having a solid cyber security plan are crucial to avoiding major cyber incidents.

Strategies to Fortify Cyber Defences

The best cyber security strategies don’t just hinge on applying the latest tech tools,, instead, it comes from a deep understanding of the basics. Brenton Harris emphasises the following three pivotal areas:

  1. Mastering the Fundamentals
    Before navigating the complexities of advanced cyber security measures, it’s essential to grasp foundational elements. Harris emphasises how the Essential 8 framework is an exceptional resource to tackle the basics and achieve compliance level 1. The most effective defence against ransomware, for example, includes Multifactor Authentication and frequent security patches. According to the ACSC Cybercrime Report, only 50% of NFP’s have Multifactor Authentication enforced, and 70% have no vulnerability assessment to understand risk exposure.
  2. Frameworks and Accreditation
    The Australian Cyber Security Centre (ACSC) framework is an indispensable guide, offering a structured approach tailored for NFPs. Alternatively, the NIST framework is more comprehensive and has a broader scope on cyber security. Organisations seeking external endorsement protocols can engage with ISO 27001as a gold standard.

Drafting a Resilient Cyber Security Response Plan

In the complex world of cyber security, forearmed is forewarned. A meticulously drafted response strategy can be the line between a situation under control and an all-out debacle. Such a plan offers a clear course of action during a breach and bolsters stakeholder confidence. The effect of which reassures stakeholders of the organisation’s capability to weather digital storms. Key components of an effective plan include the following:

  • Defining Roles
    Clearly delineate roles, responsibilities, and communication channels to ensure a coordinated response during an incident.
  • Assessing the Threat Metrics
    Categorise incidents based on their severity to streamline the response process. Doing so ensures that resources are allocated appropriately, from minor glitches to critical breaches.
  • Transparent Communication
    Lay down guidelines for both in-house and outward-facing communications. This includes determining who authorises public statements, bolstering staff morale during crises, and keeping clients and associates in the loop.

Unlocking Microsoft 365’s Cyber Security Arsenal

Far from being just a productivity toolkit, Microsoft 365 emerges as a stalwart in the cyber security arena. Its suite of features not only amplifies operational efficiency but also fortifies an organisation’s digital security. Key digital security features include:

  • Selective Application Access (Whitelisting)
    Organisations can dramatically mitigate their vulnerability by curating a list of permitted applications on user computers, blocking non essential applications.
  • Reliable Backup
    Regular backups are a safety net, ensuring data recovery even after a cyber attack.
  • Defences for the Remote Worker
    Tools such as Smart Screen and the Microsoft Defender suite stand guard, ensuring a secure digital workspace.

Guarding Gadgets: Safeguarding Frontline Workers’ Devices

Frontline workers are equipped with mobile devices. This modern convenience helps boost their productivity and reach, however, it also demands robust cyber defences. After all, the stakes are high, especially for NFPs who handle sensitive client data. Addressing this challenge involves a multi-faceted approach:

  • Device Management
    Using tools like Microsoft Intune, companies now have a powerful way to keep their devices in check. It’s not just about managing gadgets; it’s about protecting data, setting up those essential PIN codes, and keeping an eye on what apps are up to.
  • User Uplift
    Mere tech won’t suffice. Through hands-on training and real-world phishing simulations, management, staff and volunteers can sharpen user vigilance and embrace cyber security norms.
  • Standardisation is Key
    Organisations can fine-tune their cyber defences by narrowing the spectrum of apps and devices. In essence, “Guard what’s active, making security proactive.”

Conclusion

Cyber threats are evolving, and NFPs must evolve faster. But building a resilient cyber security strategy, ensuring compliance, and upholding transparent reporting isn’t a walk in the park.

It takes time and serious consideration. Bremmar, with a history of success with different NFP clients, can offer a clear path and tailor it to your organisation.

Engage with Bremmar to safeguard your present and fortify your organisation’s future in an increasingly complex digital world.

Watch our CPA event video:

 

Click here to watch our “Cyber Security Strategy, Compliance & Reporting Briefing for NFPs”.

Organisations with Bremmar's Digital Edge

Ready to get secure?

Book a discussion with a consultant today

Protect your organisation with Bremmar’s Cyber Security Solutions

"The current IT initiatives with Bremmar have had a big impact on us achieving our purpose here at Lifeline WA. The enablement it has had to all employees to allow them to get on with their roles and concentrate on the services they deliver is important to us. And reducing the amount of paper that's going around the office, reducing the amount of process and procedure that we have. Any automation that's been put in has been key to achieving that."

Mitigating Cyber Risks in Human Services: Bremmar’s Holistic Security Approach 

The number of cyber attacks has been rising worldwide. Cyber Security has become the focus of the news and a central topic in organisations from different sectors. 

According to the Microsoft Digital Defence Report, Not-for-Profit organisations are the second most cyber-targeted industry. With the ever-evolving digital landscape, organisations must adapt to new trends and standards, and address any cyber security gaps that may arise due to a lack of knowledge. 

The Australian Cyber Security Centre (ACSC) recognised the threat and created the “Essential 8 Security Framework”. This framework is a valuable guide for all Australian businesses, for profit and not-for-profit, in safeguarding their data and systems from potential attacks by establishing a strong defence against cyber threats. 

The NFP, Aged Care and Disability Care industries handle highly sensitive client data, creating specific industry challenges and requirements around cyber security. To address the particularities of these sectors, Bremmar developed two products that cater for the specific demands and pain points of the human services sector and can be scaled depending on the size of the organisations – also helping organisations to leverage their Microsoft 365 licence to comply against the Essential 8 framework. 

Microsoft 365 Security Partnership and Security Standard 

Microsoft 365 Security Partnership 

Bremmar offers tailored and holistic IT services to Not-for-profits, Disability organisations and Aged Care providers, from consultation, strategy, IT support, productivity solutions and cyber security. Through Bremmar’s unique offering, the Microsoft 365 Security Partnership, clients have access to industry and security consultants on a quarterly basis to implement and progress a range of solutions to assist their in-house IT team or Managed Services Provider in filling in Cyber Security gaps. 

“The Cyber Security Partnership journey starts with a Microsoft 365 Secure Score Report, which is about the Security of their Microsoft 365 environment. We also perform an Essential 8 compliance assessment to see where the organisation stands at certain point in time”. Explains Brenton Harris, Bremmar’s Managing Director. “We print off those reports and then have a workshop with the client once a quarter to help them assess and improve their cyber security leveraging their existing Microsoft 365 platform”, he adds. 

Clients on the Microsoft 365 Security Partnership are also eligible for a Quarterly Vulnerability Scan. “This is a tool we deploy on all endpoints where we scan the organisation’s computers and survey infrastructure to identify app vulnerabilities and find holes/gaps. As a result, we often end up with an overall picture of where all the organisation’s cyber security gaps are”, explains Brenton. 

“From there, clients can choose extra add-ons to the Microsoft 365 Security Partnership. We call these extras services, packages, which are projects with a set scope, timeframe and deliverables that are recommended at the beginning of the organisation’s journey, for example, rolling out Microsoft Defender – the antivirus product from Microsoft – in only two weeks. The goal of these extra services (packages) is to make clients’ cyber security more robust in a short timeframe.  “, he completes. 

Security Standard 

Bremmar’s Security Standard, on the other hand, is a more comprehensive solution focused on delivering compliance and security cadence to the organisation from the initial engagement.The process starts with Bremmar assessing the organisation’s cyber security compliance against the Microsoft 365 Secure Score Report and the Essential 8 Framework. These reports give Bremmar a deeper understanding of where the security gaps are so solutions can be rolled out upfront.  

“With the Security Standard, we come in and we roll out all the projects we need upfront and then we deliver compliance on an ongoing basis”, explains Brenton. “The biggest pain point organisations have is becoming compliant quickly, the second is the energy it takes to assess the reports and make decisions – and there are many meetings to decide what to do first. With the Security Standard, we help the client achieve compliance in a short timeframe”, Brenton completes. 

The journey to a secure and compliant organisation  

The Security Standard journey starts with Bremmar educating clients and stakeholders about cyber security and the risks of ignoring compliance, setting ongoing reporting schedules and creating a well-developed response plan to mitigate damage in case of a compromise. 

The first step is to raise awareness about specific risks the organisation faces. To tackle this, the Bremmar team hosts workshops and aims to explain the potential consequences of cyber attacks and the risk of sensitive data breaches to stakeholders, from frontline workers to board members. 

“The boards of Not-For-Profits, for example, have been driving hard for cyber security compliance”, explains Brenton. “As directors of the organisations, they have a high level of liability if something goes wrong”, he completes. 

Once the clients understand the significance of cyber security, they need to designate a cyber security “champion” – Someone within the organisation responsible for overseeing and coordinating all cyber security efforts and ensuring that the necessary measures are in place. 

Bremmar then assists clients evaluate their internal capabilities and determine whether they have the necessary expertise and resources to manage their cyber security effectively. If there are gaps in their skillsets, they may consider engaging an external provider like Bremmar to supplement their capabilities and provide specialised cyber security services. 

The next step is to assess the client’s current cyber security state by: 

  • Thoroughly evaluating their existing cyber security measures. 
  • Identifying any vulnerabilities or weaknesses
  • Determining areas that require improvement. 

This assessment provides a baseline for the client’s cyber security posture and helps in identifying specific areas that need attention. 

From there, it is vital to leverage frameworks and tools. Clients can benefit from adhering to established cyber security frameworks such as the Australian Essential 8 and the American National Institute of Standards and Technology (NIST), which provide a set of recommended security controls to mitigate common threats.  

Clients should also establish a regular reporting mechanism that provides visibility into their security status, identifies emerging threats, and tracks the progress of security initiatives. This reporting enables informed decision-making and timely remediation of any cyber security issues. 

Response planning is an integral part of any cyber security journey. Clients need to develop a comprehensive response plan that outlines the steps to follow during a cyber security incident. This plan should include procedures for detecting, containing, and recovering from security breaches and communication protocols to ensure effective response coordination. 

“It is vital to determine who gets the phone call at night, for example, when the mailbox gets hacked. Is it the CFO, or is it someone else? And do they know how to handle that situation? Should they turn everything off? The accountable person needs a process in place and to be aware of what to do. We can help them make those crucial decisions and create that process”, explains Brenton. 

By following these steps in Bremmar’s Security Standard journey, clients can establish a solid foundation for cyber security efforts. They can proactively address their vulnerabilities, align their practices with industry standards, and continuously monitor and improve their security posture. This journey enables clients to protect their valuable assets, maintain the trust of their stakeholders, and mitigate the potential risks posed by cyber threats. 

At Bremmar, we understand the human services sector’s unique challenges and offer tailored services to help drive business success. Let us help you streamline your IT operations and enhance your organisation’s cyber security. 

In the security standard journey, clients embark on a systematic process to enhance their cyber security measures:  

  • Education and Awareness: The journey begins with educating clients about the importance of cyber security and creating awareness about the risks they face. Understanding the potential consequences of cyber threats motivates clients to take action and prioritise cybersecurity.

  • Assessment and Gap Analysis: Clients comprehensively assess their current cyber security state. This involves evaluating their security measures, identifying vulnerabilities and weaknesses, and conducting a gap analysis to determine improvement areas.

  • Framework and Best Practice Adoption: Clients leverage established cyber security frameworks, such as Essential 8, to align their practices with industry and best practices. These frameworks provide a roadmap for implementing effective security controls and mitigating common threats.

  • Skill Set Evaluation: Clients evaluate their internal skill sets and resources to determine if they have the necessary expertise to address their cyber security needs. If gaps are identified, they may seek external assistance from cyber security specialists like Bremmar to augment their capabilities.

  • Ongoing Reporting and Monitoring: Establishing a robust reporting mechanism is crucial for clients to monitor their cyber security posture continually. Regular reporting provides visibility into security metrics, identifies emerging threats, and tracks the progress of security initiatives. This enables informed decision-making and timely remediation of vulnerabilities.

  • Response Planning and Incident Management: Clients develop a comprehensive response plan to handle cyber security incidents effectively. This includes defining incident response procedures, establishing communication channels, and conducting regular drills to ensure preparedness in the event of a breach.

Organisations with Bremmar's Digital Edge

Ready to get secure?

Book a discussion with a consultant today

Strategy towards an Efficient and Cyber Secure Organisation

"Bremmar have been invaluable in helping guide us through our transformation. They know our goals, have helped us map out a strategic roadmap for success, and they deliver on set milestones each month to push us further towards our goal."

The digital landscape constantly evolves, and organisations must stay updated with technological changes. They must adapt to new trends and standards and address any cyber security gaps that may arise due to a lack of knowledge.

For Not-For-Profit (NFP), Aged Care, or Disability organisations, early adoption of key tools available in organisations’ Microsoft 365 licensing, such as SharePoint, Power BI, Power Apps, and Microsoft Defender, can make a significant difference in achieving organisational goals efficiently and securely.

However, it is crucial to consider the pain points of the human services sector and their staff whilst implementing these new tools, such as high staff turnover and low IT (Information Technology) literacy among frontline workers.

Running your organisation from the cloud

Rushad Billimoria, Bremmar’s Lead Consultant for the Not-For-Profit, Aged Care, and Disability sectors, has over ten years of experience implementing Microsoft technologies and educating stakeholders. He explains, “Microsoft has developed a great toolset that we’ve successfully used across multiple organisations. It provides a centralised location for file storage and tools for collaboration, communication, business automation and data analytics, all within a secure cyber environment.”

One of the benefits of adopting Microsoft 365 tools is the shift away from traditional server environments. Keeping hardware in-house requires constant maintenance, upgrades, and risks associated with damage or critical failures. Rushad elaborates, “When you move data into the cloud, you have not only the benefit of having a digital copy but also being able to collaborate and access the file from the office or when caring for clients in remote locations.”, explains Rushad. “We’ve got plenty of clients successfully running primarily through Microsoft 365, especially in the not-for-profit space. Microsoft’s donation licensing and discounted licensing make it a perfect cost point for the sector”, adds Rushad.

Automation and efficiency at the tip of your workforce fingers

Efficiency is key when running successful organisations. Streamlining processes and enhancing operational workflows improve staff experiences and enable resource allocation to other, more high-value areas.

Many organisations still rely on manual processes, such as paper-based forms or Excel registers, which create cumbersome tasks and workflows for staff. “For instance, when recording and reporting incidents, staff may write down details on paper and wait until they are in the office to send the information via email. This can lead to incomplete or unreadable data, posing risks and non-compliance with industry regulations”, explains Rushad.

The Lead Consultant also highlights that numerous back-and-forth approval processes involve printing, signing, and scanning documents, which is time-consuming, especially with a high volume of clients and tasks. Rushad affirms, “We can minimise manual processes and administrative tasks by creating digital workflows and automation that improve efficiency and save staff time”. “According to a Forrester Total Economic Impact study, organisations that use Power Apps can save up to 1.6 hours per week for 80% of their users in three years and have an up to 74% lower application development cost”, he completes.

“Digitising forms can be accomplished through various methods such as using Microsoft Forms, an online web-based platform, or a more sophisticated PowerApp”, says Rushad. “We can, for example, use an Incident Management App that streamlines the process by making forms accessible even on mobile devices”, he completes.

Another advantage of having digital forms is that they remind the workforce about the essential information to capture. Once submitted, the data flows through an automated workflow, reaching the relevant approvers. Rushad adds, “Everyone involved in that process will be notified, streamlining the process from the source to the approval.”

Rushad shares a real-life example: “Bremmar had an Aged Care facility where we implemented an Incident Management App, and the number of incidents lodged grew three times.” This growth was not due to increased incidents but because the previous process was complicated, resulting in incomplete information capture.

Digitising processes significantly improve daily organisational operations from a compliance perspective. When processes are easier to manage, staff members are more likely to adhere to them, and there is buy-in from the team members.

“One of the biggest issues we had was that it was hard to manage policies, procedures and forms. There were long, manual processes that involved multiple emails and time-consuming back and forth communication. Now we can manage this whole workflow with a click of a button which makes it so much easier."

How Bremmar partners with NFPs?

Building a collaborative and cyber secure workspace

One significant advantage of Microsoft 365 is that it is highly accessible from any device. Frontline workforce personnel can travel with mobile devices, allowing them to access files in SharePoint conveniently. However, Rushad acknowledges the increased security risks associated with accessibility. Microsoft 365’s security features like Defender and Mobile Application Management address these concerns, ensuring secure access to sensitive information, even remotely or through staff devices.

The security solutions offered by Microsoft 365 enable remote access to files without compromising stakeholders’ privacy – the employer can’t access staff personal information – or the organisation’s data security.

Rushad emphasises that Microsoft 365 is the central repository for files and systems and that organisations may have different third-party Software as a Service (SaaS) systems hosted in the cloud, such as care and finance systems. “To make the experience seamless, Bremmar creates an employee hub, such as a SharePoint Intranet, to provide easy access to all required files, documents, and web-based SaaS applications. This portal enhances staff productivity, fosters a sense of community, and ensures the organisation’s missions and values are communicated effectively”.

This process also aids in employee onboarding, as policies, procedures, how-to videos, and self-help guides can be accessed easily through SharePoint. “Storing essential documents securely in the cloud mitigates the risk of losing paper documents or files stored on physical servers”, says the Lead Consultant. Another advantage of SharePoint is the versioning feature. “Documents can be restored to previous versions if needed, preventing mistakes or the deletion of essential information in the file”, he completes.

From an individual perspective, Microsoft 365 enables staff, especially the ones with low IT literacy levels, to access what they need without struggling with the technology – particularly important for frontline workers fulfilling the organisation’s mission.

Microsoft Teams -a tool beyond video calling or chat for the Remote Workforce

Microsoft Teams has become an essential tool, particularly in remote work scenarios. It offers features such as virtual meetings and instant chat, which organisations have widely used. However, most organisations still need to know the benefits of adopting Teams Calling. The tool brings landline extensions into the digital space, making it mobile and highly accessible for the staff. “It enables seamless communication regardless of the work location or whether the workforce is in or out of the office”, explains Rushad.

Bringing such communication platforms into a unified interface offers many advantages, such as a single sign-on, standardised security and leveraging the investment on the platform. However, achieving buy-in from the entire organisation is crucial, and Bremmar’s Microsoft 365 partnership service helps stakeholders understand the benefits of adopting these tools. “We partner with organisations deeply to understand their pain points, requirements and details. That could be from securing data accessed externally to aging infrastructure. We learn their pain points and tailor solutions with demonstrations, guidance and advice”, affirms Rushad. “We also create roadmaps and plan how to integrate and enable the stakeholders, executives and the board”, he completes.

“At Bremmar, we recognise the human services sector challenges and offer tailored services to support you in achieving your mission, and we look forward to helping you make a positive impact in your organisation”, completes Rushad.

New call-to-action
New call-to-action

Ready to get secure?

Book a discussion with a consultant today

How Human Services organisations can drive business success with managed IT services

"The current IT initiatives with Bremmar have had a big impact on us achieving our purpose here at Lifeline WA. The enablement it has had to all employees to allow them to get on with their roles and concentrate on the services they deliver is important to us. And reducing the amount of paper that's going around the office, reducing the amount of process and procedure that we have. Any automation that's been put in has been key to achieving that."

Are you getting the best value for your organisation from your managed IT services partnership? Perhaps you’re the CEO of a not-for-profit (NFP), Aged Care or Disability organisation struggling to keep up with the ever-evolving complex digital world while staying focused on your organisation’s goals?

When implementing new technologies, you may be facing unique challenges such as high staff turnover, low IT literacy levels of frontline workers, and change fatigue. Or, perhaps, you’re wrestling with unintegrated systems and cumbersome tools, leading to frontline workers spending time away from their duties. Maybe you lack cyber security accountability and the means for ongoing security initiatives.

If so, you are not alone.

Many CEOs and CFOs report feeling overwhelmed while trying to manage complex digital frameworks in-house. Not only do these issues consume time, but they also divert valuable resources away from delivering core services within the community. But there is a solution to these challenges: industry-focused managed IT services.

Industry-focused managed IT services – the solution for your organisation

A managed IT service provider (MSP) offers various IT services, such as implementing solutions, monitoring, maintaining and supporting an organisation’s technology infrastructure. The level of support provided depends on the client’s IT needs. For instance, Bremmar offers a broad range of options, specialising in managing IT systems and user IT support, as well as technology leadership and IT consulting services for productivity and cyber-security leveraging Microsoft products to our clients.

The difference of our industry-focused managed IT services is in our dedication and commitment to the Not-for-Profit and Human Services sectors, offering personalised IT support that understands the urgency of helping staff in these industries and the unique challenges organisations in these sectors experience, such as the need to support a large, transient and often remote workforce.

How can a industry-focused managed IT services benefit your organisation?

By outsourcing your IT needs to Bremmar, NFP, Aged Care and Disability organisations can optimise care delivery and improve efficiency while reducing costs – we have years of experience trialing solutions to deliver the best outcomes. For example, we help our clients leverage cloud-based technology for data storage, communication services, and software applications, providing frontline care workers with the flexibility to access information anytime, anywhere, on any device. This results in streamlined communication, more efficient service delivery, and better client outcomes.

As Managing Director, Brenton Harris explains, “We manage the complexities of IT systems so that executives can focus on what matters most – delivering the best services while meeting their business goals and budget.”

Bremmar commits to managing clients’ IT challenges so they can focus on delivering exceptional services to their communities.

But here’s the thing. If you’re a CEO thinking about managed IT services, partnering with Bremmar doesn’t mean you have to eliminate your internal IT department. Instead, Bremmar helps supplement your existing IT staff by providing specialised skills and knowledge when needed. Think of Bremmar as your safety net. Bremmar leverages your internal IT team’s expertise and complements it with specialised, industry-experienced staff to fill in the gaps. That means if someone on your internal IT team leaves, we’ve got your back and can make the staff transition seamless.

“One of the many things clients appreciate about our services is that we work closely with their IT staff and fill in the skills gaps as needed,” says Harris.

Our client Seth Phillips, Operations and Facilities Coordinator at Lifeline WA and the person responsible to implement the organisation’s IT initiatives, agrees: “To have Bremmar as an escalation point gives me a lot of confidence to support the team and manage the systems better. They’ve got a great breadth of expertise across all Microsoft products, which means I can get answers quickly, learn and improve my skills as I go.”

Watch Bremmar and Lifeline WA case study below 👇

 

Industry-specific approach for enhanced efficiency and productivity

Establishing a strong partnership with a MSP like Bremmar enables your organisation with access to a team of IT experts who help manage and maintain the organisation’s IT systems. Be it infrastructure like hardware, software, and network management, resolving technical problems, or supporting staff to feel comfortable using newer apps such as Teams and SharePoint.

For example, frontline workers often need to use work devices such as phones, computers, and tablets to deal with client data, and it’s critical that they can do so efficiently, securely and streamlined. But one of the biggest IT challenges for organisations is accessing the information and apps neededremotely from a single interface.

“Care workers don’t want to access multiple applications via their mobile phone to input data. Instead, they want seamless access using one or two apps when working remotely on location with clients,” says Harris.

Bremmar understands this need and provides solutions that allow organisationsto operate seamlessly. For example, we help NFPs, Aged Care and Disability providers integrate their various software applications – when possible – into a single interface for easy access. Our team also provides ongoing training and support to ensure that frontline workers are up-to-date with the latest technology and can operate efficiently. With Bremmar’s managed IT services, NFPs can streamline their IT processes, reduce costs, and improve efficiency and productivity.

Enda Fahy, Southcare CFO and Bremmar client, highlights the importance of that industry experience: “Bremmar really brings together the strategy element, project element and managed service element all in one. They also have solid knowledge of the NFP and Aged Care sectors which is pretty niche. From the very first project, Bremmar understood our needs. We didn’t have to spend a lot of time getting them to understand what we’re trying to achieve. We wouldn’t have had the same level of confidence with someone who wasn’t as familiar with our industry,” says Enda.

Increased cyber security for your NFP, Aged Care or Disability organisation

Managed IT services also play a crucial role in safeguarding valuable data from cyber threats by implementing the latest security measures. Bremmar’s skilled team ensures that client systems undergo regular monitoring and updates. From security patches, software updates, and backups to maintaining IT infrastructure security against malware, viruses, and hackers, Bremmar offers it all.

However, Bremmar recognises that out-of-the-box security solutions don’t work for every organisation and budget, so we tailor our solutions to your organisation and stakeholder’s needs. “We identify where our clients stand concerning compliance with the Essential 8 guidelines and provide a report to help them strategise where to focus their cyber security effortsOne of Bremmar’s goals is to help NFPs meet their cyber security obligations and ensure they continue to access their grant programs and funding while maintaining their reputation,” says Harris.

To help address the challenges organisations face in rapidly developing their security posture, Bremmar has recently launched an exclusive cyber-security service for its Managed Services clients.

“We understand our clients difficulties meeting internal and external demands for a cyber security plan and mitigating the risks from evolving IT systems, so our service helps them achieve and maintain Essential 8 compliance, as well as continuously scan for vulnerabilities to identify security gaps,” explains Harris.

The main difference of this security service is establishing security cadence for organisations. Quarterly cyber security consulting meetings and reporting make it easy for your organisation to achieve and maintain Essential 8 compliance so that from management to board level, there is confidence in the organisation’s cyber security posture.

Maximised data protection

Similarly, Bremmar recognises that high staff turnover in the care sector can present data security risks. To address this, Bremmar offers NFPs staff training services to improve data protection.

Take rapid onboarding, for example. Fast-tracking the training of new employees to ensure they know the organisation’s cyber security policies is crucial. So Bremmar provides cyber awareness training for NFP staff and ensures everyone is up to speed on storing sensitive client data, identifying potential risks, and responding accordingly.

Bremmar’s Managing Director, Brenton Harris, stresses the significance of training and developing staff skills in recognising and avoiding cyber threats. He highlights Bremmar goes above and beyond by creating cyber threat simulations, such as phishing emails, to mentor staff on best practices.

Improved Microsoft 365 outcomes

Bremmar also recognises that many NFP, Aged Care and Disability organisations are not making the most of their Microsoft 365 licence, which affect their outcomes. By not utilising the latest features and improvements that Microsoft continuously introduces, organisations may miss out on the potential benefits, including discounted licensing opportunities. As such, Bremmar assists Human Services organisations to leverage their Microsoft 365 licensing to enhance productivity and efficiency.

For example, Bremmar offers streamlined support processes for clients to take advantage of cloud-based tools and services. Doing so makes it easy to manage, update, and maintain IT systems while reducing the burden on IT staff and ensuring that frontline workers get access to the latest tools and resources they need to do their jobs effectively.

Additionally, Bremmar offers change management resources, such as training and support for staff, to help NFPs , Aged Care and Disability providers adopt new technologies and reduce change fatigue.

"Bremmar’s knowledge of the NFP sector was a very important factor in our selection process. We required a partnership that assisted us with not just managed services, but that guided us in developing and implementing our long-term IT roadmap and project support. Bremmar’s understanding of an organisation’s size, budget, maturity and limitations have been key to the overall partnership success."

Value for money experience

When the CEO of a well-known Perth-based NFP approached Bremmar, their organisation needed a service to review its existing applications, assess workflow processes, and gauge the adoption of Microsoft 365 to grow the business.

First, Bremmar interviewed caseworkers and supervisors to understand the workflow and administration pain points. Then, Bremmar’s expert team audited the existing systems and apps and got feedback from staff on using the NFPs current technology.

Once Bremmar had a complete picture of the organisation’s needs, they put together a strategy for the executive team showing the best way to scale up and grow. But Bremmar’s consulting services didn’t stop there. The NFP’s executive team invited Bremmar to help pitch the IT strategy to their Board.

After that, the IT servicing component of the plan was put to tender so that the NFP could identify the best MSP in an open market. And guess what? Bremmar won the contract.

Brenton Harris, explains why Bremmar differs from other IT support partners: ” eighty per cent of our clients are non-profit. Therefore, we understand the nature of NFPs and their work. Our passion is modernising how NFPs work while keeping their costs down.”

In conclusion, industry-focused managed IT services offer a range of benefits to not-for-profit, Aged Care and Disability organisations, including enhanced efficiency and productivity, increased cyber security, maximised data protection, and intelligent cost savings. 

With the help of a managed service provider like Bremmar, organisations can access a team of IT experts who can manage and maintain their IT systems, implement security measures to safeguard valuable data and provide staff training services to improve data protection. Additionally, MSPs can help organisations adopt new technologies, such as cloud-based solutions or productivity tools like Microsoft 365, resulting in significant cost savings.

At Bremmar, we understand the unique challenges that NFPs face and offer tailored services to help drive business success. Let us help you streamline your IT operations, reduce costs, and enhance the efficiency and productivity of your organisation.

New call-to-action
New call-to-action

Ready to get secure?

Book a discussion with a consultant today

Cyber Security and the Essential 8 Security Framework for Not-For-Profit Organisations

With cyber attacks on the rise, cyber security is at the forefront of every business operator’s mind and, according to the Microsoft Digital Defence Report 2022, not-for-profit organisations (NFPs) are the second most cyber-targeted industry. The report suggests NFPs are particularly vulnerable to cyber attacks because organisations often don’t have the resources to implement robust security measures.

Fortunately, the Australian Cyber Security Centre (ACSC) has developed the Essential 8 Security Framework as a guide to help all Australian businesses protect their data and systems from cyber threats. Let’s look closer at this framework and how Microsoft 365 and Azure can help your organisation achieve affordable data security.

What is the Essential 8 Framework?

As mentioned earlier, the Essential 8 Security Framework, sometimes called the Essential Eight or ASD Essential Eight, was developed by the Australian Cyber Security Centre (ACSC) to guide organisations in protecting their computer systems and data from cyber threats.

The framework outlines eight key security strategies organisations should implement to reduce their risk of a successful cyber attack. These best practice cyber security controls are:

  1. Configuring Microsoft Office macro settings
  2. Application whitelisting
  3. Patching applications
  4. User application hardening
  5. Patching operating systems
  6. Restricting administrative privileges
  7. Multi-factor authentication (MFA)
  8. Daily backups

Ultimately, these eight strategies have three primary objectives: preventing cyber attacks and limiting attack impact and data availability.

Why is it relevant for not-for-profit organisations?

If you manage an NFP, you’re already aware of your organisation’s growing reliance on technology for day-to-day operations. Whether it’s online banking, managing donor information, coordinating fundraising activities or running your social media campaigns – it all takes place on computers and mobile devices, which are open to cyber attacks. Unfortunately, opportunistic cybercriminals know that NFPs hold confidential and sensitive client data and are perceived as an easier target because of the sector’s limited resources to implement cyber security measures. Consequently, hackers are more likely to target not-for-profit organisations because of the large volume of mobile devices used by frontline workers which gives attackers’ better chances of accessing data or systems without detection.

Considering the impact of a cyber breach to NFPs, which ranges from reputational damage to compromising clients, implementing the Essential 8 Security Framework protocols to protect against potential cyber threats is essential. Ultimately, the Essential 8 Framework provides your organisation with the basics to ensure your data is secure from malicious cyber attacks.

“Also, what many not-for-profit organisations don’t realise,” says Brenton Harris, Managing Director of Bremmar, “is that many grants available to not-for-profit organisations require a minimum level of cyber security to be in place to qualify.”

Get your free Essential 8 Security Assessment Report

Protect your valuable customer data from cyber-attacks with Essential 8 security framework. Assess your baseline today. Take our free assessment to get a summary report of your compliance level and secure your not-for-profit organisation.

Assess your level of compliance against the Essential 8 Framework with this tool developed specifically for Not-For-Profits
Take our free assessment now!

How can Microsoft 365 and Azure help achieve the Essential 8 Framework?

Microsoft 365 (M365) and Azure provide a comprehensive suite of cyber security tools to protect your organisation’s data.

With Microsoft 365, for example, you can implement multi-factor authentication, one of the key components of the Essential 8 Framework. This provides an extra layer of security by requiring users to enter a code sent to their mobile device or email address in addition to their username and password.

However, Microsoft 365 Business Premium licensing comes with many other security features to help you achieve the Essential 8 framemework:

On the other hand, Azure allows you to take advantage of advanced security features such as threat detection, which can detect and alert you of suspicious activity on your network. Azure also provides a secure cloud-based platform for storing and managing data and tools for monitoring user access and activity. M365 and Azure each offer advanced analytics that allows organisations to understand potential threats better before they become serious issues.

As an NFP, you will have access to Microsoft licenses and security tools at a discounted price.

“As an NFPdigital transformation consultancy, we love nothing better than helping clients save costs by taking full advantage of their available software.” 

“If you have a Microsoft 365 Business Premium license, you already have access to all the tools you need to comply with the Essential 8 Security Framework level 1 (most basic). Microsoft also offers USD3.5k in donations towards NFP Azure subscriptions,” explains Brenton.

What else can NFP’s do to boost your cyber security?

Further to implementing the Essential 8 Framework and cyber security tools, your

organisation should consider other measures like:

  • Establishing a security owner within the organisation
  • Knowing where you stand right now
    • a) Understand full scope of what needs protecting
    • b) Ensure you prioritise the biggest risks first
    • c) Use our online Essential 8 Assessment for NFP
  • Leveraging security frameworks & tools, such as NIST
  • Evaluating what external security help you require
    • a) Evaluate in house capability
    • b) Evaluate capability of existing partners
    • c) Consider engaging a cyber security partner
  • Training volunteer staff on cyber security best practices.

Similarly, it is now best practice to ensure a data breach response plan is part of your policies and procedures. All Australian businesses with an annual turnover of $3 million must report data breaches or cyber attacks to impacted customers and the Australian Information Commissioner (OAIC) within 72 hours.

By taking the time to implement the Essential 8 Framework and other cyber security measures, protecting your NFP against malicious cyber attacks is possible.

Get professional help

At Bremmar, we understand your unique challenges as a not-for-profit when protecting your organisation’s digital assets from cyber threats. That said, we specialise in helping all our clients navigate the complex world of new technologies and ensure their data is well protected. 

“The good news is if you already have Microsoft 365, you have the tools to comply with the first level of the Essential 8 Security Framework,” says Brenton.

Unlike other IT service providers, Bremmar has extensive experience providing tailored solutions designed specifically for not-for-profits. So, talk to us when you want to learn where your organisation stands against the Essential 8 Security Framework, including a full report on your compliances and risks.

Conclusion

The Essential 8 Security Framework is an important tool for your not-for-profit organisation in protecting its data from cyber threats. Microsoft 365 and Azure provide a comprehensive suite of security tools to help organisations comply with the framework.

Other measures to boost cyber security including assigning a security owner within the business, knowing where you stand from a security standpoint right now, evaluating if you need external help  and training volunteer staff on cyber security best practices.

Finally, it is essential to have a comprehensive incident response plan in case of any data breaches or cyber attacks.

At Bremmar, we understand the unique challenges you face as an NFP and are here to help you navigate the complex world of new technologies and ensure that your data is well protected. We aim to make it easier for you to implement cyber security best practices so you can focus on doing what you do best – making a positive impact in our world. 

Free Essential 8 security assessment
Take our free assessment to get a summary report of your compliance level and secure your not-for-profit organisation.

Further reading

Are outdated manual processes holding your business back?

Transform the way you digitise your business processes.

How to build a comprehensive security suite with your existing M365 licensing.