Mitigating Cyber Risks in Human Services: Bremmar’s Holistic Security Approach
The number of cyber attacks has been rising worldwide. Cyber Security has become the focus of the news and a central topic in organisations from different sectors.
According to the Microsoft Digital Defence Report, Not-for-Profit organisations are the second most cyber-targeted industry. With the ever-evolving digital landscape, organisations must adapt to new trends and standards, and address any cyber security gaps that may arise due to a lack of knowledge.
The Australian Cyber Security Centre (ACSC) recognised the threat and created the “Essential 8 Security Framework”. This framework is a valuable guide for all Australian businesses, for profit and not-for-profit, in safeguarding their data and systems from potential attacks by establishing a strong defence against cyber threats.
The NFP, Aged Care and Disability Care industries handle highly sensitive client data, creating specific industry challenges and requirements around cyber security. To address the particularities of these sectors, Bremmar developed two products that cater for the specific demands and pain points of the human services sector and can be scaled depending on the size of the organisations – also helping organisations to leverage their Microsoft 365 licence to comply against the Essential 8 framework.
Microsoft 365 Security Partnership and Security Standard
Microsoft 365 Security Partnership
Bremmar offers tailored and holistic IT services to Not-for-profits, Disability organisations and Aged Care providers, from consultation, strategy, IT support, productivity solutions and cyber security. Through Bremmar’s unique offering, the Microsoft 365 Security Partnership, clients have access to industry and security consultants on a quarterly basis to implement and progress a range of solutions to assist their in-house IT team or Managed Services Provider in filling in Cyber Security gaps.
“The Cyber Security Partnership journey starts with a Microsoft 365 Secure Score Report, which is about the Security of their Microsoft 365 environment. We also perform an Essential 8 compliance assessment to see where the organisation stands at certain point in time”. Explains Brenton Harris, Bremmar’s Managing Director. “We print off those reports and then have a workshop with the client once a quarter to help them assess and improve their cyber security leveraging their existing Microsoft 365 platform”, he adds.
Clients on the Microsoft 365 Security Partnership are also eligible for a Quarterly Vulnerability Scan. “This is a tool we deploy on all endpoints where we scan the organisation’s computers and survey infrastructure to identify app vulnerabilities and find holes/gaps. As a result, we often end up with an overall picture of where all the organisation’s cyber security gaps are”, explains Brenton.
“From there, clients can choose extra add-ons to the Microsoft 365 Security Partnership. We call these extras services, packages, which are projects with a set scope, timeframe and deliverables that are recommended at the beginning of the organisation’s journey, for example, rolling out Microsoft Defender – the antivirus product from Microsoft – in only two weeks. The goal of these extra services (packages) is to make clients’ cyber security more robust in a short timeframe. “, he completes.
Bremmar’s Security Standard, on the other hand, is a more comprehensive solution focused on delivering compliance and security cadence to the organisation from the initial engagement.The process starts with Bremmar assessing the organisation’s cyber security compliance against the Microsoft 365 Secure Score Report and the Essential 8 Framework. These reports give Bremmar a deeper understanding of where the security gaps are so solutions can be rolled out upfront.
“With the Security Standard, we come in and we roll out all the projects we need upfront and then we deliver compliance on an ongoing basis”, explains Brenton. “The biggest pain point organisations have is becoming compliant quickly, the second is the energy it takes to assess the reports and make decisions – and there are many meetings to decide what to do first. With the Security Standard, we help the client achieve compliance in a short timeframe”, Brenton completes.
The journey to a secure and compliant organisation
The Security Standard journey starts with Bremmar educating clients and stakeholders about cyber security and the risks of ignoring compliance, setting ongoing reporting schedules and creating a well-developed response plan to mitigate damage in case of a compromise.
The first step is to raise awareness about specific risks the organisation faces. To tackle this, the Bremmar team hosts workshops and aims to explain the potential consequences of cyber attacks and the risk of sensitive data breaches to stakeholders, from frontline workers to board members.
“The boards of Not-For-Profits, for example, have been driving hard for cyber security compliance”, explains Brenton. “As directors of the organisations, they have a high level of liability if something goes wrong”, he completes.
Once the clients understand the significance of cyber security, they need to designate a cyber security “champion” – Someone within the organisation responsible for overseeing and coordinating all cyber security efforts and ensuring that the necessary measures are in place.
Bremmar then assists clients evaluate their internal capabilities and determine whether they have the necessary expertise and resources to manage their cyber security effectively. If there are gaps in their skillsets, they may consider engaging an external provider like Bremmar to supplement their capabilities and provide specialised cyber security services.
The next step is to assess the client’s current cyber security state by:
- Thoroughly evaluating their existing cyber security measures.
- Identifying any vulnerabilities or weaknesses
- Determining areas that require improvement.
This assessment provides a baseline for the client’s cyber security posture and helps in identifying specific areas that need attention.
From there, it is vital to leverage frameworks and tools. Clients can benefit from adhering to established cyber security frameworks such as the Australian Essential 8 and the American National Institute of Standards and Technology (NIST), which provide a set of recommended security controls to mitigate common threats.
Clients should also establish a regular reporting mechanism that provides visibility into their security status, identifies emerging threats, and tracks the progress of security initiatives. This reporting enables informed decision-making and timely remediation of any cyber security issues.
Response planning is an integral part of any cyber security journey. Clients need to develop a comprehensive response plan that outlines the steps to follow during a cyber security incident. This plan should include procedures for detecting, containing, and recovering from security breaches and communication protocols to ensure effective response coordination.
“It is vital to determine who gets the phone call at night, for example, when the mailbox gets hacked. Is it the CFO, or is it someone else? And do they know how to handle that situation? Should they turn everything off? The accountable person needs a process in place and to be aware of what to do. We can help them make those crucial decisions and create that process”, explains Brenton.
By following these steps in Bremmar’s Security Standard journey, clients can establish a solid foundation for cyber security efforts. They can proactively address their vulnerabilities, align their practices with industry standards, and continuously monitor and improve their security posture. This journey enables clients to protect their valuable assets, maintain the trust of their stakeholders, and mitigate the potential risks posed by cyber threats.
At Bremmar, we understand the human services sector’s unique challenges and offer tailored services to help drive business success. Let us help you streamline your IT operations and enhance your organisation’s cyber security.
In the security standard journey, clients embark on a systematic process to enhance their cyber security measures:
Education and Awareness: The journey begins with educating clients about the importance of cyber security and creating awareness about the risks they face. Understanding the potential consequences of cyber threats motivates clients to take action and prioritise cybersecurity.
Assessment and Gap Analysis: Clients comprehensively assess their current cyber security state. This involves evaluating their security measures, identifying vulnerabilities and weaknesses, and conducting a gap analysis to determine improvement areas.
Framework and Best Practice Adoption: Clients leverage established cyber security frameworks, such as Essential 8, to align their practices with industry and best practices. These frameworks provide a roadmap for implementing effective security controls and mitigating common threats.
Skill Set Evaluation: Clients evaluate their internal skill sets and resources to determine if they have the necessary expertise to address their cyber security needs. If gaps are identified, they may seek external assistance from cyber security specialists like Bremmar to augment their capabilities.
Ongoing Reporting and Monitoring: Establishing a robust reporting mechanism is crucial for clients to monitor their cyber security posture continually. Regular reporting provides visibility into security metrics, identifies emerging threats, and tracks the progress of security initiatives. This enables informed decision-making and timely remediation of vulnerabilities.
Response Planning and Incident Management: Clients develop a comprehensive response plan to handle cyber security incidents effectively. This includes defining incident response procedures, establishing communication channels, and conducting regular drills to ensure preparedness in the event of a breach.