The 360 Business Protect Standard
When partnering with an Australian business that has earned the Jam Cyber Secured badge, you can be confident that they are fully committed to safeguarding their operations, customers, suppliers, and employees against cyber threats. Businesses awarded this badge have implemented a comprehensive cyber security framework that integrates advanced technical systems, employee training, companywide procedures, cyber security governance, cyber policies, and ongoing monitoring and reporting. These elements work together to maximise their protection and ensure the security of their clients and suppliers. Below is a high-level overview of the security measures they have implemented.
Cyber Security Measures:
✔ Next Generation Antivirus: Leverages AI-driven threat detection to identify and block sophisticated malware before it can infiltrate systems, providing proactive defence against cyber threats.
✔ Website Filtering: Prevents access to malicious websites, mitigating the risk of phishing attacks and the download of harmful content that could compromise network security.
✔ Critical Program Updates: Ensures regular updates to all essential programs with the latest security patches, reducing vulnerabilities that attackers could exploit.
✔ Software Security Enhancements: Maintains consistent security updates across all software within the infrastructure, ensuring systems remain resilient against emerging threats.
✔ Automated Windows Security Updates: Streamlines the deployment of Windows security updates, mitigating risks from known vulnerabilities and ensuring continuous protection.
✔ Encrypted Cloud Backup: Secures data through encrypted cloud backups, ensuring that information remains recoverable and protected in the event of a ransomware attack or data breach.
✔ Macro Security Controls: Restricts the execution of potentially harmful macros in Microsoft Office, reducing the risk of malware delivery through email attachments or documents.
✔ Browser Security Enforcement: Implements stringent browser security settings to block access to known malicious sites, reducing the risk of drive-by downloads and other web-based attacks.
✔ Multi-Factor Authentication for Programs: Adds an additional security layer by requiring multiple forms of verification before accessing programs holding confidential and sensitive information, reducing the risk of unauthorised access.
✔ Multi-Factor Authentication for Logins: Enhances login security by requiring additional verification methods, such as codes sent to mobile devices, to prevent unauthorised system access.
✔ Application Whitelisting: Restricts software execution to only pre-approved applications, effectively preventing the introduction of malicious programs into the environment.
✔ User and Administrative Rights Management: Controls user access to sensitive systems and data, ensuring that only authorised personnel can make critical changes, thereby reducing the potential for insider threats.
✔ Domain Monitoring: Continuously monitors domains for signs of abuse, such as phishing campaigns or domain spoofing, allowing for swift action to prevent reputational damage and fraud.
✔ Employee Cyber Security Training: Provides comprehensive training on the latest cyber threats and best practices, equipping employees with the knowledge to avoid phishing scams and other attacks targeting human vulnerabilities.
✔ Monthly Cyber Risk Assessments: Conducts regular assessments and reporting of potential cyber risks, enabling proactive threat management and continuous improvement of security defences.
✔ Password Management: Enforces strong, unique passwords across all systems, significantly reducing the risk of credential theft and unauthorised access through compromised accounts.
✔ Data Encryption: Implements encryption for all sensitive data, both in transit and at rest, ensuring that even if data is intercepted or stolen, it remains unreadable and unusable by attackers.
✔ DMARC Protocols: Utilises email authentication protocols to protect against email spoofing and phishing attacks, ensuring secure and trustworthy communications.
Policies and Procedures in Place:
Policies:
- Cyber Security Configuration Management Process: Standardises the configuration of security settings across all systems, ensuring consistency and reducing the risk of misconfigurations that could be exploited by attackers.
- Employee Acceptable Cyber Use Policy: Defines acceptable use of IT resources, reducing the risk of security breaches caused by unsafe practices or the misuse of company systems.
- Remote Working ICT Policy: Secures remote work environments by enforcing security measures, such as VPN usage and endpoint protection, to prevent breaches that could occur outside the office.
- Data Breach Policy & Response Plan: Outlines procedures for responding to data breaches, ensuring quick containment, recovery, and mitigation of the impact on our business and stakeholders.
- Corporate Email Policy: Regulates email usage to prevent phishing, malware distribution, and data leaks, ensuring secure communication within and outside the organisation.
- Disaster Recovery Policy: Ensures that we can quickly recover and restore operations after a cyber incident, minimising downtime and the impact on our business.
- Password Management Policy: Enforces the use of strong, unique passwords and regular changes, reducing the likelihood of account compromise through weak or reused passwords.
Procedures:
- Incident Response Plan: Provides a structured approach for detecting, responding to, and recovering from cyber incidents, minimising damage and ensuring a quick return to normal operations.
- Data Recovery Plan: Ensures that all critical data can be quickly restored after an incident, reducing the risk of data loss and maintaining business continuity.
- Stolen Password Procedure: Outlines steps to be taken when a password is compromised, ensuring that accounts are quickly secured and the risk of further breaches is minimised.
- Lost or Stolen Device Procedure: Provides guidelines for securing data and access when a device is lost or stolen, preventing unauthorised access to company systems.
- Notification of Data Breach Templates: Prepares us to quickly notify affected parties in the event of a data breach, complying with legal requirements and maintaining transparency.
- Internal Incident Report Form: Facilitates the reporting of security incidents within the company, ensuring that all incidents are documented and addressed promptly.
- Employee Onboarding and Change Procedure: Ensures that new employees and changes in roles are managed securely, granting appropriate access rights while maintaining system security.
- Social Media Request Form: Controls and monitors the use of social media within the company, reducing the risk of data leaks or reputational damage from unsanctioned activities.
Asset Management:
- Asset Management System Framework: Provides a structured approach to managing ICT assets, ensuring that all devices and software are accounted for and secured.
- Operational ICT Asset Management Commitment: Demonstrates commitment to managing ICT assets securely, reducing the risk of unauthorised access or data breaches through asset mismanagement.
- Employee ICT Asset Management Policy: Defines responsibilities for managing and securing ICT assets, ensuring that employees are aware of their role in maintaining security.
- ICT Asset Inventory: Maintains a detailed inventory of all ICT assets, ensuring that the business can quickly identify and secure any devices in the event of a security incident.
- ICT Asset Request Form: Controls the procurement and deployment of ICT assets, ensuring that all devices meet security standards before being introduced to our network.
- ICT Asset Procurement Request Form: Ensures that all new ICT purchases are vetted for security compliance, preventing the introduction of vulnerable devices into infrastructure.
Business Cyber Security delivered via Cloud
