Eaglecrest Technologies

Another great question for the Board or CEO can ask to start the Information Security Management process.

Q: Are cyber risk an integral part of the organisation's risk management framework?

Comment:
- Important bits of ASIC's guidance draw attention to "...clearly defined metrics such as response time, cost and legal or compliance implications, and planned for to attract investment commensurate to a risk-based assessment."
- Sometimes, there is not the budget to put in the GOLD technical solution, particularly in the Not for Profit space. Diligence around assessing the risk is key!

Source of these Board questions-> https://asic.gov.au/regulatory-resources/corporate-governance/cyber-resilience/key-questions-for-an-organisation-s-board-of-directors/

We are here to help -> https://eaglecrest.com.au/professional-services

Two great starter questions that a Board or CEO can ask to start the Information Security Management process.

Q: In the event of a breach, would the subsequent investigation positively show that the Board has been "diligent" in it's fiduciary obligations around the information security risks?

Comment: A broad opener to start. Ideally to provoke serious discussion at the board level. Ideally, any cyber security framework will be used to address cybersecurity risks alongside other risks of the enterprise, including those that are financial, privacy, supply chain, reputational, technological, or physical in nature

Q. Who & What has access to what information?

Comment: Again broad, but what computers and systems have access to what information? What Staff Roles should have access to those computers and systems? What actual access do staff have?

These lead to starting to work through "Access Control"

Some more great questions-> https://asic.gov.au/regulatory-resources/corporate-governance/cyber-resilience/key-questions-for-an-organisation-s-board-of-directors/

We are here to help -> https://eaglecrest.com.au/professional-services

You cant eliminate having to perform some break / fix, but many businesses still believe they save money by running technology until it breaks. It simply is not true!

Step 2 of 5
- Risk and Governance is a great place for the board and owners to get involved, because they are ultimately responsible for this area of the business.
- It is critical to find out where the business is at in terms of technology based risk.
- Most of the time, businesses are only 30% properly aligned, as they begin this journey.
- Most importantly, acknowledging you are only 30% aligned and building out a strategy to address those gaps is WAY MORE important than being 30% aligned and NOT acknowledging the gaps.

We are here to help -> https://eaglecrest.com.au/professional-services

Strategy | Governance | IT Operations | Documentation | Asset Management

You cant eliminate having to perform some break / fix, but many businesses still believe they save money by running technology until it breaks. It simply is not true!

Step 1 -> If you dont really have a well defined Technology Strategy, then jump straight to Governance
Step 1a -> Picking a Governance Framework has been made easy by the Australian Government -> https://www.cyber.gov.au/resources-business-and-government

Where you are lacking against these frameworks, will start to help map out your strategy.

We are here to help -> https://eaglecrest.com.au/professional-services

Strategy | Governance | IT Operations | Documentation | Asset Management

It is critical to go beyond cybersecurity -> In fact, lets elevate the language and reframe cybersecurity as simply a technical part of your overall business risk and governance strategy.

Compliance | Don't get taken by surprise!

When it comes to compliance, don’t get taken by surprise.

- Identify and remediate red flags before they cause issues in your business.

- Make sure boards, exec's, staff, IT all agree and speak in a common language.

We are here to help, read more here-> https://eaglecrest.com.au/news/compliance-nosurprises-20240118

It is critical to go beyond cybersecurity -> In fact, lets elevate the language and reframe cybersecurity as simply a technical part of your overall business risk and governance strategy.

Wouldn’t it be nice if there were an all-in-one service to help you assess, manage, and prove compliance with relevant standards (or even your own)?

Now there is. It’s called Compliance-As-A-Service.

We have the solution for that -> https://eaglecrest.com.au/professional-services

Moving into compliance need not be messy!

It is critical to go beyond cybersecurity -> In fact, lets elevate the language and reframe cybersecurity as simply a technical part of your overall business risk and governance strategy.

Wouldn’t it be nice if there were an all-in-one service to help you assess, manage, and prove compliance with relevant standards (or even your own)?

Now there is. It’s called Compliance-As-A-Service.

We have the solution for that -> https://eaglecrest.com.au/professional-services

It is critical to go beyond cybersecurity -> In fact, lets elevate the language and reframe cybersecurity as simply a technical part of your overall business risk and governance strategy.

One thing we have seen in our clients that are undertaking the monthly Compliance As A Service, is the calmness that comes with the understanding of "Where are we at in the IT compliance process?"

Once you know the % level of compliance, then you can then strategically map out the next 10 or so priorities you need to start to work on.

- A compliance plan isn’t complete without reporting.
- Most regulations require some form of routine reporting or audit-readiness.

We have the solution for that -> https://eaglecrest.com.au/professional-services

Like many technologies, AI (Artificial Intelligence) can be a friend or a foe.

It most certainly can help with business productivity, BUT if you dont take the time to understand the possible RISKS of staff "just playing with it", then there will be unintended consequences.

BLOG below and a handy link to staff training poster

https://eaglecrest.com.au/news/compliance-ai-considerations

There are 5 pillars to be a Technology Service Provider-> Strategy, Governance, IT Operations, Documentation and Asset Management.

-We have the strategy, based on governance, to help minimise the risk of ICT crisis.
-We have the project team to help write your policies, plans, and procedures around ICT risk.
-We have the staff to help you work through an ICT crisis if it does occur.
-We have the systems and understanding to help assist the audits and investigations.

We are here to help with IT support -> https://eaglecrest.com.au/business-it-services

There are 5 pillars to be a Technology Service Provider-> Strategy, Governance, IT Operations, Documentation and Asset Management.

We have the staff to help you cover ALL the roles of the above 5 pillars.

Whether you don't have any ICT staff or you have some roles covered internally, we can cover the rest.

We are here to help with IT support -> https://eaglecrest.com.au/business-it-services

There are 5 pillars to be a Technology Service Provider-> Strategy, Governance, IT Operations, Documentation and Asset Management.

We have the tools to help you identify your ICT Assets, manage them, protect them and ultimately securely dispose of them.

We are here to help with IT support -> https://eaglecrest.com.au/business-it-services

Yes, we are getting very well known for our strategy and governance elements, but we can only offer those services through the solid delivery of our support offerings.

There are 5 pillars to be a Technology Service Provider-> Strategy, Governance, IT Operations, Documentation and Asset Management.

We have been successful in reducing the noise of daily IT support, in some cases, we have seen a reduction of 40% in B.A.U (business as usual) noise due to solid and steady implementation of Strategy and Governance.

We are here to help with IT support -> https://eaglecrest.com.au/business-it-services

Yes, we are getting very well known for our strategy and governance elements, but we can only offer those services through the solid delivery of our support offerings.

There are 5 pillars to be a Technology Service Provider-> Strategy, Governance, IT Operations, Documentation and Asset Management.

We have been successful in reducing the noise of daily IT support, so that the forward looking Strategy elements can progress smoothly.

We are here to help with IT support -> https://eaglecrest.com.au/business-it-services

We have the right solutions to help your business measure progress towards meeting;
- Australian Government led requirements -> Essential 8 (Levels 1-3) & ISM
- Broader Global led requirements -> HIPAA, CMMC 2.0, GDPR, NIST CSF, and
- Local Cyber Insurance provider led -> Cyber Liability Insurance requirements.

Always happy to help -> https://eaglecrest.com.au/professional-services

Just like a mechanic runs diagnostics on your vehicle to proactively catch and fix harmful issues. A TSP (Technology Solutions Provider) like us can do the same for your company’s compliance posture.

We can help you meet technology compliance requirements -> https://eaglecrest.com.au/professional-services

Falling out of ISM compliance is easy. That’s why detection is key.

Conduct regular compliance assessments as part of a monthly Compliance As A Service program to ensure your organization’s technology is compliant with relevant regulations for your industry.

Always here to help -> https://eaglecrest.com.au/professional-services

As part of your ISM compliance journey, you can't build formidable cybersecurity by just scratching the surface.

Pe*******on testing is like a shovel to dig deeper and uncover vulnerabilities.

Ultimately trying to see if humans and their tools can break into your network from the outside.

We are always here to help guide you :) -> https://eaglecrest.com.au/professional-services

As we head toward May 2 "World Password Day", we are just slipping down the techie rabbit hole for a second :).

As you can see from the graphic, having simple passwords is basically an open door.

That's why we HIGHLY RECOMMEND and your ISM compliance journey simply INSISTS you have MFA | 2FA in conjunction with a minimum level of complexity in your passwords.

To fast forward and see all the tips, and also download a staff training PDF, please visit this article -> https://eaglecrest.com.au/news/compliance-password-tips

As we head toward May 2 "World Password Day", we will be going through 5 tips to make your password policy better.

Tip 5: TEMP123 is not a password

- Protecting your business is much easier than recovering from a data breach.

- One of the biggest mistakes that businesses is choosing easy-to-guess passwords like TEMP123, ADMIN123, Qwerty123 or 12345678.

- Remember, hackers are becoming smarter every day, and simple passwords won’t give them a good fight.

- Beware of Imposters

To fast forward and see all the tips, and also download a staff training PDF, please visit this article -> https://eaglecrest.com.au/news/compliance-password-tips

As we head toward May 2 "World Password Day", we will be going through 5 tips to make your password policy better.

Tip 4: Stronger than oak

- Oak trees are known for their strong trunks and deep roots that can withstand the test of time and nature’s fury. Similarly, your digital defenses also need to be resilient to protect you in a world where online security is frequently challenged.

- One of the ways to achieve this resilience is by having strong passwords.

- Enable Two-factor Authentication (2FA)

To fast forward and see all the tips, and also download a staff training PDF, please visit this article -> https://eaglecrest.com.au/news/compliance-password-tips

Lest we forget.
Always a time for thoughtful reflections and seeking to understand.

'Equal parts pride, shame, regret': Ahead of Anzac Day, veterans reflect on the meaning of service In the sleepy town of St Helens on Tasmania's east coast, veterans prepare for Anzac Day and reflect on their time in service.

As we head toward May 2 "World Password Day", we will be going through 5 tips to make your password policy better.

Tip 3: Don’t share passwords (share memories instead)

- “Sharing is caring” is a common phrase we’ve all heard since childhood, but there are times when sharing can be more harmful than good. One of those situations is sharing your passwords.

- Your passwords hold the key to your personal information and sharing them can have serious consequences.

- To stay safe, always keep your passwords to yourself.

- Use a Password Manager

To fast forward and see all the tips, and also download a staff training PDF, please visit this article -> https://eaglecrest.com.au/news/compliance-password-tips

As we head toward May 2 "World Password Day", we will be going through 5 tips to make your password policy better.

Tip 2: Don’t recycle passwords (recycle plastic bottles instead)

- Recycling and reusing are effective ways to reduce waste and be environmentally conscious.

- However, when it comes to password security, it’s vital never to reuse passwords.

- Each online account must have a unique, strong password that ensures the safety of your personal information.

To fast forward and see all the tips, and also download a staff training PDF, please visit this article -> https://eaglecrest.com.au/news/compliance-password-tips

As we head toward May 2 "World Password Day", over the next 5 days, we will be going through 5 tips to make your password policy better.

Tip 1: Use Complex Passwords
- Think beyond birthdays or pets names.
- Use a combination of uppercase and lowercase letters, numbers and symbols.

To fast forward and see all the tips, and also download a staff training PDF, please visit this article -> https://eaglecrest.com.au/news/compliance-password-tips

Well done to the Eaglecrest Technologies teemates team that took out todays pro am teemates.

Proud of you lads.

Great to see such maturity in the young ones👍🏻

"Due Diligence" - Part 3

When your organization is out of compliance, knowing how to move back into it can be challenging.

We can provide your business with a prioritized remediation plan.

We are here to help -> https://eaglecrest.com.au/professional-services

"Due Diligence" - Part II

If your organization was audited for compliance tomorrow, would it be ready?

We can assist you to know you’re ready with all the reporting you’ll need to satisfy an auditor.

Discover all the ways we can help you audit and prove compliance in highly regulated areas such as healthcare, finance, government, manufacturing, etc.

Further info on Governance and Strategy -> https://eaglecrest.com.au/professional-services

"Due Diligence" is a term that always rings true when working through Governance. Having an honest approach to where an organisation is currently at with its Information Security Manegement is critical.

From there, you can build an initial ICT Strategy.

Underpinning all of that with linked Policy, Plans & Procedures so that if the worst happens, the entire team (including us) are ready to go.

Don't delay, start with the simply finding out where your ICT risks are.

Further info on Governance and Strategy -> https://eaglecrest.com.au/professional-services