Cyber Security Best Practices for Australian Small and Medium sized Businesses (SMBs)

Unfortunately many Australian SMBs don’t know where to start when it comes to cyber security. It used to be as simple as installing a firewall, anti-virus software and ‘off you go’, but with the shift to the cloud and working remotely, it’s not so simple.

In the Australian Government’s Australian Signals Directorate (ASD) Australian Cyber Security Centre’s (ACSC’s) most recent report, the Government found that whilst 80% of Australian SMBs rated cyber security as ‘important to very important’, almost half of SMBs rated their cyber security understanding as ‘average’ or ‘below average’ and had poor cyber security practices.

Key Findings

1

62% of respondents have experienced a cyber security incident.

2

1 in 5 SMBs did not know the term 'phishing'.

3

80% rated cyber security as 'important to very important'.

4

Almost half of SMBs rated their cyber security understanding as 'average' or 'below average' and had poor cyber security practices.

5

SMBs that outsourced IT security believe they are better protected than they really are.

6

Almost half of SMBs reported they spent less than $500 on cyber security per year.

almost half of SMBs rated their cyber security understanding as ‘average’ or ‘below average’ and had poor cyber security practices.

Where to start?

The Australian Government has published a cyber security framework called ‘Essential Eight Maturity Model’ which makes it harder for adversaries to compromise systems.

Implementing the Essential Eight proactively can be more-cost effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.

What are the Essential Eight?

The following items comprise the Essential Eight and to practically implement the Essential Eight, the ACSC have defined four maturity levels ranging from Zero to Three, which gauge an organisation’s ability to mitigate a cyber attack.

Application icons
Application Control: Limiting the actions application and scripts can perform.
Patch Apps icon
Patch Applications: Regularly updating and patching known vulnerabilities.
Microsoft Office Logo
Configure Microsoft Office macro settings: Limiting the actions macros can perform.
Application Hardening icon
User Application Hardening: Limiting the actions that core applications (e.g. browsers) can perform.
Restrict Admin icon
Restrict Administrative Privileges: Limiting the actions a regular user can perform.
Patch Operating Systems icon
Patch Operating Systems: Regularly updating and patching known vulnerabilities.
MFA icon
Multi-Factor Authentication: Add a secondary authentication method for accessing company resources.
Regular Backups icon
Regular Backups: Backup you company data to give you recoverability options.

Overall, most of these are about staying up-to-date and limiting the actions that malware can perform. This is because malware typically hijacks your privileges to infect and corrupt. The more access it has, the more damage it can do.

Have ahink about your business and how you’re tackling the Essential Eight.

If you’ve got a gap, then start there. If you’ve got each item covered, think about how you can advance your security to mature your posture.

If you need a hand Drop us an email below

We'll help you bolster your security

    Essential Eight Maturity Model

    For more information, visit the ACSC.