Login
iscover
After several high-profile cyber attacks this year, the centre advises SMEs on ways they can protect themselves.
Newsletter
ACSC releases small business cyber security guides
21 December 2022
•
9 minute read
The Australian Cyber Security Centre (ACSC) has published cloud security guides aimed at assisting small businesses protect themselves from cyber attacks.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
“Cyber security incidents can affect any business, at any time,” the ACSC said. “With the average cyber security incident costing over $39,000 for small businesses, organisations cannot afford to overlook investing in their cyber security.
“Investing in preventative measures is usually less expensive than responding to an incident, so it will help minimise the costs for impacted organisations.”
One guide explains to small business owners the importance of multi-factor authentication, which can make it harder for hackers to use compromised user credentials to access an organisation’s systems while being relatively straightforward to implement.
Other guides describe the importance for firms to patch and update both their operating systems and applications whenever they become available.
The centre said it was critical to update systems whenever they were released as they improve the security of the software by fixing known vulnerabilities.
The ACSC said cyber criminals could scan the internet with automated tools to gather information about potentially vulnerable systems and so it was critical to ensure systems were up-to-date.
Other topics the guides cover include:
- Restricting admin privileges.
- The importance of regular back-ups.
- The correct configuration of macro settings.
- Application control and why it matters.
- Application hardening and how it can stop threats from malicious websites and ads.
The guides provide walkthroughs using Microsoft 365 software but the advice applies no matter what applications a business is running.
ACSC said protecting a business from losing vital information and consumer trust was more than a good idea, it was a requirement.
The centre referenced the case of an Australian Financial Services licensee that was found by ASIC to have engaged in “inadequate risk management practices”, which led to a series of cyber attacks over a six-year period.
In that case the federal court ordered the firm to improve its cyber security practices and to pay $750,000 towards the costs incurred by ASIC.
“Managing cyber risks cannot be an afterthought or an optional extra,” the ACSC said.
“It is increasingly being recognised as an essential responsibility of all organisations.”
You need to be a member to post comments. Become a member for free today!
