Cyber threats pose a constant and increasing concern for businesses of all sizes, including SMEs.
The Australian Cyber Security Centre (ACSC) reported a 12% increase in calls to the Cyber security Hotline (1300 CYBER1) in 2023-24, highlighting the urgent need for SMEs like yours to ramp up cybersecurity measures.
The Essential Eight: A Foundation for Cybersecurity
The Essential Eight compliance checklist is a set of eight mitigation strategies which aim to improve an organisation’s cyber resilience. They centre on protecting Microsoft Windows-based internet-connected networks. By adopting these strategies, businesses can significantly slash their risk of cyberattacks.
However, no single set of measures can guarantee complete protection against all cyber threats, says the Australian Signals Directorate.
Here are the Essential Eight strategies in a nutshell:
- Application control: Restricting the software that your systems can run
- Patch applications: Keeping software up to date with the latest security patches
- Configure Microsoft Office macro settings: Disabling macros in Microsoft Office documents to prevent malicious code execution (just enable what your staff need)
- User application hardening: Configuring software settings to enhance security
- Restrict administrative privileges: Limiting the number of users with administrative access to systems and have a clear policy about it
- Patch operating systems: Keeping operating systems up to date with the latest security patches
- Multi-factor authentication (MFA): Adding an extra layer of security as the default by requiring two or more forms of identification, and
- Regular backups: Regularly backing up important data, software and configurations to protect against data loss.
Do your due diligence and check out the finer details about each of these Essential Eight.
Here’s alternative guidance for cloud services, enterprise mobility, or other operating systems, such as Apple iOS and Apple macOS.
The Importance of Cyber Resilience
Cyberattacks can have severe consequences for SMEs, such as:
- Financial loss
- Operational disruption, including system downtime and supply chain disruptions
- Employee morale and productivity
- Reputational damage, and
- Higher insurance premiums.
As well, there are legal and regulatory compliance issues. Businesses with an annual turnover of $3M+ may fall into the purview of the Privacy Act 1988. Find out here if your SME needs to comply.
How to Implement the Essential Eight
1. Assess your current security posture:
Evaluate your current security practices to identify areas for improvement
2. Prioritise implementation:
Start by implementing the easiest controls, such as patching applications and configuring macro settings
3. Seek expert advice:
Consult with cybersecurity experts to develop a comprehensive cybersecurity strategy tailored to your business needs
4. Foster a culture of cybersecurity:
EEncourage employees to be vigilant and report any suspicious activity, and
5. Continuously monitor and adapt:
Start by implementing the easiest controls, such as patching applications and configuring macro settings
When you’ve nailed your approach to cybersecurity, you can rate your business on a maturity scale of one, the lowest to three, the highest.
The Role of Leadership
Strong leadership is crucial for driving cyber resilience. By prioritising cybersecurity and allocating sufficient resources, business leaders can create a culture of security awareness. It might mean one of your IT staff needs to do an Essential Eight Assessment, such as this one.
Adopting the Essential Eight strategies enables Australian SMEs to strengthen their defences and significantly reduce exposure to cyber threats. However, cybersecurity isn’t a one-time action; it’s an ongoing responsibility that requires vigilance and adaptation to evolving risks.
Proactive steps are key to safeguarding your business’s future. This includes working with your broker or adviser to develop a comprehensive risk management strategy, which may encompass Cyber Insurance. Cyber Insurance provides crucial financial protection against losses such as data breaches, ransomware attacks, and business interruption, complementing your overall approach to cybersecurity.
Stay informed and take proactive steps, such as by talking to us, as your broker or adviser, about risk management, to help safeguard your business future.
