CA ANZ has launched a cyber-security hub and playbook for small businesses that aims to help prevent, prepare for – and if it happens – recover from cyber attacks.
The initiative comes after businesses lost $33 billion to cyber crime in 2020-21, according to the Australian Cyber Security Centre (ACSC).
CEO Ainslie van Onselen said that SMEs were most at risk to cyber crime and the hub would help members take practical steps to create a security strategy.
“Attempted robbery, blackmail and fraud have always been a big issue for small businesses, but these days criminals are trying to get in via the laptop rather than the back door,” said Ms van Onselen.
“Digital transformation has pushed innovation including in criminal activity. While all types of companies are threatened, SMEs are most at risk because they are typically the least mature in terms of their cyber security risk and resilience.
“When it comes to cyber crime, it’s a matter of when, not if, someone will try something against your business.”
A survey by PwC found 71 per cent of CEOs surveyed were very or extremely worried about cyber risk, making it their top concern.
The ACSC found SMEs faced a higher risk of cyber attacks during 2020-21 based on the average cost of each threat.
Ms van Onselen said criminals had SMEs in their sights.
“That’s why it’s incredibly important that SMEs take the opportunity to review their cyber plan, put proper processes and procedures in place, and invest in best-practice cyber security,” said Ms van Onselen.
“Too few organisations plan to prevent cyber incidents, respond and recover from them, and as a result they suffer.”
Improving cyber security within businesses needed to be a whole organisational initiative.
“The other thing that SMEs don’t do well is communicate that cyber security is a team effort and a team responsibility,” she said.
“All employees and contractors need to take responsibility for the data, software and devices they use at work, because it takes just one person to bring down an entire network through a simple error.”
The cyber hub and playbook include a model to assess risk and create a cyber plan, a self-assessment tool to evaluate the state of your cyber security, and a mitigation strategy developed by the ACSC.
The mitigation strategy includes essential measures for organisations to adopt for a baseline level of security:
- Application whitelisting – allow only trusted software to operate
- Patch applications – security vulnerabilities fixed within 48 hours
- Configure Microsoft Office – block macros from the internet or those that are unapproved
- User application hardening – configure all users’ software to enhance security
- Restrict administrative privileges – to operating systems and applications to few users
- Patch operating systems – patch devices rapidly with extreme risk vulnerabilities
- Multifactor authentication – to access all networks and cloud apps and services
- Daily data backups – backup important new or changed data and test recovery
You are not authorised to post comments.
Comments will undergo moderation before they get published.