How well protected is your small business from cybersecurity threats?
With cybersecurity having been a hot topic for a while now, we asked Mat Cremen from Newcastle based IT company New Era Technology to share his insights on this topic, covering the critical Essential 8 framework.
The Essential 8: cybersecurity for small business – Mat Cremen, New Era
In today's digital age, the security of your business is crucial to your success.
Cybersecurity threats are constantly evolving, and small to medium-sized enterprises (SMEs) are often targeted because they may have weaker security systems in place.
In Australia, SMEs account for 43% of all cyberattacks. And, with the rise of hybrid and remote work models due to COVID-19, this number is likely to increase.
The Essential 8 security framework is a powerful tool that can help you protect your business against cyber threats and ensure it's secure.
According to a report by the Australian Cyber Security Centre, 62% of SMEs experienced a cyber incident in 2020, with the average cost of an incident reaching $276,323. The report also found that 60% of SMEs that experienced a cyber incident had to shut down their business for at least a day.
These statistics highlight the importance of taking cybersecurity seriously and implementing effective security measures, such as the Essential 8 framework.
With the rise of remote work, businesses face even more cybersecurity challenges, as employees may be using personal devices or unsecured networks to access company data.
This increases the risk of cyberattacks, as hackers can exploit vulnerabilities in these devices and networks to gain access to sensitive information.
The Essential 8 is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help businesses improve their security posture.
The framework is based on eight essential security strategies that, if implemented effectively, can greatly reduce the risk of cyber-attacks.
These strategies are:
1. Application control
Ensure only approved applications are allowed to run on your organisation's systems. This reduces the risk of malware and other malicious software infecting systems and programs.
2. Patching application
Ensure that all applications, e.g. web browsers, Microsoft Office and PDF viewers, are kept up-to-date with the latest security patches to prevent attackers from exploiting known vulnerabilities.
3. Configure Microsoft macro settings
Prevent macro-based malware attacks by configuring Microsoft Office to disable macros from untrusted sources. Only allow verified macros in 'trusted locations' with limited write access or digitally signed with a trusted certificate.
4. User application hardening
This is the process of securing your software applications from potential attacks and vulnerabilities by disabling unneeded features in software such as Microsoft Office, web browsers and PDF viewers.
5. Restrict admin privileges
Restrict administrative privileges to only those who need them, reducing the risk of attackers using these privileges to compromise systems and steal sensitive information. Regularly revalidate the need for access.
6. Patch operating systems
Ensure that all operating systems are kept up-to-date with the latest security patches to prevent attackers from exploiting known vulnerabilities. Importantly, don't use unsupported versions.
7. Multi-factor authentication
Adding additional steps to verify your identity to prevent attackers from compromising systems and stealing sensitive information when accessing public facing platforms such as Office 365, remote desktops and VPNs.
8. Daily backups
Ensure daily backups of critical business systems, including offsite replication and regular testing to verify the data can be recovered.
While SMEs are at higher risk of cyberattacks due to weaker security systems, implementing the Essential 8 framework can help you protect your business against cyber threats and ensure it's secure.
However, it's important to note that no security measure is 100% foolproof, and you should also have a plan in place for responding to a cyber incident. This includes backups of critical data, a clear incident response plan, regularly testing and updating security measures and training staff.
For more information on cybersecurity for small businesses and the Essential 8, feel free to reach out to Mat from New Era Technology – details below.
Mat Cremen is the Sales Director at New Era Technology, a global technology solutions provider based in Newcastle, NSW. New Era can enhance your business's cyber security position with a tailored approach that aligns with your requirements. They work with you to develop a comprehensive strategy that addresses your specific security challenges—and are equipped for each stage of the journey.
Mat Cremen – New Era Technology
(02) 4940 1800| www.neweratech.com.au | mat.cremen@neweratech.com