Australia has released a series of guides it says are designed to help small and midsize businesses (SMBs) safeguard their cloud environments and against common cybersecurity incidents. These include technical guidelines for multi-factor authentication and patch management.
The Australian Cyber Security Centre (ACSC) on Friday said it had developed the Small Business Cloud Security Guides in recognition that SMBs might not have the resources to understand the complexities of operating online or responding to potential cyber risks.
The government agency said the guides would help these businesses understand such risks as well as how to work with managed service providers or their own IT teams to ensure a robust cyber hygiene.
The cloud security guides were developed with Microsoft, said ACSC’s head Abigail Bradshaw, who added that working with both public and private organisations helped establish Australia as “a hard target” for cybercriminals.
The government agency said it received more than 76,000 cybercrime reports in the past year, which translated to one in every 7 minutes. This was up 13% from the previous financial year, when one cybercrime case was reported every 8 minutes.
Alexi Boyd, CEO of Australia’s Council of Small Business Organisations, noted: “A cybercrime can be devastating and can cause significant financial loss for a small business. On average, cyber incidents cost small businesses over $39,000. These guides are designed to help businesses secure their systems and data.”
The SMB guides highlight the “Essential Eight” principles to secure environments using Microsoft 365, but are not designed to help organisations reach “a particular maturity level”, said ACSC. The guides include technical examples of multi-factor authentication, patch management, and application control.
The documents are developed for SMBs using Microsoft 365 as a SaaS (software-as-a-service), with devices configured with Microsoft Intune. The technical guides also use low cost or free solutions where possible, though, many security configuration options are not available in entry-level Microsoft 365 subscriptions, according to ACSC.
To adopt the technical examples, organisations will need subscriptions to Microsoft 365 Business Premium or the equivalent.
