For small businesses, securing IT systems can be a challenge. From finding qualified IT talent and then paying for their salary and security tools, cybersecurity can be costly for a small business. Hackers know this, and this makes small businesses a prime target for cyberattacks.
With more and more small businesses leveraging the easy-to-deploy cloud resources from tech companies, the attack landscape has shifted to those cloud environments that small businesses lean on to survive and keep things running.
To help small businesses protect their cloud environments, the Australian Cyber Security Center (ACDC) worked with Microsoft to develop the Small Business Cloud Security Guides, a new series of guides designed to help small businesses protect themselves from the most common cloud-based cyberattacks.
While designed for small businesses in Australia, the guides can be broadly applied to small businesses globally. They are made up for a series of technical examples which use strategies aligned with ACSC’s Essential Eight, which are defined as eight baseline mitigation strategies all businesses should employ.
Those eight mitigation strategies include application control, patching applications, configuring Microsoft Office macro settings, user application hardening, restricting administrative privileges, patching operating systems, implementing multi-factor authentication, and keeping regular backups.
According to the agency, the guides are designed as an easy way for organizations to protect against cyber threats and increase their security, and they should be used as a reference only. The agency calls the guides a good starting point for most small and medium-sized organizations that use Microsoft 365 and have devices configured with Microsoft Intune.
The Centre says the guides will require a resourcing commitment from the organization’s staff or managed service provider to implement and maintain the mitigation strategies. The guide leans on many free or low-cost solutions, but many security configuration options are unavailable in entry level Microsoft 365 subscriptions. That means organizations will need a Microsoft 365 Business Premium subscription to follow the guide, and administrators will need an Azure Active Directory Premium P2 subscription.
“By working alongside organisations, both public and private, we are making Australia a hard target for cybercriminals” said Abigail Bradshaw, head of the Australian Cyber Security Centre, in a statement.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply