{"id":73600,"date":"2022-07-05T13:00:12","date_gmt":"2022-07-05T03:00:12","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=73600"},"modified":"2022-07-07T15:35:54","modified_gmt":"2022-07-07T05:35:54","slug":"cyberproofing-small-and-medium-businesses-a-small-step-with-a-big-impact","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/cyberproofing-small-and-medium-businesses-a-small-step-with-a-big-impact\/","title":{"rendered":"Cyberproofing small and medium businesses\u2014a small step with a big impact"},"content":{"rendered":"
<\/figure>\n

Small businesses are not immune to cybersecurity incidents. In fact, they\u2019re often more vulnerable because they lack the time, resources and sometimes the skills to prepare for and defend against an attack, or to mitigate and remedy any consequences.<\/p>\n

That is why ASPI, supported by .au Domain Administration, or auDA, created a tool\u2014.auCheck<\/a>\u2014to help businesses quickly and easily test the security of their websites. The tool is intended to empower businesses to improve their internet security practices.<\/p>\n

There are 2.3 million small businesses<\/a> in Australia. While not all have an active or extensive online presence, digital transformation prompted by the Covid-19 pandemic has made every business increasingly dependent on the secure use of the internet.<\/p>\n

In its latest threat assessment<\/a>, the Australian Cyber Security Centre reports that small organisations, sole traders, medium-sized businesses, schools and contributors in the supply chain are among the entities most affected by cybercrime and state-sponsored cyber operations. Cybercriminals seek financial gain or sensitive business information and personal data. Even if they are not direct targets, businesses may fall victim due to the spread of ransomware or a data breach.<\/p>\n

In the 2020 Australian <\/a>cybersecurity strategy the government instructs all businesses to take responsibility for securing their products, services and supply chains, and for protecting their customers from known cybersecurity vulnerabilities.<\/p>\n

So, how best can a sole trader or a micro or small business\u2014and even some medium enterprises\u2014be empowered to protect their online presence, data, systems and transactions?<\/p>\n

The answer lies in the architecture of the internet. Historically, the community of technicians has developed internet standards, most of which include critical security features that find their way into national standards. They are reflected in the Australian government\u2019s Information security manual<\/a><\/em>.<\/p>\n

But uptake of standards doesn\u2019t happen automatically. Among other things, it requires public- and private-sector leadership, foresight and ambition, and demand from the market.<\/p>\n

That\u2019s why we launched .auCheck<\/a>, a free tool that allows owners of websites and email domains, users and customers to check if their site and email standards are up to date.<\/p>\n

For most smaller businesses, websites and email accounts are their first and often only platforms for interaction with customers, suppliers and resellers. A designer creates the webpage, adds third-party features such as a payment cart and it\u2019s all then managed by a hosting provider. A registrar provides a licence to use a .au domain name and other providers are enlisted for web and mail security or cloud storage services.<\/p>\n

Trust and confidence are critical, but how can business owners check that their providers have enabled the most up-to-date settings and follow the latest security advice from the ACSC? This can be quite complicated and time-consuming if the business operators don\u2019t possess technical knowledge and insights.<\/p>\n

On .auCheck you can enter a domain name (e.g. website.au or @email.au) to check whether its settings meet recommended standards. You can also check the configuration of your current internet connection. The tests verify the internet records for the domain name and don\u2019t involve any penetration testing (in which attempts are made to find vulnerabilities in a system). These records are public and ensure devices can communicate and that their authenticity can be verified.<\/p>\n

<\/figure>\n

The most important standards that .auCheck tests include:<\/p>\n