Small-business cybersecurity is the business of every business

The chronic failure to improve small-business cybersecurity is leaving most of Australia’s economic base vulnerable to compromise, the head of a key cybersecurity development agency warned as security consultancy Enex Carbon this week launched a service bundle designed and priced specifically for small businesses.

“Digital connectivity provides a huge amount of opportunity for small businesses in Australia to have a wonderful and very powerful strategy going forward,” AustCyber CEO Michelle Price said at the launch of Enex Carbon’s CarbonCore service offering.

“But the fact that 96 percent of our economy is made up of small businesses, means that 96 percent of our economy is actually faced with a significant challenge in how to be cyber resilient in a digital world.”

The concept of cyber resilience revolves around equipping businesses with the knowledge and tools necessary to ensure that their businesses can operate effectively even in the event of a cybersecurity compromise or data breach.

Resilience for those that can’t afford it

Cyber resilience involves much more than technology, however – and this had created a conceptual disconnect for small businesses for whom cybersecurity has usually been a matter of installing an antivirus package and never thinking about it again.

CarbonCore seeks to address this with a tiered range of services that leverage the firm’s consulting expertise to help small businesses access written guidance and cybersecurity reviews that they might not normally even know they need – much less be able to afford.

The free Basic tier, for example, includes a cyber security policy document, training handbook for staff, and a document outlining how to manage a cybersecurity incident in the event of a compromise.

This guidance is crucial given that all businesses with annual revenues of $3m or more must be prepared to report details of any cybersecurity incident to the Office of the Australian Information Commissioner (OAIC) under the terms of the newly enacted Notifiable Data Breaches (NDB) Scheme.

For firms wanting more proactive assessment of their cybersecurity capabilities and exposure, CarbonCore also offers a Standard package ($190 per month for up to 20 staff), which adds in annual security awareness assessment, website security scan, and security threat and risk assessment as well as regular cybersecurity updates and incident alerts.

A Premium package ($290 per month for up to 40 staff) adds advice and triage support for cybersecurity incidents, an annual management briefing, and an annual review of the company’s cybersecurity incident response capability.

Given that most small businesses have 20 or fewer employees, the ability to access Enex Carbon’s substantial security expertise at a predictable and manageable price makes it a perfect solution for resource and time-constrained small businesses, Price said.

“What I love so much about CarbonCore is that is not a product, or a service,” she explained, “but a solution. It absolutely puts the human at the centre of making sure we realise that cybersecurity is a business risk.”

“It is not an IT risk,” she continued. “We may know that, but the rest of the economy is not yet aware of the fact that we are dealing with a set of business risks that has just as much opportunity as it does threat.”

Securing the supply chain

While it may seem convenient to think about small businesses as small, exposed and under-resourced targets for cybersecurity attack, the role of small businesses in the economy is much more complicated than that – and that, Price said, makes small business security the business of every business.

Large companies, of course, depend on extensive networks of small service providers, distributors, wholesalers, innovation partners, and many other systems for their everyday functioning. This fact has led some industry observers to argue that larger companies should take a more proactive approach to help their partners get cybersecure and stay that way.

Price added her voice to that chorus, noting that CarbonCore offers a conveniently accessible, portal-based bundle that helps focus efforts to improve supply-chain resilience. “Larger businesses should be looking upon CarbonCore as a tool for how they can be thinking about supply chain security resilience,” she said.

“Enex Carbon have taken all the different factors in cybersecurity and put them together in a way that makes it straightforward and simple for a business to think about what is important to them – and to make decisions with the very strong support that this tool gives their business.”

“The examples and interactivity of this platform means they can instantly grasp what that means to take onboard cyber risk and cyber resilience in their business, with some very practical examples around why cyber security is absolutely something the sole trader needs to think about.”

Small businesses aren’t only mum-and-pop corner shops, Price said, noting that the stereotypical image of government departments being large and sophisticated isn’t always true either.

“Even at the federal level,” she said, “there are dozens of entities that are publicly funded and employ fewer than 20 people. This platform is just as applicable to them as it is to the business world.”

Ultimately, the success or failure of digital transformation would depend on the ability of entire ecosystems of large and small companies to work together for the common goal of improving cybersecurity and incident response.

“There are multiple benefits combing about in our economy through a well thought-out, human-focused tool,” Price said, “so hats off to Enex Carbon for thinking about this from that perspective.”

“If we don’t get cyber right, we won’t get digital right.”

David Braue attended the CarbonCore launch as a guest of CarbonCore.

Copyright © 2018 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)