This page lists ASD's ACSC’s Small Business Cloud Security guidance. This guidance adapts ASD's ACSC’s Essential Eight mitigation strategies and outlines an example of how each can be implemented to secure Microsoft 365 capabilities. The technical examples are designed to offer significant protection against cyber incidents while remaining accessible to organisations with limited resources and cyber security expertise.
Small Business Cloud Security Guides: Executive Overview
In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small Business Cloud Security Guides. These guides are designed to provide protection against cyber incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.
Small Business Cloud Security Guides: Introduction
Securing your business can be a complex task. Among the numerous security priorities and configuration options, it can be difficult to know where to begin. These guides adapt ASD's ACSC’s Essential Eight mitigation strategies and outline an example of how each can be implemented to secure Microsoft 365 capabilities. The technical examples are designed to offer significant protection against cyber incidents while remaining accessible to organisations with limited resources and cyber security expertise.
Small Business Cloud Security Guides: Technical Example - Patch Applications
Patching applications is one of the most effective controls an organisation can implement to prevent cyber criminals from gaining access to their devices and sensitive information. Patches improve the security of applications by fixing known vulnerabilities.
Small Business Cloud Security Guides: Technical Example - Patch Operating Systems
Patching operating systems is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to their devices and sensitive information. Patches improve the security of operating systems by fixing known vulnerabilities.
Small Business Cloud Security Guides: Technical Example - Multi-Factor Authentication
Multi-factor authentication (MFA) makes it harder for adversaries to use compromised user credentials to access an organisation’s systems. It is one of the most important cyber security measures an organisation can implement.
Small Business Cloud Security Guides: Technical Example - Restrict Administrative Privileges
Privileged account credentials are prized by cybercriminals because they provide extensive access to high value assets within a network. Restricting privileged access to only users with a demonstrated business need is essential to protecting your environment.
Small Business Cloud Security Guides: Technical Example - Application Control
Application control restricts the ability of an application to run or install on a device. Application control makes it harder for users to intentionally or unintentionally install unwanted or malicious software.
Small Business Cloud Security Guides: Technical Example - Configure Macro Settings
Configuring macro settings protects an organisation’s systems from malicious macros. Macros are powerful tools. They were introduced to improve productivity however their functionality can also be used by cyber criminals to compromise a user’s system.
Small Business Cloud Security Guides: Technical Example - User Application Hardening
User application hardening protects an organisation from a range of threats including malicious websites, advertisements running malicious scripts and exploitation of vulnerabilities in unsupported software. These attacks often take legitimate application functionality and use it for malicious purposes. User application hardening makes it harder for cybercriminals to exploit vulnerabilities or at-risk functionality in your organisation’s applications.
Small Business Cloud Security Guides: Technical Example - Regular Backups
Implementing regular backups will assist your organisation to recover and maintain its operations in the event of a cyber incident, for example, a ransomware attack.