Australian businesses can choose between various information security standards to protect their data and ensure compliance with legal and regulatory requirements. Some of the key standards include ISO/IEC 27001, the Australian Signals Directorate (ASD) Essential Eight, and the NIST Cybersecurity Framework.
While the Essential 8 standard is easier to approach by small and medium-sized businesses (SMBs), it lacks credibility as there is no certification required to prove a business has achieved it. On the other hand, the other standards available (like ISO/IEC 27001 and NIST) are too cumbersome and expensive for most SMBs. As a result, over 50% of Australian SMBs do not have the right security measures in place to protect them in case of a cyberattack.
Fortunately, the situation is about to change due to the SMB1001 standard, published in September 2023. This security standard, designed specifically for SMBs, makes it easier to implement the basic steps needed for protection.
So, let’s have a look at why SMB1001 is a game-changer for small and medium-sized businesses in Australia and how the Onsite Helper team (we got our SMB1001 Gold Tier certification in April 2024) can make your certification journey smoother and faster.
The Current State of Cyber Security for Australian SMBs
As I already mentioned, the security standards before SMB1001 were not designed for the needs of small and medium-sized businesses.
To achieve minimum certification, a business must undergo numerous security controls and inspections, which are cumbersome and downright exhausting.
Then there’s the cost. For instance, a business trying to get ISO/IEC 27001 certified must invest at least AUD 40,000 for the certification process. Then, there’s a yearly investment (at least AUD 5,000 in the case of ISO/IEC 27001 standard) to maintain the certification.
This is simply not doable for at least half of the Australian SMBs, which leaves over 1 million businesses out in the cold.
Still, being security certified is important in establishing trust with other business partners and customers.
This is where the SMB1001 standard comes in and saves the day.
What is SMB1001 and Why Is It Important?
SMB1001 is a new (2023) security standard/framework devised by experts at CSCAU. The standard features a tiered approach, from 1 to 5 or Bronze to Diamond. Each level builds upon the previous one, so anyone can start at the level that best suits their current situation.
This tiered approach allows every business to improve its security system gradually, based on available resources and budget.
To reach the Diamond level, you must pass 46 controls, but you need only pass 6 to reach Bronze (Tier 1). Also, it costs around AUD 1,000 to implement minimum controls, and the yearly maintenance costs are between AUD 95 and AUD 3,700. Now, this is a lot more doable for small businesses on a tight budget!
According to the CSCAU, SMBs that reach the Diamond level (Tier 5) can then take the steps to get their ISO/IEC 27001 certification. This means that you can gradually do the work to achieve higher standards while still being compliant and protected against cyber attacks.
Why is the SMB1001 Important for Your Business?
There are 3 main reasons why every SMB in Australia should care about this standard:
- SMB1001 is relevant for businesses in any sector. Sure, each sector will have specific situations, but guidance in this case can be provided separately.
- The standard was designed to align with existing security frameworks and standards, like the Australian Signal Directorate’s Essential Eight.
- SMB1001 opens the door to more robust security for all businesses, regardless of budget and available expertise.
Want to get SMB1001 Certified? Get in Touch!
Onsite Helper received CSCAU Level 3 Gold in April 2024 and can help other small businesses that want to go through the process.
Our teams of specialists will work with you to ensure that all the necessary steps are taken to achieve the certification level you aspire to. We have the hands-on experience needed to make things easy for you.
Most recently, we helped our customer, Barry Plant Real Estate Agents & Property Managers, implement SMB1001 Gold certification without a hitch. We first worked with the head office team and are now in the process of helping all their franchisee offices do the same.
Now is the best time to start working your way up to a better security system! Give us a call or send us an email, and we’ll help you start the process of SMB1001 certification.