Small businesses are not immune to cyber security incidents. In fact, they’re often more vulnerable because they lack the time, resources and sometimes the skills to prepare for and defend against an attack, or mitigate and remedy any consequences.
That is why the Australian Strategic Policy Institute (ASPI), supported by auDA, created a tool called .auCheck, to help businesses quickly and easily check the security of their websites. The aim of the tool is to empower businesses to uplift their Internet security practices.
Cyber threat landscape
There are 2.3 million small businesses in Australia. While not all of them have an active or extensive online presence, digital transformation prompted by the COVID-19 pandemic sees that all businesses are increasingly dependent on the secure use of the Internet.
In its latest threat assessment, the Australian Cyber Security Centre (ACSC) reports that small organisations, sole traders, medium-sized businesses, schools and contributors in the supply chain are among the entities most affected by cybercrime and state-sponsored cyber operations. Cybercriminals seek financial gains or sensitive business information and personal data. If not a direct target, businesses may fall victim due to the spread of ransomware or a data breach.
In the Australian Cyber Security Strategy, announced in 2020, the Government instructs all businesses to take their own responsibility for securing their products and services, their supply chains and protecting their customers from known cyber security vulnerabilities.
That brings us to the important issue of how best a sole trader, micro or small business - and even some medium enterprises - can be empowered to protect their online presence, data, systems and transactions.
The fundamental answer lies in the architecture of the Internet. Historically, the community of technicians has developed Internet standards, most of which include critical security features. that find their way into national standards. In Australia, these are reflected in the Australian Government’s Information Security Manual.
But uptake of standards doesn’t happen automatically. Among other things, it requires public and private sector leadership, foresight, ambition and demand from the market.
How .auCheck helps
That’s why we launched .auCheck; a free tool that allows owners of websites and email domains, as well as users and customers, to check if their website and email are set up with up-to-date standards.
For most smaller businesses, their website and email accounts are their first and often only platforms for interaction with customers, suppliers and resellers. A designer creates the webpage, adds third-party features (like a payment cart), which is then managed by a hosting provider. A registrar provides a licence to use a .au domain name, and other providers are enlisted for web and mail security or cloud storage services.
Trust and confidence are critical, but how can business owners check that their providers have enabled the most up-to-date settings and follow the latest security advice from the ACSC? This can be quite complicated and time-consuming without possessing technical knowledge and insights.
On .auCheck you can enter a domain name (e.g. website.au or @email.au) to check whether its settings meet recommended standards. You can also check the configuration of your current Internet connection. The tests verify the Internet records for the domain name, and don’t involve any penetration testing. These records are public and make sure devices can communicate and that their authenticity can be verified.
The most important standards that .auCheck tests include:
- Protocols that enable the establishment of encrypted connections
- Security of regular website applications such as online forms and shopping carts
- Security of the domain name by checking whether a cryptographic record is available and correctly configured
- Application of a set of authenticity marks in your email that help against phishing attacks
- The use of version 6 of the internet protocol (IPv6), this is the latest version of IP addresses that will accommodate the inclusion of new devices and connections.
The results show users how the website or email domain is performing. Business owners are encouraged to share their .auCheck test report with their IT providers, have a conversation and make an informed decision about the required security features for their online business presence.
As Australians become more familiar with Internet security and demand higher standards, Australian Internet service providers are more likely to apply .auCheck-recommended standards by default. This will help make the .au and Australian Internet ecosystem more secure.
.auCheck is part of a global effort to boost cyber security of individuals and small businesses. Similar initiatives have been launched in the UK (WebCheck and MailCheck) and the Netherlands (Internet.nl) to uplift the security of small business owners’ online presence.
Together with .auCheck, the Australian Internet community can become active (early) adopters of secure Internet standards. That’s how we make sure the .au domain remains one of the most secure ways to connect online.
To check the security of your online services, visit www.aucheck.com.au.
Bart Hogeveen is Head of Cyber Capacity Building at the Australian Strategic Policy Institute. In this role, he works with public and private partners in Australia and the wider Indo-Pacific on initiatives to strengthen cybersecurity resilience at local, national and regional levels.