Cybersecurity comes in all shapes and sizes, for businesses of all shapes and sizes. What’s important is being able to find a solution that works for you, keeps things protected, and helps you feel like you’re on top of things. Whether that’s having simple measures in place with internal resources – co-managed or completely outsourced IT services – one thing’s for sure, cybersecurity should always follow a compliance framework that can give you a structured security posture and help set you up for success.
That’s exactly what SMB1001 is in Australia – a framework and certification standard. This one is actually built specifically for small to medium-sized businesses (if you love an acronym, the hint is in the name) through Dynamic Standards International. While SMB1001 is Australian-developed, it’s internationally recognised, and is built on five tiers:
- Bronze – which essentially covers your basics like firewalls, data backup, virus protection and even employee training.
- Silver – scales the bronze tier through adopting a broader mindset to business operations as a whole.
- Gold – where advanced monitoring, incident response mechanisms and enhanced access management all come into play.
- Platinum – which allows for mandatory independent audits, advanced measures and cyber insurance readiness gives you a robust, validated level of cybersecurity.
- Diamond – top-tier protection, threat analytics, enterprise-grade security and more.
Now that you’ve got a basic understanding of SMB1001, it’s a good time to figure out what you need to consider when deciding whether this is the right framework and certification standard, where your business fits, or whether there’s another option (like following the Essential Eight, for example) that might be more relevant.
#1 Your Current IT Resourcing and Infrastructure
Assessing where you’re at currently in terms of your IT resourcing and infrastructure plays a huge role in figuring out whether you’d be suited to a bronze or silver tier, or need something more robust. The good thing is, SMB1001 is made specifically for businesses that have limited IT resources, but don’t need to follow more complex frameworks or systems.
#2 Number of Employees and Annual Turnover
If you’re keen to understand what tier of SMB1001 you’d fit into in Australia, a couple of key considerations are the number of employees within your business, and its annual turnover. All businesses that employ between 5 and 200 people could consider a tier of SMB1001 as a viable option, but it’s the annual turnover that can help dictate exactly where you’re at.
- For small to medium-sized businesses in Australia with an annual turnover on the lower or moderate end, SMB1001 is a solid option that doesn’t require a huge financial outlay, but can offer the protection you need.
- For those that have a high turnover or oversee high-value transactions, the upper tiers of SMB1001 can ensure protection of assets, showcase proactivity and due diligence.
#3 Whether Any Alternatives Are Relevant
Ah yes, the alternatives. Are there any? If there are, are they cheaper or more expensive? Do they offer the same level/s of protection? All valid questions, but not exactly easy ones to answer. The best way to think of this is that bigger and more complex organisations require bigger and more complex strategies and frameworks.
For small to medium-sized businesses in Australia, SMB1001 is likely to be the most relevant. On your digital travels that ultimately led you here, you’ve probably come across the Essential Eight (and if not, this article might just be your first time hearing about it). While the Essential Eight is a framework, its purpose is to give you a checklist of specific strategies that help protect your business against cybersecurity threats and attacks. More broadly, SMB1001 was designed to incorporate controls from the Essential Eight, but tailoring them to small and medium-sized businesses.
ISO 27001 is one of those bigger and more complex options for large-scale businesses, and is usually seen as the best option. However, it can often be too expensive and admin-heavy for more nimble businesses.
#4 How Seriously You Take Cybersecurity
Look, you’re here because you probably take cybersecurity seriously. If we visualise this as more of a spectrum (rather than a straightforward yes-or-no), how seriously you take cybersecurity will help you figure out which level of security you need.
If the answer is no level of security, that’s not exactly realistic. If you think you need a basic level of security to start with, the bronze tier of SMB1001 is likely a good start.
Some businesses know that they need a certain level of security but aren’t sure where to start, while others might even have an idea of where they fit into the framework based on the tiers we walked through above.
The important thing is that you don’t have to figure it out alone. If you want to chat about cybersecurity and you’re looking for a trusted partner to assist, give us a call or get in touch online. From advice and free IT audits, to helping your business adopt SMB1001 in Australia (more specifically, Perth SMBs), the team at Xenex Systems is here to help.