Headquartered at Lot Fourteen, national cyber organisation Aus3C is working to build cyber resilience in the state’s small and family businesses through its CUSP program.

Rachael Hamilton is the strategic projects lead for the Australian Cyber Collaboration Centre (Aus3C), an independent, not-for-profit, member-based organisation working collaboratively to make the digital world a better and safer place for Australian businesses, organisations and institutions.

“It can seem complex,” Rachael says of the descriptor. “But our mission is to ensure that cybersecurity is accessible, affordable and achievable.”

In support of that, Aus3C partnered with the State Government and the Office for Small and Family Business to launch the Cyber Uplift Step Program (CUSP) in July, as part of South Australia’s Small Business Strategy 2023 – 2030. So far, around 100 local businesses have registered, receiving one-on-one consultations with a dedicated cyber coach, online training, workshops and a customised road map to follow.

CUSP cyber coach and Aus3C member John Cirocco of EscapeNet says a key outcome is to build confidence within the business that they’ve taken several “prudent steps to uplift their organisation” and build resilience in their cybersecurity and their digital operations.

“Resilience might mean resilience from attack, failure or degradation,” John says, explaining that degradation is where something impacts a business but doesn’t take it completely offline. For example, when the email or point of sale software fails.

But he says these cyber events are not always headline-grabbing cyberattacks; rather, they could be accidental, such as the releasing sensitive information, or deleting business data when sorting through old hard drives.

“What CUSP is looking to do is to strengthen the technologies, or the business operations through technology, to be more resilient and promote uptime,” he says.

“Essentially, keep the business operating, the doors open and the money flowing.”

Knowledge sharing and collaboration underpins Aus3C and CUSP was validated by eight member organisations before launch and is continuously reviewed to ensure current cybersecurity best practice.

Each roadmap is customised, based on the participant’s digital ecosystem and desired outcomes. Importantly, the steps are easily actionable, easily maintainable and deliver a significant uplift for the small business.

“They may have some areas of concern, or information or critical items they want to protect. Part of the customisation is helping them focus, reduce that confusion of where to start and build them a pathway to get to where they want to be,” John says.

“We also build some medium-term strategies and things that they can work towards to grow that maturity.”

Helpfully, they also offer a 15-minute virtual information session to answer any questions about the program and free 45-minute cyber consultations (called Cyber Clinics) to give small and family businesses a chance to ‘test the waters’.

Most participants complete the self-paced program within three months, investing between 14 to 30 hours over that period. And they’ve ranged from complete beginners to the relatively IT savvy.

Rachael says, at all levels, the feedback is great and shows that the program is making an impact.

“Some people come in indicating that awareness and education are really important to them, and they leave feeling more confident and comfortable regarding cybersecurity,” Rachael says.

“[Others have] gone away and immediately put on a multi factor authentication or backed up all their data and are instantly getting right into the strategies that our cyber coaches are suggesting.”

Building resilient people is important, Rachael says, as uplifting individual knowledge and awareness around cybersecurity has a flow on effect on the wider organisation and IT systems.

She says Aus3C has a “great relationship” with the government, which is subsidising the program.

Minister for Small and Family Business, the Hon. Andrea Michaels MP says strong cyber security is a must for small business owners.

“That’s why the Malinauskas Government is supporting the Cyber Uplift Step Program as part of our $14 million Small Business Strategy to support the state’s small business owners,” she says.

“We are helping remove the uncertainty and burden for small businesses with the program coaching participants through the critical steps to implement cyber-safe systems and processes.

“South Australian businesses of all sizes are susceptible to cyber attack, and this proactive measure will empower business owners to protect their operations, reputations, and customer information.”

CUSP delivers $10,000 worth of expertise and resources at a subsidised cost of just $500 per business. Additionally, participants get a one-year small business affiliate membership to Aus3C.

The intention is to encourage an ongoing link to Aus3C’s cyber community, supporting participants in their next steps toward cyber resilience. Among the member benefits are access to a cyber advisory panel, additional tools and tips on continuing to make their business more cyber resilient, and plenty of networking events.

Rachael says the latter provide “lots of face-to-face time with people you may not otherwise have met but will find in our community”.

For small or family businesses without a chief technology officer or IT people on staff, taking advantage of CUSP and Aus3C membership can help to plug that gap.

“We can be that cyber support for you or find the right cyber support for you,” Rachael says.

“That’s part of the reason people join our community and integrate themselves into our ecosystem, to build out those connections.”

Testimonials from participants in the program have started coming in.

“Our experience with CUSP has been great. As a small for-purpose organisation, without dedicated cybersecurity resourcing, CUSP provides us with a cost-effective solution to provide training and awareness across the business on cyber risks. The program’s comprehensive approach ensures that Siblings Australia is equipped to address this critical business area within our organisational capacity.”

–Dr Shannon Schedlich, chief executive, Siblings Australia

“Before CUSP (Cyber Uplift Step Program), I felt intimidated and anxious about cyber security. However, through participating in the program’s coaching sessions, workshops, and clinics, and receiving guidance and support from competent and highly knowledgeable mentors, I feel confident and motivated when protecting personal and business information. I strongly endorse participation in this highly valuable program.”

–Dr Maria Birse, The QA Dr

Rachael says connections and networks are invaluable when it comes to a building organisational safety and resilience in the digital world.

“Expanding your knowledge and where you’re getting information from – is really important, particularly when you’re a small business and probably under resourced,” Rachael explains.

“We’re starting to see the small and family business community realise how important and invaluable this programme is as it continues to go from strength to strength, which is really exciting for us, our members and for the state government.”

Register for CUSP here.