4iT IT Support Sydney | Your Reliable Sydney IT Support Partner

Cybersecurity

The ASD Essential Eight for Australian SMEs: a practical 2026 guide

Insights & News The ASD Essential Eight for Australian SMEs: a practical 2026 guide May 4, 2026 The Australian Signals Directorate’s Essential Eight is the country’s de facto baseline cybersecurity maturity standard. It defines eight technical controls that mitigate the most common cyber attacks against Australian organisations, with three maturity levels from “starting point” to “advanced.” For Australian SMEs, hitting Maturity Level 1 across all eight controls typically requires moderate investment and addresses the bulk of practical cyber risk. Maturity Level 1 is also increasingly the threshold at which cyber insurance becomes available at reasonable rates and government and large enterprise contracts become winnable. Key facts The Essential Eight is published by the Australian Signals Directorate (ASD) Australian Cyber Security Centre (ACSC) and is freely available at cyber.gov.au. Three maturity levels: ML1 (mitigates adversaries with basic capabilities), ML2 (mitigates adversaries with moderate capabilities), ML3 (mitigates state-sponsored adversaries). ML1 is the baseline expectation for most Australian SMEs in 2026. The eight controls: application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, regular backups. Federal government non-corporate Commonwealth entities are required to implement Maturity Level 2 as a minimum. Most Australian cyber insurers and large enterprise customers reference Essential Eight in their vendor due diligence processes. What is the Essential Eight? The Essential Eight is a set of eight prioritised mitigation strategies developed by the ASD’s Australian Cyber Security Centre. The strategies were originally distilled from the Top 35 Strategies to Mitigate Cyber Security Incidents and represent the controls ASD considers most effective against common cyber attack patterns. The Essential Eight was originally published in 2017 and has been refined multiple times since, including the introduction of the Maturity Model in 2018 and significant revisions through 2022 and 2023 to address contemporary threats. The current version focuses on Microsoft Windows-based environments, though most controls have direct equivalents in Mac, Linux, and cloud-native contexts. The eight controls cover three categories: prevent malicious code execution (application control, patch applications, configure macros, user application hardening), limit the extent of incidents (restrict admin privileges, patch operating systems, MFA), and recover data and system availability (regular backups). Together, they address the most common entry points and lateral movement techniques used in real-world attacks. What are the eight controls? Each of the eight controls has specific Maturity Level requirements. The summary below covers what ML1 looks like for an Australian SME. 1. Application control. Block executable files, software libraries, scripts, installers, compiled HTML, HTML applications, and control panel applets from running on workstations and servers. ML1 typically uses Microsoft AppLocker, Windows Defender Application Control, or third-party tools like AirLock or ThreatLocker. 2. Patch applications. Identify missing patches and update applications, particularly internet-facing ones, within strict timeframes. ML1 requires patching exploitable vulnerabilities in internet-facing applications within two weeks (or 48 hours if exploit code exists), and other applications within one month. 3. Configure Microsoft Office macro settings. Block macros from the internet, validate macros only from trusted locations, and disable macros for users that don’t need them. Macro-based attacks remain a significant vector, particularly for Australian SMEs where Microsoft Office is ubiquitous. 4. User application hardening. Web browsers configured to block ads, Java, Flash (now legacy), and unnecessary features that introduce risk. Microsoft Office configured to block OLE packages and similar high-risk content. PDF readers configured to block JavaScript. 5. Restrict administrative privileges. Privileged accounts limited to specific tasks, separated from user accounts, with strong authentication. Domain admins shouldn’t browse the web or read email. Standard users shouldn’t have local admin rights on their workstations. 6. Patch operating systems. Same approach as patching applications: identify, test, and apply OS patches within strict timeframes based on severity and exploit availability. For SMEs, Microsoft Intune or Windows Autopatch handles this for managed Windows fleets. 7. Multi-factor authentication. MFA on remote access (VPN, RDP), privileged accounts, important data repositories, and external services accessing sensitive data. ML1 expects MFA on the obvious accounts; ML2 and ML3 expand the scope. 8. Regular backups. Backups of important data, software, and configuration settings; backups stored offline, online, or remotely; backups tested for integrity and accessibility. Recovery testing is the bit most SMEs skip and most regret skipping. Why does Maturity Level 1 matter for SMEs? Three reasons. It’s the practical security floor. An SME at ML1 has addressed the bulk of common cyber attacks. The remaining gap to ML2 and ML3 is mostly diminishing returns for typical SME threat models. ML1 is enough to make your business a substantially harder target than the unhardened SME next door. Cyber insurance and customer contracts. Most Australian cyber insurers map their underwriting questions to Essential Eight controls. Hitting ML1 typically unlocks reasonable cyber cover at standard premiums; below ML1, cover gets expensive or unavailable. Government and large enterprise customers increasingly require ML1 or ML2 attestation in vendor due diligence. Regulatory alignment. The Essential Eight aligns with the “reasonable steps” expectation under the Privacy Act’s APP 11. An SME implementing ML1 has documented evidence of technical and organisational measures meeting current security standards, which materially helps if the OAIC investigates after a breach. What does it actually cost an SME to hit Maturity Level 1? For most Australian SMEs already on Microsoft 365, the cost is moderate. The bulk of ML1 controls are achievable using tools the organisation already pays for: Microsoft Intune for endpoint management, Microsoft Defender for application control, Microsoft Entra for MFA, Microsoft 365 backup for SaaS data backup. The investment is mostly configuration and process, not new license fees. For SMEs with mature M365 Business Premium or E3/E5 subscriptions, achieving ML1 typically takes 2-4 months of configuration work, mostly focused on application control rollout, macro policy, OS patching cadence, and user application hardening. Costs are mostly internal time or partner advisory fees, with some hardware refresh for older Windows fleets that don’t support modern controls. For SMEs not yet on M365 Business Premium or with older or third-party stacks, the investment is higher: M365

Passkeys for Australian SMEs: a practical 2026 rollout guide

Insights & News Passkeys for Australian SMEs: a practical 2026 rollout guide May 4, 2026 Passkeys are FIDO2-based phishing-resistant credentials that replace passwords for sign-in. They’re now mainstream across Microsoft 365, Google Workspace, all major Australian banks, and most enterprise SaaS, and represent a meaningful security upgrade over password+SMS or password+TOTP authentication. For Australian SMEs in 2026, the practical question isn’t whether to adopt passkeys but how to roll them out without breaking the workforce. The straightforward path: enable passkeys alongside existing MFA on Microsoft Entra and Google Workspace, train staff to enrol their devices as passkey authenticators, and gradually phase out SMS-based MFA over 6-12 months. Key facts Passkeys are based on FIDO2 / WebAuthn standards and replace passwords with cryptographic keys stored on the user’s device. Passkeys are phishing-resistant: a passkey for one site cannot be used on a fake version of that site, unlike passwords or even TOTP codes. Microsoft, Google, Apple, and the four major Australian banks all support passkeys as of late 2025. Microsoft Entra (formerly Azure AD) supports passkeys for Microsoft 365 sign-in via the Microsoft Authenticator app or hardware keys. SMS-based MFA is deprecated in security guidance from ASD, NIST, and most security frameworks; passkeys are the recommended replacement. Passkey adoption requires device-level support: iOS 16+, Android 9+, Windows 10/11 with Windows Hello, or macOS Ventura+. What is a passkey and how is it different from a password? A passkey is a cryptographic credential pair: a public key registered with the service you’re signing into, and a private key that stays on your device. When you sign in, your device proves it has the private key without ever sending it. There’s no password to type, no code to enter, no shared secret that can be phished. Passkeys solve the two biggest problems with passwords. They can’t be reused across sites (each passkey is unique to one service), and they can’t be phished by a fake version of the legitimate site (the cryptographic challenge only works against the genuine domain). From a user perspective, a passkey sign-in looks like Touch ID, Face ID, or a Windows Hello PIN prompt. The user proves they’re physically present with their device, and the device handles the cryptographic conversation with the service. No typing of long random strings, no fishing through SMS messages. Why are passkeys better than password plus MFA? Most SMEs in 2026 use password + MFA via SMS, TOTP authenticator app, or push notification. Each of these has known phishing-vulnerable failure modes. SMS MFA can be phished via real-time relay attacks (the attacker collects the password and SMS code and uses them within seconds), bypassed via SIM swap fraud, or intercepted via SS7 telecom vulnerabilities. ASD’s guidance has discouraged SMS MFA for sensitive accounts since 2022. TOTP codes from Google Authenticator or similar are phished the same way SMS codes are: a malicious site asks for the password and the code, then uses both immediately on the legitimate service. Push notifications are slightly better but vulnerable to MFA fatigue attacks (the attacker spams the user with login prompts until the user accidentally approves one). Microsoft introduced number-matching to mitigate this, but it’s still possible. Passkeys close all of these attack paths. The cryptographic challenge is bound to the legitimate domain, so a phishing site can’t generate a valid prompt. There’s nothing for the user to “type wrong” or accidentally approve. The credential is never transmitted, even encrypted, so SS7 or SIM swap attacks don’t apply. For SMEs with valuable data, the upgrade is genuinely meaningful. How do you roll out passkeys for a Microsoft 365 SME? For Microsoft 365 environments (which covers the bulk of Australian SMEs), the rollout sequence is well-defined. 1. Enable passkeys in Microsoft Entra. In the Microsoft Entra admin centre, under Authentication methods, enable Passkey (FIDO2) for the relevant user groups. Microsoft Authenticator can act as a passkey authenticator on iOS and Android devices, and physical FIDO2 keys (YubiKey, Feitian) work for hardware-key scenarios. 2. Pilot with technical staff first. Roll out to IT, security, and one or two engaged users from each business team. They’ll discover the edge cases (legacy applications, third-party SaaS that doesn’t yet support passkeys, devices that fail to enrol) before the broader rollout. 3. Update conditional access policies. Configure Entra Conditional Access to require passkey for high-risk sign-ins, sensitive applications, and admin accounts. Keep password+MFA as a fallback during transition. Once passkey adoption is high, tighten policies to require passkey for the full user population. 4. Communicate and train. Most users adapt quickly to passkeys (it’s easier than passwords once enrolled), but the enrolment moment needs explanation. A 5-10 minute walkthrough video, plus desk-side support during the rollout week, makes the difference between a smooth rollout and a frustrated workforce. 5. Phase out SMS MFA. Once 80%+ of users have enrolled at least one passkey, start the SMS MFA deprecation. Some users will need exceptions (devices that don’t support passkeys, legacy applications), but the goal is to get SMS-based authentication off the standard path within 12 months. What are the practical challenges of passkey rollout? Three real-world challenges that catch SMEs off guard. Cross-device sync. Passkeys can sync across a user’s devices via iCloud Keychain (Apple), Google Password Manager (Android), or Microsoft Authenticator (cross-platform). The challenge is that users mixing ecosystems (iPhone with Windows desktop, or Android with Mac) sometimes have surprising sync gaps. The pragmatic answer is to enrol two passkeys per user, one per primary device, rather than relying on sync. Shared accounts. Passkeys are designed for individual users, not shared accounts. SMEs that have a shared “info@” or “accounts@” mailbox accessed by multiple staff need to migrate to delegated access (Microsoft 365 shared mailboxes) before rolling out passkeys, or maintain a fallback authentication method for those accounts. Most organisations should be doing this anyway, since shared passwords are a security and audit problem regardless. Account recovery. If a user loses their passkey-enrolled device and has no backup authenticator, they’re locked out. The

Cyber insurance for Australian SMEs in 2026: what insurers expect

Insights & News Cyber insurance for Australian SMEs in 2026: what insurers expect April 30, 2026 Australian cyber insurance underwriting has tightened significantly through 2024 and 2025, and most insurers will now decline cover or apply ransomware sub-limits to SMEs that don’t have multi-factor authentication, EDR on every endpoint, immutable backups, and basic Essential Eight maturity. Premiums have stabilised after the 2022-23 spike but cover is more conditional. The “tick-and-flick” application form has been replaced by detailed technical questionnaires and, for higher cover, evidence of controls. SMEs that haven’t invested in security controls increasingly find that cyber insurance is either expensive or unavailable. Key facts Australian cyber insurance premiums increased 50-100%+ between 2021 and 2023, driven by ransomware loss ratios; pricing has stabilised through 2024-2025. Most insurers now require MFA on email and admin accounts, EDR on every endpoint, and immutable or offline backups as minimum underwriting conditions. Ransomware sub-limits (cover capped well below the policy aggregate) are now common, particularly for SMEs without strong controls. War exclusions following Lloyd’s market changes have tightened, with state-sponsored attack scenarios sometimes excluded entirely. Reporting under the Cyber Security Act 2024 is now a policy condition for many insurers; non-reporting can void cover. Insurers increasingly request third-party security attestations (Essential Eight maturity assessment, ISO 27001, cyber security ratings) for cover above AU$1 million. What is cyber insurance and what does it cover? Cyber insurance covers financial losses and third-party liabilities arising from cyber incidents: ransomware, business email compromise, data breaches, business interruption following an attack, regulatory investigation costs, customer notification expenses, and legal liability arising from data exposure. Specific cover varies by policy, but most Australian SME cyber policies include first-party costs (incident response, forensics, business interruption) and third-party liability (claims by customers or regulators). What cyber insurance typically does not cover: pre-existing breaches not yet discovered, intentional acts by directors and officers, war and terrorism (where excluded), failure to maintain stated security controls (where the application form misrepresented the actual position), and claims arising from countries on sanctions lists. For Australian SMEs, typical 2026 policy aggregates run from AU$500,000 to AU$5 million for small and mid-market businesses, with annual premiums anywhere from AU$3,000 to AU$50,000+ depending on revenue, sector, controls, and claims history. Why is cyber insurance harder to get in 2026? Three forces have reshaped the market over the past four years. Ransomware loss ratios. Cyber insurers paid out aggressively on ransomware claims in 2020-2022, with global loss ratios in the 70-90% range across multiple years. The market response was inevitable: tighter underwriting, sub-limits on ransomware specifically, premium increases, and refusal to cover applicants without baseline controls. State-sponsored attribution complexity. Following the 2022 Lloyd’s market bulletin requiring revised war exclusions, most insurers tightened the language around state-sponsored attacks. The practical effect is that some major incidents that would have been covered in 2020 may now fall in the war exclusion, particularly if attribution to a state actor or state-sponsored group is established. Evidence-based underwriting. Insurers learned that application forms self-attesting to security controls didn’t predict claims accurately. The current generation of underwriting uses external security ratings, Essential Eight maturity assessments, and detailed technical questionnaires that are harder to bluff. Several insurers will require external scans of the applicant’s public-facing infrastructure as part of the application. What controls do cyber insurers require for SMEs in 2026? The required controls vary by insurer, but a common 2026 baseline for Australian SME cyber cover is: MFA on email, remote access, and admin accounts. This is universal. No serious insurer will issue cyber cover to an SME without MFA on Microsoft 365 or Google Workspace, on remote access (VPN, RDP, RMM), and on privileged accounts. Some insurers now also require MFA on customer-facing portals and finance system logins. EDR or next-generation antivirus on every endpoint. Traditional signature-based AV no longer satisfies most underwriting requirements. The expectation is behavioural detection (Sophos Intercept X, Microsoft Defender for Endpoint, SentinelOne, CrowdStrike) rather than signature-based. Immutable or offline backups. Insurers want evidence that ransomware can’t encrypt or delete the backups. The technical bar is typically immutable backups (Proxmox Backup Server with immutability, Veeam with hardened repositories, cloud backup with object lock) or air-gapped backups, with documented restore testing. Email security and phishing awareness. Email gateway protection (Mimecast, Microsoft Defender for Office 365), phishing simulation training, and DMARC/DKIM/SPF properly configured. Around 85% of Australian SME cyber incidents start with email. Patching discipline. Some insurers ask for evidence of patching cadence, particularly for internet-facing systems. Patching critical vulnerabilities within 14 days of vendor release is becoming common as a written requirement. How does Essential Eight maturity affect cyber insurance? The ASD Essential Eight has become a useful shorthand for cyber maturity in Australian insurance underwriting. Insurers don’t necessarily require formal Essential Eight assessments, but most ask questions that map directly onto the eight controls: application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, and regular backups. For SMEs, hitting Maturity Level 1 across the Essential Eight typically satisfies most underwriting requirements. Maturity Level 2 (still affordable for an SME) typically improves premium pricing or unlocks higher cover. Maturity Level 3 is largely an enterprise concern but signals strong underwriting. For SMEs servicing government clients or regulated industries, an Essential Eight maturity assessment is increasingly contractually required, separately from cyber insurance. Doing the assessment once and using it for both insurance and customer due diligence is efficient. What should an SME do before applying for cyber insurance? Six practical steps that improve both insurability and security posture. 1. Document your controls before the application form arrives. Insurers ask the same 50-100 questions about MFA coverage, EDR deployment, backup architecture, patching cadence, and incident response plans. Writing these answers down once, accurately, is a one-week project that pays back across multiple insurance applications. 2. Close the obvious gaps before applying. If MFA isn’t on every email account, fix that first. If admin accounts are still using shared passwords, fix that. If

Mandatory ransomware reporting in Australia: what SMEs need to know

Insights & News Mandatory ransomware reporting in Australia: what SMEs need to know April 30, 2026 Australia’s Cyber Security Act 2024 requires businesses with annual turnover of AU$3 million or more to report ransomware payments to the Australian Signals Directorate within 72 hours of paying or being aware that payment has been made. The reporting obligation came into force on 30 May 2025, with civil penalties of up to AU$19,800 for non-reporting. Reports go to ASD via the cyber.gov.au portal and include the entity, the cybercriminal demand, and the payment details. The intent is intelligence sharing, not prosecution of victims. Key facts The Cyber Security Act 2024 received Royal Assent in late November 2024 and the ransomware reporting provisions commenced 30 May 2025. The reporting obligation applies to businesses carrying on a business in Australia with annual turnover of AU$3 million or more, plus all entities responsible for critical infrastructure assets. Reports must be lodged within 72 hours of making a ransomware payment or becoming aware that one has been made. Civil penalty for non-compliance: up to 60 penalty units (~AU$19,800). Reports are made via the Australian Signals Directorate at cyber.gov.au, with limited use protections meaning the report can’t be used to prosecute the entity. Paying ransoms is not illegal in Australia, but it does create the reporting obligation. What does the Cyber Security Act 2024 actually require? The Cyber Security Act 2024 introduces Australia’s first mandatory ransomware payment reporting regime. Where a covered entity makes a ransomware or cyber extortion payment (or where one is made on its behalf), the entity must report the payment to ASD within 72 hours. The report includes the entity’s details, the nature of the demand, the type of cybercriminal involved, the amount paid, and how the payment was made. The Act sits alongside several other obligations introduced by the same legislation: a national Cyber Incident Review Board, mandatory security standards for smart devices, and limited use protections that prevent ASD from sharing reported information with most regulators for enforcement. The intent is to encourage reporting rather than punish it. Where the entity makes the payment but isn’t itself the direct victim (for example, a cyber insurer or incident response firm pays on behalf of the insured), the obligation still falls on the entity that benefited from the payment, not the payer. This catches arrangements where the actual policyholder might otherwise hide behind a third party. Who has to report and who’s exempt? The reporting obligation applies to two categories. First, businesses carrying on a business in Australia with annual turnover of AU$3 million or more in the previous financial year. Second, entities responsible for critical infrastructure assets under the Security of Critical Infrastructure Act, regardless of turnover. Most Australian SMEs by count fall under the AU$3 million threshold and are exempt from the reporting obligation. But the exemption is narrower than it sounds. It applies only to ransomware reporting under the Cyber Security Act. Other obligations (Notifiable Data Breaches scheme, Privacy Act, ASIC reporting, banking and financial services rules) apply regardless of turnover and can each create their own reporting triggers. If your turnover is over AU$3 million, treat the reporting obligation as in scope. If your turnover is close to the threshold, get specific advice rather than guessing, because the way “annual turnover” is defined in the Act includes some related-entity revenue that’s easy to miss. What happens if you don’t report? The civil penalty for failing to report a ransomware payment is up to 60 penalty units, currently AU$19,800. The penalty applies to the entity, not individuals, and is enforced by the Department of Home Affairs. The penalty is deliberately set lower than the cost of paying a ransom in the first place. The Government’s policy logic is that the marginal incentive to report should outweigh the perceived benefit of staying silent. Combined with the limited use protections (ASD cannot share the report with most regulators for enforcement), the legislative design is “report and we won’t use this against you” rather than “report or we’ll punish you harder.” That said, the reputational and contractual consequences of non-reporting can be material. Customers, insurers, and lenders increasingly require certification that the business is meeting its statutory obligations. Failure to report a ransomware payment can void cyber insurance cover and create disclosure obligations to customers. What should an SME do before a ransomware incident? Three things matter, all preventative. Immutable backups, tested. The single most important defence against ransomware extortion is a backup that the attacker cannot encrypt or delete. We use Proxmox Backup Server with immutability enabled and backup retention policies that survive ransomware actor dwell time of weeks rather than days. The backup is only useful if it’s been tested, ideally with a quarterly restore exercise. Endpoint Detection and Response (EDR) on every endpoint. Modern ransomware operators are inside networks for an average of two to three weeks before they trigger encryption. EDR catches their behavioural signatures (lateral movement, credential dumping, mass file access) much earlier than traditional antivirus. For SMEs, Sophos Intercept X, Microsoft Defender for Endpoint, or SentinelOne are all reasonable choices. Multi-factor authentication on everything that matters. Email, remote access, admin accounts, financial systems, document repositories. Roughly 80% of the SME ransomware incidents we see in Sydney start with credentialed access (phishing, password reuse, leaked credentials from other breaches). MFA closes most of those entry points. What should an SME do during a ransomware incident? This is when the incident response plan matters. If you don’t have one, the first 24 hours of any incident will be chaos and decisions will be made under pressure that you’ll regret later. The decisions that need to have been pre-made before an incident hits include: who has authority to take systems offline, who talks to insurance, who notifies customers, who notifies the OAIC, and (for in-scope entities under the Cyber Security Act) who lodges the ASD report. Pre-decided answers save days at exactly the point you don’t have them. During an

Shadow AI in Australian SMEs: what to do about staff using ChatGPT at work

Insights & News Shadow AI in Australian SMEs: what to do about staff using ChatGPT at work April 30, 2026 Shadow AI refers to employees using AI tools (ChatGPT, Claude, Gemini, Perplexity, Copilot personal accounts, and so on) for work without IT approval, sanctioned licensing, or policy guardrails. Recent industry surveys put shadow AI usage at over 70% of knowledge workers in Australian SMEs, often pasting confidential client data, financial figures, or unreleased information into consumer AI tools. The right response isn’t a blanket ban (which doesn’t work) but visibility, policy, and a sanctioned alternative employees actually want to use. Key facts An estimated 70-80% of knowledge workers use AI tools at work, with most usage happening outside IT’s sanctioned tools. Consumer ChatGPT, Gemini, and Claude free tiers historically retained user inputs for model training; paid and enterprise tiers do not. Australia’s Privacy Act APP 1.7 (commencing 10 December 2026) requires disclosure of automated decision-making in privacy policies, including AI tools. Shadow AI typically goes through residential internet, personal devices, or corporate networks via web browsers, making URL filtering the primary detection point. Microsoft Purview and similar DLP tools can detect and warn on sensitive data sent to AI URLs without blocking outright. Sanctioned AI alternatives (M365 Copilot, ChatGPT Enterprise, Claude for Work) range from AU$25-45 per user per month ex GST. What is shadow AI and why is it everywhere? Shadow AI is the AI version of shadow IT: tools brought in by individual employees to do their jobs better, without going through procurement, IT, or any formal approval. The defining characteristic is that the organisation typically has no visibility into who’s using which tools, with which data, for which purposes. The reason shadow AI is so widespread is structural. Generative AI delivers immediate productivity gains for most knowledge work tasks: drafting emails, summarising documents, transforming spreadsheets, analysing reports, generating code. Employees discover these benefits within minutes and adopt the tools the same day. Meanwhile, the organisation’s formal AI strategy is still being written, and any sanctioned alternative is months away from rollout. In our experience working with Sydney SMEs through 2025 and into 2026, the gap between when employees start using AI and when the organisation has a sanctioned position is typically 6-18 months. During that window, shadow AI fills the vacuum. What are the actual risks of shadow AI for an SME? Three risks matter for most Australian SMEs, in roughly this order of priority. Data leakage to consumer AI services. Free-tier ChatGPT, Gemini, and Claude have variously retained user inputs for model training over the past three years. Even with current opt-out toggles, employees pasting client lists, financial figures, draft contracts, or confidential strategy documents into consumer AI tools means that information leaves your control. Once it’s in someone else’s training pipeline or logging system, you can’t get it back. Privacy Act exposure. Most shadow AI usage involves personal information (employee details, customer information, project staffing decisions). The amended Privacy Act’s APP 11 requires “reasonable steps” including “technical and organisational measures” to protect personal information. Letting staff paste customer data into unmonitored consumer tools is increasingly hard to defend as reasonable steps. From 10 December 2026, automated decision-making transparency rules add a further obligation. Quality and accuracy in client-facing output. AI-generated content with hallucinations or errors going to clients is a brand and legal risk. Unsanctioned AI usage often happens without policy guidance on which tasks AI is appropriate for, and which require human verification. The first time an SME accountant submits AI-generated tax advice to a client without checking the calculations is the day the lawyer gets called. Why doesn’t banning AI work? Bans don’t work for three reasons. First, AI tools are usable from any device with a web browser, including personal phones on mobile data, which makes a corporate network ban trivially easy to bypass. Second, employees who find AI useful for their work won’t stop using it because of a policy; they’ll just stop telling anyone they use it. Third, banning AI puts the organisation at a competitive disadvantage against businesses that have figured out how to use it productively. The pragmatic position is governed AI: visibility into what’s being used, policy that defines acceptable use, and a sanctioned tool that’s good enough that employees prefer it to the consumer alternatives. How do you get visibility into shadow AI usage? Three layers of visibility, ordered from least to most invasive. Network-level visibility via firewall logs or DNS-based filtering (Sophos, Cisco Umbrella, Cloudflare Gateway). You can see which AI services are being accessed, by whom, and how often. You can’t see what’s being sent to them, but you get a picture of usage patterns and shadow AI prevalence. Endpoint visibility via Microsoft Defender for Cloud Apps, Sophos data loss prevention, or similar. These tools detect when sensitive data patterns (credit card numbers, customer record formats, document classifications) are being sent to AI service URLs. The good ones can warn the user without blocking, which catches the unintentional cases without breaking workflows that have legitimate use. Microsoft Purview data classification ties content sensitivity to enforcement. If a document is classified as “Confidential” via Purview labels, you can prevent that document’s content from being copied into a browser session targeting an AI URL, or warn the user that they’re about to do something policy-risky. This is the cleanest implementation but requires existing M365 E5 or similar licensing tier. What should an SME’s AI policy actually say? Avoid the 30-page policy document no one reads. The useful AI policy for an SME is one to two pages and covers six things plainly. Sanctioned tools. Name the AI tools the organisation has approved (typically M365 Copilot, plus one external option for tasks Copilot doesn’t cover well). State that other tools require explicit approval before use with company data. Data classification rules. Plain English on what categories of data can be put into which AI tools. Customer personal information goes into sanctioned tools only. Public marketing copy

Scroll to Top