Cybersecurity for small businesses – 11 areas to consider

Approximately one in five Australian small businesses report that they have previously been the target of a cyber-attack. Additionally, 43% of all cybercrimes are targeted at small businesses. As a small business, have you considered which of the following areas may affect you?

Cybersecurity policies and procedures

Do you have an overarching cybersecurity or IT security policy that is documented and communicated within your organisation? Does the policy translate into day-to-day procedures which staff can follow?

Working remotely and two factor authentication

Do you allow employees to use their own devices and home computers to access your corporate network? Have you considered implementing ‘two-factor’ authentication?

Education and awareness

Are your staff regularly informed and educated on cybersecurity including the dangers of poor passwords, phishing, and USBs?

Outsourced third parties

If your third parties suffer a cybersecurity incident or data breach, how does this impact your business?

User access and passwords

Do you know who has access to your IT environment, including outsourced contractors and third parties? What password requirements do you enforce for your IT and business systems?

Data and backups

Do you know what your critical business process are and where sensitive data is stored? Do you know about the importance of backups e.g. in context of ‘Ransomware’?

Cybersecurity incidents

Is there a defined process for responding to security incidents and data breaches? Do you have a relationship with a specialised security provider to assist?

Monitoring and detection

How do you routinely monitor and detect for potential cybersecurity vulnerabilities, events and incidents?

Anti-malware and website securityAre all your devices protected by anti-virus software? Is a regular independent review of your website security performed, including a ‘penetration test’?
Patching of applications and systems

Have you established a routine patching process which covers all of your IT applications and systems, including desktops, laptops, servers and critical applications?

Use of USBs and removable media

Are you aware of the risks of using untrusted and unsecured USBs? Do you have a ‘removable media’ policy which prescribes the usage to staff?


Darren Lim

Darren Lim
Senior Manager, Sydney
T: +61 2 9248 9927
E: dlim