Five ‘must dos’ for small business to increase cyber resilience

As South Australia and much of the rest of the nation sit in lockdown, the same conditions that are so challenging for our businesses are unfortunately also the ones where cyber criminals thrive.

Jul 26, 2021, updated Jul 26, 2021

The breach of an organisation’s data and systems can cause significant financial and reputational damage, including the loss of clients or customers.

Making sure that your cyber security systems and processes are up to scratch is key to protecting your business, so BDO’s Nick Kervin has compiled a list of his top 5 ‘must do’ cyber security tips for small business owners.

1. Employee Training and Education

People are your business’s best asset, but also the most vulnerable point in terms of cyber risk. Quarterly cyber security awareness training, which covers key cyber security knowledge is your first line of defence.

Training does not need to be long and onerous, key messages can be conveyed in 30 to 45 minutes and should include: Recognising and avoiding phishing/social engineering attempts; responding appropriately to and reporting a data breach; being mindful of physical security; knowing data privacy best practices; and ways to avoid being a victim of ransomware.

2. Create a cyber-security culture

Put policies and processes in place to guide your staff in understanding their cyber security responsibilities. These should be socialised during employee induction, reinforced during the quarterly training, and communicated when there are significant changes within the business.

The Federal Government has a good ‘how to’ guide to help businesses develop a robust cyber security policy, which can be found online at

3. Network & Endpoint Security

Ensure all laptops and workstations are up-to-date with the latest security patches for your operating systems and other software, have antivirus installed, are behind a firewall, and that email spam filters are enabled.

If you don’t have a network and rely on your workplace Wi-Fi, focus on ensuring that endpoint security on your laptops and workstations is adequate.

4. Account Security

InDaily in your inbox. The best local news every workday at lunch time.
By signing up, you agree to our User Agreement andPrivacy Policy & Cookie Statement. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Passwords alone are not an adequate line of defence, as they are too easily compromised. Businesses should employ the use of a password management system, use passphrases instead of passwords, apply 2 Factor Authentication (2FA) or Multi Factor Authentication (MFA) for critical accounts, and change all default passwords to new passphrases that can’t be easily guessed.

PC Magazine Australia lists a number of market leading password management systems in this article, which may provide a good starting point.

If you are a small business that uses Microsoft Office 365, ensure you have enabled MFA to protect your email systems and avoid Business Email Compromise (BEC).

This article from the Australian Signals Directorate provides excellent insight into BEC.

5. Backup & Disaster Recovery

Too many small businesses are carrying a big risk with their backup system or lack thereof.

Make it a priority to enable automatic and secure cloud-based data backups, ensuring encryption is used when transferring and storing data. Multi-factor authentication should be required for access.

Regularly test that you are able to restore data from your backup – this is very important, as paying for a backup service that cannot be recovered is an area of high risk for small business.

Understanding how you can improve the cyber resilience of your business can be daunting, but these steps will ensure you have the most critical elements covered.

The Australian Government has also provided an easy to understand guide at, which is a great resource for any small business owner.

Local News Matters
Copyright © 2024 InDaily.
All rights reserved.