skip to main content
Business IQ

How-to: Start your own small business cyber-security health check

Smarter Writer
Smarter Team

The Smarter Team is made up of business and technology journalists who write to offer insights to small and medium businesses about technology, business know-how and emerging trends.

Smarter Writer
Smarter Team

The Smarter Team is made up of business and technology journalists who write to offer insights to small and medium businesses about technology, business know-how and emerging trends.

Have you conducted a complete cyber-security health check for your business? For many small business owners, the answer isn’t a definitive ’yes’ or ‘no’ – because while they may have addressed some factors, they might have overlooked others. But with our cyber-security health checklist, you can get ready to go all the way.

Around 63% of businesses were interrupted due to a breach last year. And with year-on-year increases in reported cyber-security events – like cyber crime and cyber attacks that can lead to identity theft – the right time to correctly set up your business’s data security with a health check is today.

Why do you need to do a complete audit?

A myth endures, especially when small businesses consider their network security: that only bigger businesses are the targets of cyber attacks that aim to steal data via a security breach. But the past five years have brought about a paradigm shift in cyber threats.

Whether your business is small or large, your data is equally valuable and, more and more, cyber-criminals will attack a smaller business to reach someone else in their contacts list. With the right code or ransomware, a cyber-criminal can target a thousand small businesses in the same time it takes to attack one large enterprise.

So how do you counter these threats and protect your small business from a cyber attack? You need to evaluate all areas of your business, and an effective – and essential – way to do this is with a cyber-security health check, a process that involves more than basic internet security hygiene like updating your software and antivirus tools. Ensuring the basics are in place is just the beginning.

The principles of a cyber-security health check assessment

Vulnerability: An assessment of the level of security and governance in place.

Complexity: The size of your business and the variety of components in your business.

Desirability: The value of your business’s information, whether for theft or ransom.

Is your business at risk of cyber crime?

Learn to assess risk and safeguard your business against online threats.

Access reportIs your business at risk of cyber crime?

Arrive prepared: Here’s how to speed up your health check

Unless you’re an IT professional, you may not be aware of the different ways cyber-criminals can get at your business and your customers’ data.

Do you think it’s a matter of keeping your antivirus software up to date, being phishing-aware or avoiding dodgy links? Think more broadly about network security. A properly governed health check covers all layers of essential business operations.

Why? Because there’s more to it than just the security-specific measures you have (or don’t have) in place. Assessing your business’s overall cyber-security posture helps you safeguard your data protection and information security. Taking a holistic, business-wide approach puts you in a better, more secure position.

Make a start: Six things to think about before a cyber-security health check

  1. Where is your data? Many people don’t understand what data they have, where it is and what’s important – different types of data have a different value.
  2. Who has access to your information? During a security audit, it’s common to find staff who have left a business yet still have access to important items.
  3. Do you practise identity data management? It’s vital to make sure files are only accessible to the people who should have access.
  4. How do you back up your data? Know what backup regime – if any – you have in place. A disconnected hard drive holding valuable data, for example, might be improperly (or never) assessed. And simply uploading everything to the cloud isn’t enough.
  5. Do you know what antivirus software you have? And what you’re using across devices? Many small businesses collect a mixture of devices and software as their needs change. A clear idea of what you use on every device is essential.
  6. Are you aware of machines and devices that only use your network occasionally? What the experts can’t see, they can’t evaluate. To properly audit, a specialist needs complete access to all your devices.

Checklist: Step-by-step preparation for your cyber-security health check

The cyber-security experts you commission for your health check don’t need every detail upfront before they start, but a close-to-complete picture will help them prioritise and solve your business’s biggest weaknesses first.

Here’s a checklist you can start ticking off right now to help you collect all the things you’ll need to know and show, so you can shore up your security more quickly.

Assets: Be informed about your information ☐

Locate all the information you have, including any within business intelligence tools – from customer details, payment records and employee information to all business and personal financial and legal records. This also includes any intellectual property, like marketing creative and product design.

Recovery: Consider how you bounce back ☐

Check whether you have a plan to recover from a cyber attack or resulting data breach. If you lost information from computers, mobile phones, servers, online or in the cloud, consider how long it would take you to recover based on the plan you have in place.

Systems: Make a list of your systems tech ☐

Make a list of all the systems technology you use in your business. This includes firewalls, routers and servers, plus anything for physical security that’s connected to the network, like cameras, security systems, point-of-sale tech and third-party cloud services.

Devices: Take a closer look at how you approach device security ☐

Collate details of all the employee and business devices you use. Take stock of how you manage security across them all. Think: Do you use PINs, fingerprints or passwords? Do you have a dual-authentication process? Are antivirus and malware scanners enabled? Do you use whitelisting?

Measures: The things you’re doing now ☐

Ask yourself if you update and patch all apps, systems software and devices; prevent personal devices from accessing your business network; actively manage passwords; and oversee the approval of all apps that run on work devices.

Your website: Make a note of your site’s functions ☐

Jot down any and all functions on your website that involve the following interactions with a website visitor: e-commerce payments and transactions, file uploads, discussion boards and chat. It’s important to know where and how you collect data.

Backups: How do you do them? ☐

Record your backup process. Backups need to be regular and across multiple locations, for added security. How you back up your files, data and so on, will make a huge difference to how well you respond to an attack.

Rules to follow: Compile your policies, guidelines and plans ☐

If you have a register of important business information items and a list of responsible people, locate these. And unearth any policies and guidelines you have about information access, software updates, data storage, how you identify security threats and more.

Testing testing: Make it routine ☐

An easy one that's easy to miss: look at your schedule for security testing.

You’ve taken the first step towards stronger security

Data protection in small business is essential. And now you have a clear picture of most of the elements that go into a cyber-security health check for your digital security. What’s next? Evaluation. Telstra Business Cyber Security Services experts can take the information you’ve collated, assess your business’s current security posture and offer personalised recommendations.

Ensure your business is cyber-secure

Get security assessments, updates on the latest threats and 24/7 support with Telstra Business Cyber Security Services.

Find out moreEnsure your business is cyber-secure

How 5G could help grow and transform your business

In Telstra’s recent Business Intelligence survey, small and medium business owners were asked about the technologies they think will impact them in the future. ‘Cloud’ (28%) an...

Five ways to create a great remote working team

Driving the performance of remote teams requires much more than simply handing out computers and collaboration tools. The key is to empower your remote staff to work effectivel...

Why and how to use the 3-2-1 strategy for data back-ups

Have you ever lost a digital file worth hours of work because of a program crashing or something going wrong with your computer? Or been a victim of ransomware, where hackers b...

Business IQ
Business IQ
Freelance Virtual Conference: 5 key cyber security takeaways

Freelance Australia recently held the 2021 virtual Freelance Essentials Conference to help freelancers and small businesses learn the ins and outs of running a freelancing ente...