skip to main content
Business IQ

How to prepare your small business for a cyber security health check

Smarter Writer
Smarter Team

A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

Smarter Writer
Smarter Team

A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

Cyber security, or technology in general, may or may not be your jam but as a small business, ensuring your digital space is secure and knowing how to prevent cyber attacks for your and your customers’ sake is pretty important.

If you haven’t conducted a cyber security health check before, don’t stress. Our simple checklist will help you get prepared in no time.

Over 50% of Australian businesses lost productivity because of a cyber attack in 2020. And with year-on-year increases in reported cyber crimes and attacks the best time to set up your business’s cyber security with a health check is now.

Why do you need a cyber security health check?

It’s a myth that only bigger businesses are the targets of cyber attacks. Your data is valuable no matter the size of your business and, more and more, cyber-criminals will attack a smaller business to try and get access to their supplier and customer data. It can be scary to know that some experienced cyber-criminals actually have the ability to target thousands of small businesses at once with the right code or ransomware.

So how do you counter these threats and ensure cyber attack protection for your business? By evaluating every area of your business with a cyber security health check - a process that involves more than basic internet security hygiene.

A properly governed cyber security health check goes beyond keeping your antivirus software up to date and avoiding dodgy links. It covers all layers of your essential business operations to put you in a better, more secure position. You can read more about the cyber security essentials recommended by the Australian Government if you’re keen to know more.

The principles of a cyber security health check assessment
  • Vulnerability: This is where you assess of the level of security and governance that you already have in place
  • Complexity: What size is your business and how many components are involved in its makeup?
  • Desirability: What is the value of your business’s information in terms of theft or ransom.

Get started: Six ways to prepare for a cyber security health check

  1. Locate your data
    Lots of businesses don’t really understand what data they have, where it is and what kind of value it has.
  2. Find out who has access to your information
    During a cyber security audit, you might find staff who no longer work with you yet still have access to important systems.
  3. Tighten up your identity data management
    It’s vital to make sure files are only accessible to the people who you authorise to have access.
  4. Backup your data
    And make sure that it’s backed up securely. If all your data is sitting on a disconnected hard drive it can make a proper assessment difficult. And simply uploading everything to your preferred cloud platform isn’t often enough.
  5. Know your antivirus software and which devices it covers
    Many small businesses collect a mixture of devices and software as their needs change. Get a clear picture of what you use on every device to ensure consistency.
  6. Take note of machines and devices that only use your network occasionally
    If you’ve engaged an expert to help you conduct your first cyber security health check they need to be able to see everything. Every device, machine or hard drive where you hold information.

Checklist: 9 steps to prepare for your cyber security health check

The cyber security experts you engage for your health check don’t need every tiny detail before they can start, but the more complete picture you can draw the better they will be able to prioritise and solve your business’s biggest weaknesses.

Start ticking off this checklist before your experts arrive to speed up the entire process and ensure a more effective end result.

  1. Make a list of all your assets 
    Locate all the information you have – from customer details, payment records and employee information to all business and personal financial and legal records. This also includes any intellectual property, like marketing creative and product design.
  2. Consider how you might currently recover from an attack 
    What would be your plan to recover from a cyber attack or data breach? If you lost information from computers, mobile phones, servers, online or in the cloud, think about how long it might take you to recover.
  3. Make a list of your technology 
    This list could include technology like firewalls, routers and servers, plus anything for physical security that’s connected to the network, like cameras, security systems, point-of-sale machines or third-party cloud services.
  4. How is your device security looking? 
    Create a simple spreadsheet that contains all details on your employees and any devices you all use. How do you manage security across them all? You might use secure PINs, fingerprints or passwords? Do you have antivirus and malware scanners enabled? Do you use whitelisting?
  5. List all of the security measures you are already taking 
    Do you perhaps regularly update all your apps, software and devices? Do you have a way of preventing personal devices from accessing your business network? Do you actively manage passwords; and have a way of approving any apps that run on your work devices?
  6. Map out every possible interaction someone might have with your website 
    Jot down the ways in which a website visitor has a chance to interact with your website, for example:
        - e-commerce payments and transactions
        - File uploads or downloads
        - Discussion boards and chat functions
    It’s important to know where and how you collect data.
  7. Record your backup process 
    Backups need to be regular and across multiple locations, for added security. Your backup process will make a huge difference to how well you respond to an attack.
  8. Compile your policies, guidelines and plans 
    Unearth any policies and guidelines you have about information access, software updates, data storage, how you identify security threats and more.
  9. Look at your schedule for security testing 
    Routine testing is an easy thing to forget but crucial for effective cyber attack protection.

What’s next in preventing cyber attacks?

Now you have a pretty good idea about what’s involved in a cyber security check you’re ready for a professional evaluation of your digital security. Telstra Business Cyber Security Services experts can take all the helpful information you’ve collected, give you an idea of your business’s current security position and offer personalised recommendations to further safeguard your valuable data.

Ensure your business is cyber-secure

Get security assessments, updates on the latest threats and 24/7 support with Telstra Business Cyber Security Services.

Find out moreEnsure your business is cyber-secure
Success Stories
Success Stories
How 3 Australian businesses embrace tech innovation to solve challenges and thrive

These forward-thinking businesses are building a better Australia. It’s what made them winners in the Embracing Innovation category at the 2022 Telstra Best of Business Awards....

Business IQ
Business IQ
6 expert tips to make sure your hospitality business thrives in 2022

For many hospitality businesses, the past two years have presented some unique challenges. The post-COVID world has its own obstacles, from finding and retaining staff to chang...

Customer Experience
Customer Experience
Shipping and delivery fundamentals: How to create and communicate a returns policy

2022 research by ShipStation and Inside Retail found that 57% of shoppers pay close attention to an online retailer’s returns policy before purchasing from them for the first t...

Customer Experience
Customer Experience
The new .au direct domain is here: Why you need to register yours now

auDA, the administrator of Australia’s .au top level domain, recently announced that Australian internet users can now register for .au direct domain names. This presents an op...