skip to main content
  • Business Intelligence
  • Growth
  • Customers
  • Productivity
  • Business IQ
  • Trends
  • Success Stories
  • Tech
  • Awards
  • Business Tools
  • Subscribe
  • Tech Enquiry
  • Business IQ

    How to prepare your small business for a cyber security health check

    Smarter Writer
    Smarter Team

    A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

    Smarter Writer
    Smarter Team

    A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

    Cyber security, or technology in general, may or may not be your jam but as a small business, ensuring your digital space is secure and knowing how to prevent cyber attacks for your and your customers’ sake is pretty important.

    If you haven’t conducted a cyber security health check before, don’t stress. Our simple checklist will help you get prepared in no time.

    Over 50% of Australian businesses lost productivity because of a cyber attack in 2020. And with year-on-year increases in reported cyber crimes and attacks the best time to set up your business’s cyber security with a health check is now.

    Why do you need a cyber security health check?

    It’s a myth that only bigger businesses are the targets of cyber attacks. Your data is valuable no matter the size of your business and, more and more, cyber-criminals will attack a smaller business to try and get access to their supplier and customer data. It can be scary to know that some experienced cyber-criminals actually have the ability to target thousands of small businesses at once with the right code or ransomware.

    So how do you counter these threats and ensure cyber attack protection for your business? By evaluating every area of your business with a cyber security health check - a process that involves more than basic internet security hygiene.

    A properly governed cyber security health check goes beyond keeping your antivirus software up to date and avoiding dodgy links. It covers all layers of your essential business operations to put you in a better, more secure position. You can read more about the cyber security essentials recommended by the Australian Government if you’re keen to know more.

    The principles of a cyber security health check assessment
    • Vulnerability: This is where you assess of the level of security and governance that you already have in place
    • Complexity: What size is your business and how many components are involved in its makeup?
    • Desirability: What is the value of your business’s information in terms of theft or ransom.

    Get started: Six ways to prepare for a cyber security health check

    1. Locate your data
      Lots of businesses don’t really understand what data they have, where it is and what kind of value it has.
    2. Find out who has access to your information
      During a cyber security audit, you might find staff who no longer work with you yet still have access to important systems.
    3. Tighten up your identity data management
      It’s vital to make sure files are only accessible to the people who you authorise to have access.
    4. Backup your data
      And make sure that it’s backed up securely. If all your data is sitting on a disconnected hard drive it can make a proper assessment difficult. And simply uploading everything to your preferred cloud platform isn’t often enough.
    5. Know your antivirus software and which devices it covers
      Many small businesses collect a mixture of devices and software as their needs change. Get a clear picture of what you use on every device to ensure consistency.
    6. Take note of machines and devices that only use your network occasionally
      If you’ve engaged an expert to help you conduct your first cyber security health check they need to be able to see everything. Every device, machine or hard drive where you hold information.

    Checklist: 9 steps to prepare for your cyber security health check

    The cyber security experts you engage for your health check don’t need every tiny detail before they can start, but the more complete picture you can draw the better they will be able to prioritise and solve your business’s biggest weaknesses.

    Start ticking off this checklist before your experts arrive to speed up the entire process and ensure a more effective end result.

    1. Make a list of all your assets 
      Locate all the information you have – from customer details, payment records and employee information to all business and personal financial and legal records. This also includes any intellectual property, like marketing creative and product design.
    2. Consider how you might currently recover from an attack 
      What would be your plan to recover from a cyber attack or data breach? If you lost information from computers, mobile phones, servers, online or in the cloud, think about how long it might take you to recover.
    3. Make a list of your technology 
      This list could include technology like firewalls, routers and servers, plus anything for physical security that’s connected to the network, like cameras, security systems, point-of-sale machines or third-party cloud services.
    4. How is your device security looking? 
      Create a simple spreadsheet that contains all details on your employees and any devices you all use. How do you manage security across them all? You might use secure PINs, fingerprints or passwords? Do you have antivirus and malware scanners enabled? Do you use whitelisting?
    5. List all of the security measures you are already taking 
      Do you perhaps regularly update all your apps, software and devices? Do you have a way of preventing personal devices from accessing your business network? Do you actively manage passwords; and have a way of approving any apps that run on your work devices?
    6. Map out every possible interaction someone might have with your website 
      Jot down the ways in which a website visitor has a chance to interact with your website, for example:
          - e-commerce payments and transactions
          - File uploads or downloads
          - Discussion boards and chat functions
      It’s important to know where and how you collect data.
    7. Record your backup process 
      Backups need to be regular and across multiple locations, for added security. Your backup process will make a huge difference to how well you respond to an attack.
    8. Compile your policies, guidelines and plans 
      Unearth any policies and guidelines you have about information access, software updates, data storage, how you identify security threats and more.
    9. Look at your schedule for security testing 
      Routine testing is an easy thing to forget but crucial for effective cyber attack protection.

    What’s next in preventing cyber attacks?

    Now you have a pretty good idea about what’s involved in a cyber security check you’re ready for a professional evaluation of your digital security. Telstra Business Cyber Security Services experts can take all the helpful information you’ve collected, give you an idea of your business’s current security position and offer personalised recommendations to further safeguard your valuable data.

    Ensure your business is cyber-secure

    Get security assessments, updates on the latest threats and 24/7 support with Telstra Business Cyber Security Services.

    Find out moreEnsure your business is cyber-secure

    Customer Experience
    Customer Experience
    How to find out if your website shows up in search results

    In this step-by-step guide, discover how to figure out if your website isn’t showing up in search engine results - and how to fix it so your business is seen where it matters m...

    Customer Experience
    Customer Experience
    Shipping and delivery fundamentals: How to choose a shipping cost method

    If you’re selling a product online, shipping and delivery (and the communications around these things) are a crucial part of a customer’s experience of your business. In this f...

    Trends
    Explainer: Decode the latest business tech terms from A-V

    This is your go-to resource for understanding tricky tech terms - feel free to bookmark this page for future reference.

    Productivity
    Productivity
    Working flexibly - the remote working technology you need

    Working flexibly is today’s norm. The Covid-19 pandemic has forced millions of people around the globe to work from home. And, without the combination of today’s remote working...