Cyber-security is a growing issue for business owners, with one in five small and medium sized businesses in Australia having experienced a cyber-attack at some point.

A cyber-attack can result in financial losses, business disruption, loss of important data, and reputational fallout.

With cyber-attacks having the ability to impact the whole business, everyone must actively work towards prevention – not just those responsible for day-to-day IT. We have compiled a list of tips you can easily implement to prevent and recover from cyber-attacks.

Create A Cyber-Threat Profile For Your Business

Before you start implementing cyber-security measures, it would be wise to conduct a risk profile to identify the reasons why someone might launch a cyber-attack on your business. For example, this may include:

  • You are a small business with minimal cyber-security capabilities, which makes you an easy target,
  • You are running an online store, and hackers may want to gain your customer data or their payment details,
  • Your business is reliant on online capabilities, and they could compromise your systems to hold them ransom.

In identifying these potential threats, your cyber strategy can take extra care in defending against particular cyber-risks.


Back Up Your Data

Your business should be regularly backing up critical data so that you have an additional copy even if the original is lost in a cyber-attack.

This tip is not so much about prevention but reducing the consequences of a cyber-attack. This may include backing the data up to a separate cloud server, or an external hard drive kept off site.


Protect Your Systems

One of the easiest ways to defend your systems against cyber-attacks is to update your operating systems or software when you receive the prompt to do so. Operating systems and software updates not only include new features, they also are patching the software to protect against the latest security vulnerabilities.

Whilst updating systems can be inconvenient, schedule your devices to update overnight to minimise disruption to your business. In addition, you should also run malware protection software on all devices in your business as an added layer of defence.

Use Two-Factor Authentication Where Possible

Implementing two-factor authentication is one of the most simple and effective lines of defence in your business. Two-factor authentication is when a website runs an additional check on your identity when logging in, such as verifying a code sent to your phone number after you have inputted your password.

If someone steals your password, either by guessing or through a data leak, two factor authentication can keep your business safe. In addition, your business should also be setting long, complex passwords that are unique for every website – to reduce the threat to your business if one password is compromised.


Create A Cyber-Aware Culture In Your Business

All the cyber-security measures in the world won’t save your business if your staff inadvertently give a hacker access to your business. In fact, a study in the US identified that 90% of all cyber-attacks occurred from employees being duped into giving away their access credentials to cyber criminals.

To prevent this, create a range of IT policies to ensure your staff are following best-practice procedures whenever they are using business IT equipment. You should also train your staff on how to be safe online in areas such as:

  • Creating complex and unique passwords for their online accounts,
  • How to identify and avoid cyber threats,
  • How to identify and avoid phishing emails and scams, and,
  • What to do if they encounter a cyber-threat.


The idea of implementing a robust cyber-security strategy can be daunting to small business owners who are not well-versed in this area.

We are running a “Cybersecurity for SME’s: How to Safeguard Your Business” workshop as part of our Digital Boost Program, which you can learn more about here.

All News