Small Business Cyber Security Guide

Technology Insights

In February 2021, the Australian Cyber Security Centre (ACSC) released a Cyber Security Guide tailored for small businesses.

cyber security guideThe guide has been developed to assist small businesses to protect themselves from falling victim to common cyber security incidents. The guide is part of the Small & Medium Business Cyber Security suite of articles that focus on implementation guides and quick wins that can be easily employed to enhance the security of the organisation.

The guide is targeted at small businesses that may not necessarily have the time, resources, and/or funding to focus on cyber security. Instead, the guide has been designed to provide simple, effective, and easy to understand guidance to help protect organisations against the ever-changing cyber security risk landscape.

Below is a summary of the key points from the guide across the common areas that can greatly assist in prevention and recovery from a cyber security incident:

Automatic Updates

  • Turn on or confirm automatic updates, especially for operating systems
  • Regularly check for and install updates ASAP if automatic updates are unavailable (especially for software)
  • Install updates as soon as possible
  • Set a convenient time for automatic updates to avoid disruptions to business as usual
  • If you use Anti-Virus software, ensure automatic updates are turned on

Automatic Backups

  • Choose a backup system that is right for your organisation
  • Test that you are able to restore your backup regularly
  • Store a physical copy of the backup somewhere safe offsite

Multi-Factor Authentication

  • Implement MFA wherever possible

Access Control

  • Establish an Access Control System to determine who should have access to what
  • Restrict administrator privileges
  • Use strong passphrases (longer, complex, unique, easy to remember)
  • Do not share passphrases
  • Remember to revoke accounts

Employee Training

  • cyber security guideIncorporate, update, and regularly repeat cybersecurity awareness training
  • Create a Cyber Security Incident Response Plan
  • Reward employees who identify threats
  • Create a Cyber Security culture


Do you need assistance with understanding the cyber security risks to your small business and how you can better protect your organisation? RSM can assist.
Contact Darren Booth on [email protected]


Darren Booth
National Head of Cyber Security and Privacy Risk Services

Subscribe to Risk Insider to stay up to date with the latest in Technology, Fraud and Security.