Small business cyber security does not need to start with a complex framework. The first step is to reduce the most obvious risks around accounts, email, websites, backups and old devices.
The checklist
- Turn on MFA for email, banking, accounting, cloud storage, website admin and domain registrar accounts.
- Remove old staff, contractor and supplier accounts.
- Check that backups exist, are current and can be restored.
- Keep operating systems, browsers, WordPress, plugins and business software patched.
- Review SPF, DKIM and DMARC for your domain.
- Check that the domain registrar account is controlled by the business and protected with MFA.
- Avoid shared administrator accounts where possible.
- Record who has access to website hosting, DNS, email admin and business systems.
- Securely wipe or destroy retired laptops, drives and storage devices.
- Keep a short written record of important settings and recovery steps.
Essential Eight-style thinking
The Australian Cyber Security Centre's Essential Eight is aimed at improving practical resilience. Small businesses do not need to turn that into bureaucracy, but the same thinking is useful: patch systems, control admin rights, protect accounts, back up data and reduce common attack paths.
Get a practical review
Solway Web Consulting provides a small business cyber security review in Sydney covering website, email, DNS, backups, admin access and priority fixes.
Book a Sydney business security review
Tags: security, small-business, sydney