Protect your small business from cyber criminals

3 Feb 2025

2 min read time

At a glance

Cyber training and governance

“It’s difficult for [people] to distinguish between the reality and some of those big attacks. They are entertaining and sophisticated, but what we see on the smaller spectrum is just simple social engineering.

"Phishing and ransomware are still prevalent, which can be easily circumvented with education, training and governance solutions.”

Network checks and small steps

“[Companies are] failing to undertake environmental scans of what they’ve got. Not necessarily of the larger environment, but of their own network.

Thinking that the vulnerabilities might exist strictly in computers, laptops and workstations – when we see that printers are still a risk, modems are a risk and bring-your-own devices are a significant risk.

“We try and get them to understand that and take some small steps. Cyber security isn’t a journey that’s going to be finished overnight, so we encourage them to use some of the free resources that are out there, and familiarising themselves with the Essential Eight is a really good place to start.”

Don't miss an episode, subscribe to the With Interest podcast.

Passwords and usernames

“Just some simple hygiene to make sure that we’re updating the username and passwords to something unique, long and complex is what we say a password should be.

We don’t want to be stopping people from deploying technology and driving business efficiencies – we just want them to take a couple of minutes longer and add some security safeguards.”

Speak up to stay cyber safe

“Social engineering is still the way attacks are most commonly commenced, unless you’re a specific target. A person of high wealth or high interest might suffer an attack without them knowing it.

“But when we think about smaller businesses and everyday people, they’re often receiving something that they’re engaging with that causes them to have that ‘oh no’ moment.

You click on an email you wish you hadn’t, then some people put their head in the sand and pretend it didn’t happen because of the stigma that goes with the responsibility of saying, ‘I caused a cyber security incident’. We all make mistakes.”