IT security a must for small businesses

Last updated 05:00 27/01/2014

Relevant offers

Small Business

Area360 launches Ticketure, in a bid to disrupt the major ticketing companies 'Not worth' pursuing Station Village bars for trading while insolvent Geo AR Games Kickstarting to get kids off the couch - using healthy gaming Kiwis create Run An Empire app to make exercise a game Melon Health resource creates community for people living with bladder cancer Business Matters: New store, market and chief executive Banker opened his own cafe and fell into the same traps as other small businesses Ask the expert: when your staff ditch the SME life for a bigger pond Ex-Xero Australia MD on challenges of growing a Kiwi firm in Australia Wellington Gold Awards finalists getting on with business

Q. I have been running my business for a few years and to this point I have had no problems but I am beginning to wonder what sort of IT security measures I should take to protect the business? I am not a computer whizz.

A. It might feel like you have to be a whizz to get on top of these things but the majority of what you need to know are common sense cyber habits all of us should be practising every day.

IT security is a large hairy beast of a topic and ranges from micro transaction card phishing to massive international scams involving governments and the military. The realm of concern for the average small business is at the smaller end of the scale.

Basic cyber security dictates protective measures that include passwords, data backups, virus vigilance, email protection, safe downloads and such things that you typically can advertise or employ yourself.

The National Cyber Security Centre ( has a suite of resources around proper cyber security such as NetSafe Security Central ( which has specific advice for certain groups of internet and computer users including small businesses.

You should also be looking to establish habits and systems to maintain a level of vigilance that is supported across your business by employees, contractors, suppliers and customers. You cannot control all these parties but you can have a benchmark for best practice.

Establishing a cyber-use policy in your business is a good way to document the standard you want to set so it is a recorded bottom line. Controlling employees' online behaviour and use of your company technology resources is a big weakness, so having a policy setting expectations gives you a place to start a conversation and a place to come back to if someone starts pushing the boundaries.

One thing to emphasise is safety around the use of mobile devices, which are fast becoming the way of connecting, certainly for businesses with mobile teams. If you pay for your team's phone use, their devices fall under your cyber responsibility umbrella. Now that people are online pretty much everywhere all the time, the risks are perpetual even when people are at home using a work device or accessing work systems remotely. It is near-on impossible to separate personal use from business use but you can set principles around how this should be managed and the risks it generates mitigated.

If you have a more involved IT setup then you may benefit from more specific products and processes to address your key risks. Get advice if your needs are more complex. It is important to get the right fix for your type and size of business.

Ad Feedback

Nick Churchouse is venture manager at Creative HQ,

If you have a question for our experts please email

- Fairfax Media

Special offers
Opinion poll

Do you feel better off than at this time last year?



In some areas yes, others no

Vote Result

Featured Promotions

Sponsored Content