IT security a must for small businesses

Q. I have been running my business for a few years and to this point I have had no problems but I am beginning to wonder what sort of IT security measures I should take to protect the business? I am not a computer whizz.

A. It might feel like you have to be a whizz to get on top of these things but the majority of what you need to know are common sense cyber habits all of us should be practising every day.

IT security is a large hairy beast of a topic and ranges from micro transaction card phishing to massive international scams involving governments and the military. The realm of concern for the average small business is at the smaller end of the scale.

Basic cyber security dictates protective measures that include passwords, data backups, virus vigilance, email protection, safe downloads and such things that you typically can advertise or employ yourself.

The National Cyber Security Centre ( has a suite of resources around proper cyber security such as NetSafe Security Central ( which has specific advice for certain groups of internet and computer users including small businesses.

You should also be looking to establish habits and systems to maintain a level of vigilance that is supported across your business by employees, contractors, suppliers and customers. You cannot control all these parties but you can have a benchmark for best practice.

Establishing a cyber-use policy in your business is a good way to document the standard you want to set so it is a recorded bottom line. Controlling employees' online behaviour and use of your company technology resources is a big weakness, so having a policy setting expectations gives you a place to start a conversation and a place to come back to if someone starts pushing the boundaries.

One thing to emphasise is safety around the use of mobile devices, which are fast becoming the way of connecting, certainly for businesses with mobile teams. If you pay for your team's phone use, their devices fall under your cyber responsibility umbrella. Now that people are online pretty much everywhere all the time, the risks are perpetual even when people are at home using a work device or accessing work systems remotely. It is near-on impossible to separate personal use from business use but you can set principles around how this should be managed and the risks it generates mitigated.

If you have a more involved IT setup then you may benefit from more specific products and processes to address your key risks. Get advice if your needs are more complex. It is important to get the right fix for your type and size of business.

Nick Churchouse is venture manager at Creative HQ,

If you have a question for our experts please email

Fairfax Media