Explore cyber security basics for business. What every leader needs to know with practical tips to help reduce risk and protect your business during EOFY and beyond.
Cyber threats don’t just target big businesses. Smaller businesses can often be more of a target if they’re perceived to have fewer protections in place or be an entry point to the supply chain of bigger businesses.
Over the EOFY period, cyber criminals know that businesses are under pressure and may be making decisions quickly. It’s a time when it’s particularly important to be tuned in to potential risks.
The good news is you don’t need to be an expert to take steps to help protect your business. Our top tips to help you include:
Explore these cyber security fundamentals so you can take simple steps to help reinforce your cyber security at this critical time of year.
EOFY can create ideal conditions for cyber criminals. Workloads increase, admin processes become more complex and unfamiliar requests can slip through when teams are focused on deadlines.
During EOFY, businesses can be more likely to encounter phishing messages. Criminals could be sending messages impersonating official organisations or sending you urgent payment change requests designed to bypass usual checks. Verifying instead of trusting by default is especially important.
You can use our EOFY checklist to help you manage your EOFY planning in a way that considers cyber security.
At its core, your cyber security strategy should be about protecting your business from criminals and from loss of data or assets. A cyber security incident could have far reaching impacts for your business including:
To help you manage cyber security risks more effectively, start by thinking about the areas below. This will help you get clearer on what you need to protect and where you might need to improve.
Businesses can accumulate data of many kinds. Review what data your business relies on to operate or data you may have collected over time. Sensitive data to watch out for can include financial information, data about your employee and customer data.
All data has value. It could be your staff, your customers, or someone who wants to steal it.
Work out what’s important by thinking about business continuity, regulatory compliance and reputational risks of that data being compromised.
People inside and outside your company could have access to your information. Your employees may have “super user” admin rights to certain programs that they don’t need.
Giving people permission to access data beyond what they need to perform their role could create risks to your business.
Is your data on-site, such as on your business computers? Or is it in the cloud with a service provider? Does your service provider share your data with other third parties?
Learn why cloud security is important for businesses. Knowing where your data is stored helps you consider protection from cyber threats.
Also consider what data you’re making available via social media. You might need a strategy to help keep your business safe on social media.
Keeping your data safe is a collective effort. What security processes do you already have in place? Do your staff and suppliers understand these processes? Who can you contact if you need to and can you contact them 24/7?
What cyber security strategies and solutions do you have in place? How recently have you reviewed them? If you’re relying on third parties for protection, do you know how they’re doing it?
You might consider conducting a broader review of your business technology at the same time. This can help highlight potential gaps. Managed IT services that include business cyber security could help if you need support to audit things more holistically and for ongoing support.
Building a cyber-secure mindset doesn’t have to be difficult. You can start by considering what you’re doing in the areas below. Even if you have some security measures in place, it can be good practice to review them regularly.
Reusing the same password for multiple accounts may be convenient, but it can also be extremely risky. If hackers get one password, they could access your other accounts, like email, social media, or online banking.
Cyber criminals can share or sell stolen passwords. To help you stay safe:
Discover more tips to get password management right
You can also explore adding passkeys to help boost security where they are available. Passkeys let you log in to your online accounts without having to enter a password. They support multi-factor authentication and can help keep your accounts better protected from cyber criminals.
Read more about the benefits of passkeys.
Multi-factor authentication (MFA) can help make your accounts more secure by adding an extra layer of protection. Even if a hacker gets your password, they still need more information to log in.
MFA works by requiring a time-sensitive code, usually sent to your phone, or using something more advanced like your fingerprint, facial recognition, or a passkey, to authenticate your identity. These can be harder for hackers to fake.
Remember, never share your MFA codes with anyone.
Find out more about two-factor and multi-factor authentication
Form a habit to make sure you back up your important data. Try testing your backups regularly to help ensure they can be restored without issues. It can help to use the 3-2-1 backup strategy:
You can also use professional backup services to help make this process even simpler.
Discover why cloud security is important or your business
Having your IT systems updated can help keep your business secure. So set up automatic updates where appropriate.
Updates can help fix known security flaws in any of your devices that are connected to the internet. These could be devices, apps, websites, or even your CCTV cameras. The more up-to-date your software is, the lower your risk of cyber attacks may be.
Learn more about how automatic updates can help keep your business secure
When you think about cyber attacks, you might imagine hackers breaking into our computer systems, but many cyber criminals aren’t technology experts. They are scammers who might try and trick you or your employees into making mistakes.
Small businesses can be more vulnerable to cyber-attacks that target people, not IT systems. A good first line of defence is making sure your employees are aware of potential scams and other digital threats.
Investing in cyber security awareness training can help save you a lot of money and hassle in the future.
Explore how Cyber Wardens training can help protect your business.
If you already have the basics in place and want to do more, exploring the ASD Essential Eight can be a good place to start. You might also want to learn more about AI and cyber security and supply chain protection.
The Australian Signals Directorate’s (ASD) Essential Eight is a set of risk mitigation strategies aligned to a cyber security maturity model that will help you assess your business operations.
Read our article about the ASD Essential Eight if you’d like to learn more to help you to assess how mature your business cyber security strategy is against clear benchmarks.
Telstra’s Cyber Security team helps to keep an eye on suspicious emails, phone calls, and texts to help keep you safe online.
You can check for information on active scams online. However, keep in mind that while this list is updated regularly, it doesn't cover every possible scam.
If you see something suspicious, you can look for a “Report Phishing” button in your app or online. Here are some other steps you can take.
We can also help you explore cyber security options that are aligned the Essential Eight if you request a callback from a business expert at your local Telstra Business Centre.
Cyber criminals are constantly looking for opportunities. So, it’s important to be aware of threats. With many businesses working and communicating online, there are more opportunities for scams and attacks.
A cyber security breach can have serious consequences if data and information is stolen or compromised. These could be financial, legal or just a nuisance, taking up time that could be spent elsewhere.
Start with a simple review of where you’re at and how you’re taking precautions today. Just like how we lock our front doors when we leave the house, it’s important to lock down your digital assets too.
Originally published March 2023, updated June 2026.
Small businesses can be perceived as easier targets than bigger businesses.
This is based on perceptions that they’re likely to have fewer protections, broader access permissions, or be entry points into larger supply chains.
Taking steps to boost your cyber security can help reduce this risk.
EOFY can typically be a busy period where teams are under pressure and managing unfamiliar or urgent requests.
Cyber criminals take advantage of this urgency with phishing and payment-related scams. Learn more about phishing and how to help minimise risks to your business.
This article covers simple steps you can take to start strengthening how you protect your business.
Specialist support can help if you want a deeper review, ongoing monitoring or alignment with recognised cyber security frameworks such as the ASD Essential Eight.
Learn more about the ASD Essential Eight
Request a callback from your local Telstra Business Technology Centre and we'll be in touch to discuss your needs.
Enhance your digital security on up to 15 devices and help make doing business online safer.
