Common questions Australian SMB owners ask us about cyber security. Threats, defences, certifications, the Privacy Act, what to do when something goes wrong. Practical, Australian-relevant answers — sourced from ASD/ACSC, Sophos research, and 20+ years of MSP experience across South Australia. New FAQs added monthly.
Threats & Reality: “How likely is my small business to be hacked?” (every 6 minutes a cybercrime is reported in Australia; 47% of SMBs under $10M turnover have been hit by ransomware), “How do I spot a phishing email?” (the red flags haven’t changed much, but AI is making the writing better — train your team on the patterns, not the typos), “Is Microsoft 365 secure by default?” (no — defaults are middle-ground, business needs to harden the tenant).
Defences & Foundations: “What’s the cheapest way to actually improve my cyber security?” (MFA on every account, by a long way — costs almost nothing and blocks ~99% of credential-based attacks), “Essential Eight or SMB1001 — which should I follow?” (SMB1001 if you’re under 50 staff — designed for your size), “Do I really need MFA on everything?” (yes — and 2026 SMB1001 verification updates make passwordless even better), “Passwords vs passphrases — which is stronger?” (passphrases, by orders of magnitude — and use a password manager).
Backup & Incident Response: “What’s the right backup strategy for ransomware?” (the 3-2-1 rule with at least one offline copy — even with cloud sync, if the cloud account gets compromised, sync isn’t backup), “We’ve been breached. What do I do RIGHT NOW?” (call us on 08 8379 4802 in business hours; preserve evidence, contain spread, contact the OAIC if Notifiable Data Breach criteria are met). The first call is free; serious incidents we route to forensic IR specialists.
The full set of 9 Cyber Security FAQ pages is being progressively published. We won’t cite a stat without a source. The technology baseline matters — but staff training is where most breaches actually start. If you want a structured path, the SMB1001 Cyber Essentials Course takes a business from current state to Bronze certification in 60-90 days. Or just call us — the first 30 minutes is free.
