Proudly supported by

Australian Government logo


Resources Hub / Small business cyber basics / Four small business cyber security bad habits and how to break them

Four small business cyber security bad habits and how to break them



We all have bad habits that we know we should really ditch, whether it’s scrolling through our phone late at night, drinking too much coffee or indulging in one too many sweet treats.

But did you know that your bad online habits might be putting your business at greater risk of a cyber attack?

When it comes to keeping your business safe online, it’s essential to break these bad habits, and fast:

1. Hitting snooze on the update button

Cyber criminals love it when you unknowingly leave your digital doors wide open. One of the reasons software programs get updated so regularly is because programmers are trying to stay one step ahead of cyber criminals and close any doors that might have been unlocked in your systems by hackers. Automatic updates are there to block newly discovered security holes (aka ‘open doors’) in your systems.

Don’t despair, you can close your doors quickly by:

  • making sure your antivirus software is up to date on all your and your employees devices
  • turning on automatic updates for your operating systems and programs on all your devices and those of your employees


If you or your employees are ignoring update prompts, now is the time to stop this bad habit and start accepting all system updates.

2. Skipping out on multi-factor authentication (MFA)

If you run your business from a physical shop front then you’d be very used to locking your doors with keys AND turning on the alarm system at the end of the work day. But did you know that you can do this digitally too?

Think of your passwords as the ‘keys’ to your business. Strong and unique passwords are a great way to avoid being targeted by cyber criminals, but they are not fail safe.

You can turn on the ‘alarm system’ by setting up multi-factor authentication (MFA) on your accounts. When you have a strong password as well as MFA, hackers and scammers need to work out your password AND access your devices in order to get through security, and this becomes nearly impossible. In addition, if someone shady is trying to access your systems using your password/s, you will receive notice of it because the MFA system will contact you to confirm that you are trying to log in. You’ll not only prevent them from accessing your systems but they’ll trip the alarm and let you know that your passwords have been compromised.

The Australian Cyber Security Centre has developed simple guides to show you how to set up MFA on a range of systems.

3. Getting lax with back ups

Back up your data at least once a week – daily is even better. Store it offsite and on separate devices and test the backups often. Find out how here.

4. Leaving cyber security for your IT expert.

You’ve trained your employees on the ins and outs of your business but have you trained them about cyber safety? Set up quarterly cyber safety sessions to remind them about practices in place to make payments, the latest threats going around and policies. Reviewing these tips on a regular basis will ensure good practice becomes a habit.

PRO TIP: Don’t forget your casual employees are part of your cyber safety landscape and need secure logins too. It might be tempting to share a casual password or skip steps for someone only logging in occasionally. Don’t.

Together we can turn those bad habits around, lock Australia’s digital front doors and kick cyber criminals out the door.

Just like we protect ourselves by locking up our businesses and homes at night, the Cyber Wardens program will give small business the skills to shut our digital doors to lurking cyber threats. Cyber Wardens will be the online version of first aid officers or fire safety wardens, who can prevent, prepare, fight and help recover from a cyber attack or the theft of customer data or intellectual property.

With Cyber Wardens, you can keep your digital floors clean and free of cyber criminals fishing.


Learn easy and simple cyber security tips for your small business


More helpful resources for you and your business

It happened to me!

Have you got a Cyber attack story to share? Your story can help other small businesses protect themselves.

It happened to me!

Have you got a Cyber attack story to share? Your story can help other small businesses protect themselves.