Tips for Brisbane small businesses to boost cyber security

Brisbane business owners often tell Cameron Bell that cyber security is a top priority. Cameron is Cyber Warden’s Program Engagement Lead. Yet, the reality is that many still places boosting online security at the bottom of their to-do list.  

According to auDA’s 2025 Digital Lives of Australians survey, only 20% of small businesses have a cyber security policy. Few offer staff training, showing there’s plenty of room to improve cyber security.

“Business owners can make small and cost-effective tweaks to greatly improve their security,” Cameron said. 

Delaying cyber security measures can be costly. Scammers are becoming more sophisticated, especially with AI tools. Many small businesses operate on limited budgets. Cameron says owners can still take steps to improve protection.

“Human error is how most breaches in small business happen. Someone has clicked on a link they thought was legitimate or paid money into what they thought was a supplier’s account.

“Free courses, like what Cyber Warden’s offer, is one way to bolster your people and increase their awareness of risks and what to be on the lookout for.”

The average cyber-attack on a small business costs $49,600, a figure that could see some operations forced to close.

Cameron said people often see news about cyber-attacks on large organisations. In reality, small businesses are equally attractive targets.

There are simple things Brisbane business owners can do to start improving their cyber security.

Be aware of who you're working with

One of the most common cyber-attacks on small business is an email breach. This could be a supplier sending an invoice that looks genuine and relates to a current project. It might include a request to change bank details to a new account.

“This is where knowing your suppliers is key. If you get an email from a supplier you work with regularly saying to deposit payment into a different account, it can’t hurt to give your contact a call and confirm before paying anything.

“They may have legitimately changed their bank accounts, but it could also be an email breach where you will be paying the scammer and left still needing to pay your original bills.”

“A lot of smaller businesses play a role in larger supply chains, so regardless of your size, you can be a target for scammers or operations looking to interrupt business."

Manage passwords and add multifactor authentication on all accounts

Ensure passwords are updated regularly with strong, unique passwords. A strong password uses a mix of characters including numbers, has at least 12 characters and avoids using personal information. If the software or app offers multi-factor authentication, enable it. This adds an extra layer of security to your operations.

“These are all things that don’t cost a business anything but can make a big difference to help you not fall victim to a cyber security breach. They are real things that can be implemented through your own best practice in every day."

“A lot of what we talk to small business owners about is culture, habits, attitude and second-guessing,” he said. 

Take a minute to check the facts

“When we’re in a rush, trying to get many things done at once, is when we’re most likely to click on something that could cost your business a lot of money.

"Whether it is an email from your boss on annual leave that seems out of character or an invoice from a supplier making a change to payment processes, there’s always time to check the facts.

“If something seems unusual or out of the norm, question it. Taking a few moments to check, maybe calling a supplier to confirm they’re changing payment processes or messaging your manager, can be the difference between realising what is happening and losing a lot of money.”

Cameron likens having a cyber security process in place to having a health and safety officer or a fire warden.

“It is about arming yourself with the knowledge before it happens. A lot of small businesses think it won’t happen to them or, because they don’t understand the jargon, put their head in the sand and ignore it.

“Being safe online isn’t the role of IT but of the people using the technology. A breach for a small business can cost a lot of money, so having the knowledge can save you a lot when it happens.”

Check out Cyber Wardens' free online courses for small business owners and employees.