The 3-step process for decreasing SME digital risk

Nathan |

As the drumbeat of digitisation sounds ever louder, the digital solutions available to SMEs carry great potential, but also great risk. From confidential data stolen in a systems hack, a website disabled, or an email phishing attack releasing critical business data, SME’s face a whole host of vulnerabilities.



Download Infographic [PDF] >>

The state of SME cyber security

25 + hours
The amount of downtime 1 in 4 businesses hit by cyber attacks suffer.[1]

56% of SME’s
Have little or no knowledge of cyber security issues[2]

55% of SMEs
Unknowingly expose themselves to cybercrime risks through email and social media[3]

The number of people hackers need to dupe in order to gain access to your business’ data

of small businesses breached by a wave of ransomware attacks in 2017, could not continue operating.

1 in 20
Businesses know they have experienced a cyber-attack in the last 12-months[4]

$1 billion a year[5]
The cost of cybercrime to the Australian economy.

Here’s how to craft a comprehensive digital risk strategy to shore up digital risk in your SME.

1.    Create a layered defence approach to security

Regularly scrutinise systems to eliminate potential digital risks and bolster security posture.
A security audit involves an expert assessment of your infrastructure to identify the strength of existing security arrangements

  • Engage specialists to conduct a thorough security audit
  • Pinpoint existing vulnerabilities across your digital ecosystem
    • All digital systems and back-end technologies
    • Software and hardware components
    • Check for missing security updates or patches
    • Remove software that has vulnerabilities or end-of-life status
  • Invest in a firewall and robust endpoint security solution


2.    Put processes and policies to work

Create and execute sound data retention, handling and training policies.

  • Remember that Cybersecurity is never set-it-and-forget-it
  • Create policies in line with ASDs The Essential Eight
  • Tailor business processes to maintain operational security
  • Make cyber security a day-to-day priority for each and every employee
  • Undertake training and periodic audits to determine the staff members who require additional training


3.    Be proactive

Mitigate against worst-case scenarios by closely monitoring and maintaining your security layers.

  • Maintain operational backups of all critical business data
  • Know the status of backups and ensure data can be restored
  • Create a response plan to deal with any potential breach
    • Notifying affected customers
    • Identify parties responsible for recovery
    • Know the steps to allow business continuity


Follow these three steps and you will put your SME on the road to addressing the major areas of digital risk faced by SMEs across Australia.

Ready to protect your business? In the digital first world of business, cybersecurity is one of the smartest investments you can make – regardless of your size. Reach out to The IT Department team to start the security conversation.

About The IT Department

We offer independent advice, consulting and IT support for small to medium businesses wanting reliable and right-fit technology solutions with a specialisation in supporting disability, community and aged care providers.



[1] Cyber Security: The Small Business Best Practice Guide.2017,

[2] ANZ – The Digital Economy: Transforming Australian Businesses, 2018,

[3] NSW Small Business Commissioner report, Cyber Aware, 2017

[4] ANZ – The Digital Economy: Transforming Australian Businesses, 2018,

[5] NSW Small Business Commissioner report, Cyber Aware, 2017