Business IT

On-Site & Remote / Business IT Services / Cyber Compliance / Websites Design / Hosting & Email Systems

/Our Services

Cyber Compliance Checklist

Cybercert
SMB1001 - Gold Level 3

Why is compliance essential?

Instructions

Read each question carefully and check the box next to it only if you are 100% certain that your business is currently meeting this requirement.

People

i
Training must cover general awareness (phishing, passwords, device use), include practical phishing simulations, and clearly define how to report security incidents.
i
Ensures staff acknowledge their responsibility to protect sensitive information.
i
Example: verbal confirmation via a known phone number plus two-person approval for bank detail changes.
i
Covers appropriate use of email, internet, company devices, and software.
i
Ensures timely removal of access to systems and data.

Process

i
Covers hardware, software licenses, cloud services, and where sensitive data resides.
i
Policy covers roles, data handling, incident response, etc., and is kept current.
i
The plan should cover detection, containment, eradication, recovery, and lessons learned. Testing validates effectiveness.
i
Covers data collection, consent, storage, access rights, and breach notification according to law.
i
Cross-cut shredder or secure disposal service required.
i
Use certified data wiping tools or physical destruction to prevent data recovery.

Technology

i
Ensures accountability for updates, support, patching, backups, and security monitoring.
i
MFA should protect all remote access, cloud services, and systems holding sensitive data.
i
Next-Gen Antivirus or Endpoint Detection & Response provides better threat detection.
i
e.g., Critical vulnerabilities patched within 48-72 hours, High within 2 weeks. Includes WordPress, plugins, themes.
i
Backups must be protected from ransomware (e.g., 3-2-1 rule, offline/air-gapped, immutable storage). Test restores validate recoverability.
i
Firewall at the perimeter, and internal segmentation to limit lateral movement of threats.
i
Disabling unnecessary services/ports, removing default credentials, applying security templates.
i
SIEM or centralized logging solution for timely detection of incidents.
i
These help prevent email spoofing, improve deliverability, and filter malicious emails.

Cyber Compliance is a Legal Requirement

Failing to meet your cyber security and compliance obligations can be extremely costly — not just financially, but legally and reputationally.

It’s a Legal Requirement

Under Australian law, all businesses have a legal duty to protect personal information under the Privacy Act 1988 (Cth). If your business collects, stores, or processes personal or sensitive data, you are legally obligated to secure it. Non-compliance can lead to substantial fines, legal action, and reputational damage.

Directors Are Personally Liable

Company directors have a fiduciary duty to manage cyber risk as part of their general duty of care and diligence under the Corporations Act 2001. Failure to adequately govern cyber security can result in directors being held personally accountable.

Mandatory Data Breach Notification

Under the Notifiable Data Breaches (NDB) scheme, businesses must report eligible data breaches to the Office of the Australian Information Commissioner (OAIC) and affected individuals. Failing to report can result in investigations and enforcement actions.

Sector-Specific Laws

If your business operates in sectors like healthcare, energy, finance, education, or transport, additional cyber compliance laws apply, including those under the Security of Critical Infrastructure Act 2018 and industry-specific regulatory frameworks.

Questions?

If you have any questions about this checklist or want to explore your results and their implications for your business, don’t hesitate to get in touch. We’re here to help clarify any doubts and provide insight!

Call Us

07 5448 3096

Email Us

[email protected]