Business IT

On-Site & Remote / Business IT Services / Cyber Compliance / Websites Design / Hosting & Email Systems

/Our Services

Cyber Security Posture Check

1. What is your approximate annual business turnover?

2. Does your business handle sensitive personal information (e.g., TFNs, Driver's Licences, Medicare details, health records, credit cards)?

3. Does your business operate in a regulated industry like finance, healthcare, legal services, or education?

4. Do any employees/contractors access company systems or data remotely (e.g., work from home, mobile email)?

5. Do you use Multi-Factor Authentication (MFA / 2FA) for logging into critical systems (email, cloud, remote access, admin accounts)?

6. How quickly are critical security patches applied to operating systems and key software (browsers, Office)?

7. Does your business perform regular backups of critical data?

8. Does your business have documented cybersecurity policies (acceptable use, passwords, incident response) that staff are aware of?

9. Do employees receive regular cybersecurity awareness training (phishing, safe browsing)?

10. Does your business accept online payments or use digital Point-of-Sale systems?

Cyber Compliance is a Legal Requirement

Failing to meet your cyber security and compliance obligations can be extremely costly — not just financially, but legally and reputationally.

It’s a Legal Requirement

Under Australian law, all businesses have a legal duty to protect personal information under the Privacy Act 1988 (Cth). If your business collects, stores, or processes personal or sensitive data, you are legally obligated to secure it. Non-compliance can lead to substantial fines, legal action, and reputational damage.

Directors Are Personally Liable

Company directors have a fiduciary duty to manage cyber risk as part of their general duty of care and diligence under the Corporations Act 2001. Failure to adequately govern cyber security can result in directors being held personally accountable.

Mandatory Data Breach Notification

Under the Notifiable Data Breaches (NDB) scheme, businesses must report eligible data breaches to the Office of the Australian Information Commissioner (OAIC) and affected individuals. Failing to report can result in investigations and enforcement actions.

Sector-Specific Laws

If your business operates in sectors like healthcare, energy, finance, education, or transport, additional cyber compliance laws apply, including those under the Security of Critical Infrastructure Act 2018 and industry-specific regulatory frameworks.

Questions?

If you have any questions about this checklist or want to explore your results and their implications for your business, don’t hesitate to get in touch. We’re here to help clarify any doubts and provide insight!