Keep your business IT secure

 In Security

I read a really good analogy recently about IT security:

“IT security is like a balloon. If there’s even one hole, it’s not a balloon anymore.” (credit)

Think about that for a minute, and you’ll agree it’s pretty apt.

The worst case scenario is a full-on explosion – everything you’ve worked for up in smoke, your business dead in its tracks.

The best case? A slow leak – of data, funds or trust – that deflates you slowly. You may not even be aware of it and, by the time you seal the leak, you may have lost more collateral than you can afford.

Technology is deeply embedded in every facet of business; from appointments and invoicing to marketing and relationship management. Any disruption could potentially ruin you.

That’s why you need systems and processes for limiting your cyber risk and a plan for what to do in an emergency.


Create a detailed inventory list of data and physical assets and update it continuously.

Know where data and technology are stored and who has access to both.


Keep security software current and turn on automatic software updates. Having the latest security software, web browser and operating system is the best defence against viruses, malware and other online threats.

Use strong authentication to protect access to accounts and ensure only those with permission can access them. This also includes enforcing strong passwords and two factor authentication.

Back up your data. For critical systems, you need to make sure you’re backing up your complete operating system as well as your files. Backups should be automated, regular, frequent, secure, off-site, verified and monitored.

Limit access to data or systems only to those who require it to perform the core duties of their jobs.

Keep clean machines. Your company should have clear rules for what employees can install and keep on their work computers. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email.


Be suspicious of all emails. Always verify the sender and any links or attachments before clicking anything in an email.

Use cybersecurity products or services that help monitor your networks.

Consider physical security as well. Are employees or customers acting suspiciously? Are people in locations they shouldn’t be? Do you notice someone not following established policy?

Stay watchful and speak up. Encourage employees to keep an eye out and say something if they notice anything strange on their computer.


Immediately disconnect the affected computer(s) from the network and contact your IT services personnel (whether that’s internal to your organisation or an external company).

Have a plan. Will you use spare technology and data backups? Will you switch to paper? You need to understand how you would access some key information if your systems were down.

Familiarise yourself with any steps you may need to take under the Notifiable Data Breaches scheme.


The best defence is, as they say, a good offense. But when you’re not working for a big corporate or multinational company it can seem easier to just concentrate on daily operations and client services and leave the documentation and planning to … never.

If you’ve read this far, let me drop some stats on you:

That’s why it makes sense to engage with IT professionals who are across all the latest threats and protections.

If you’d like an IT security check, or advice on best practice policies and procedures for IT security, give Proactive IT Solutions a call.

Recommended Posts
Logo on the wall of the Australian Cyber Security CentreSticker on a lamp post reads "BIG DATA IS WATCHING YOU"