• Improve your small business's resilience to cyber threats

  • The IDCARE Small Business Cyber Resilience Service can assist you to build resilience and protect your digital assets. Please complete the following survey to identify your current operations and areas of concern or improvement.

    At the end of the survey you will be provided with a score of how resilient your current practices are and the opportunity to book a session with a Cyber Advisor who can guide you to uplift your cyber resilience*.

    This advice is tailored to your needs and concerns.



    *The advisory service is only available to Australian small businesses with less than 20 FTE.

  • Part 1: Getting to know your business

  • Primary country of operations*

  • We're sorry, but this service is not available for businesses that are not primarily located in Australia, New Zealand, Papua New Guinea or Fiji.


    If you do have a valid ABN, but conduct business globally or overseas, please select Australia. Or, if you have a presence in any of the other above countries, please select the most appropriate from the list.

  • What has prompted you to fill out the Health Check today?*

  • Select all that apply.

  • A live cyber incident refers to a breach or compromise that is immediately and actively affecting the organisation's systems, data, or operations. 

    If you are experiencing a live cyber incident right now call the Australian Cyber Security Centre's 24/7 Hotline on 1300 CYBER1 (1300 292 371)

     

  • Part 2: General Operations

  • How many full time equivalent (FTE) employees does your business have?*
  • Have you logged into your router, changed default passwords and checked that you have no unknown devices on your network?*
  • Does your business allow staff to work from home?*
  • Does your business have a work from home policy?*
  • Does your business have a website?*
  • My business infrastructure is best described as*
  • Which website building platform or content management system (CMS) do your business currently use for your website?
  • Does your business have a BYOD policy?*
  • Does your business get news about the latest scams and threats to inform staff regularly?*
  • Does the managing director have change detection in place for any changes to their ASIC profile?*
  • Have you audited the security of your myGov account lately?*
  • Have you ever obtained a copy of your individual credit reports?*
  • Have you ever obtained a copy of your business credit reports?*

  • Part 3: Accounts & Security

  • Does your business use social media?*
  • Business social media accounts*
  • Has your business enabled MFA for social media? How about the account admins?*
  • Does your business have an image consent policy in place for the sharing of images to social media?*
  • Has your business enabled MFA for cloud storage and other software your business has access to?*
  • Does your business use multi-factor authentication for email accounts?*
  • Does your business store passwords for various accounts in web browsers?*

  • Examples of web browsers: Google Chrome, Microsoft Edge, Safari, Firefox.

  • Does your business have a policy or understanding in place whereby staff cannot use work emails for personal use (including for things like setting up a personal social media account)?*
  • Has your business ever checked for any forwarding rules in your email accounts?*

  • Part 4: Business Processes

  • Does your business patch and update systems as soon as these become available?*
  • Does your business have a process to confirm any request to change payment or banking details with the person or organisation initiating the request?*
  • Does your business allow only certain applications or programs to be downloaded and installed?*
  • Does your business use shared accounts for social media, online software or other programs (Sole trader: Have you shared account information or provided temporary access for support to a 3rd party?)*
  • Does your business control who has access to certain aspects of the business? (Sole trader: Does anyone else in your family or office building need to access/use your business devices?)*
  • Does your business have a deactivation policy in place (this is for when staff leave the business or when contractors like web developers need access to your systems)?*
  • Does your business have any contractual or regulatory requirements that relate to cyber security or personal information and privacy?*
  • Do you have a good understanding of the policies and terms of the systems, software and other third parties who might handle, process or transmit your data?*
  • Does your business delete or uninstall old software it no longer uses?*
  • Do you or anyone in your business ever connect to free or public WiFi (for business purposes)?*
  • Does your business accept card payments?*
  • Does your business have anything in place to prevent chargeback fraud?*
  • What Card Payment Provider(s)?
  • Does your business share or make public your business account details? (BSB/Account number)*
  • Does your business have anything in place to prevent direct debit fraud?*

  • Part 5: Data & Privacy

  • Does your business collect personal information from suppliers, customers or staff?*

  • Examples of personal information: an individual’s name, signature, address, phone number or date of birth.

    For more information see the OAIC's web page: What is personal information?

  • Does your business collect any of the following about its suppliers, customers or staff?*
  • Does the nature of the information your business collects include health information?*
  • Do you know for how long your business stores the information it obtains from your staff, suppliers and customers?*
  • Do you know how your business would handle a request to delete data about a customer, supplier or client?*
  • Does your business have any obligations under the Privacy Act?*
  • Does your business have a Privacy Policy?*
  • Does your business have a Data Breach Response Plan?*
  • Does your business back up its data offline at least weekly?*
  • Does your business encrypt the data it collects?*
  • What encryption standard do you use?
  • Does your business have a register, or a document, which outlines all the information assets your business uses?*

  • Part 6: Products & Services

  • Does your business reset devices (including personal ones used for business purposes) before discarding or recycling them?*
  • Does your business keep devices locked and secure?*
  • Does your business maintain an inventory of business devices? (Sole trader: Regardless of whether they are used for personal or business purposes?)*
  • Are your files and documents stored in a filing cabinet, and if so is that filing cabinet locked (Sole trader: Business files including personal documents like passport, birth certificate)?*
  • Does your business shred or securely destroy documents before disposal?*
  • Does your business use a managed service provider (MSP) to update and monitor systems?*
  • Does your business use anti-virus on all its devices?*
  • What anti-virus provider(s) do you use?
  • Does your business use a firewall?*
  • Does your business use a VPN?*
  • What VPN service(s) do you use?
  • Does your business use a password manager?*
  • What Password Manager(s) do you use?
  • Does your business use (or plan to use) A.I.?*
  • Does your business have an acceptable use of A.I. policy?*
  • Should be Empty: