Cyber Safe –
Protecting Your Business Online
Phishing & Scams
Don’t Takethe Bait
Cyber attacks don’t just happen to big companies. Small businesses are targeted every day – often because they’re easier to get into. This page covers the main threats your team will face and what to do about them. Bookmark it, share it with your staff, and check back when something feels off.
Phishing & Scams
Don’t Take the Bait
Phishing is when someone pretends to be a trusted sender — your bank, the ATO, Australia Post, even a colleague — to trick you into clicking a link or handing over your details.
Watch for these red flags:
- Unexpected attachments or links
- Urgency or pressure (“Your account will be closed in 24 hours”)
- The sender’s email address doesn’t match the organisation
- The sender’s email address doesn’t match the organisation
- Requests to verify your password or payment details
- Slightly misspelled domains — paypa1.com, aus-tax.gov
What to do:
- Hover over links before you click — check the actual URL
- Verify requests by calling the person or organisation directly — not using the number in the email
- Never confirm a bank account change by email alone
- Report anything suspicious to the rest of your team immediately
Passwords & Access
The Basics
Weak or shared passwords are the most common way small businesses get compromised. The fix is straightforward: a password manager, unique logins for every person, and two-factor authentication on critical accounts.
The short version:
- Use a password manager — 1Password or NordPass are both solid for small teams
- Every staff member gets their own login — no shared accounts
- Enable two-factor authentication on email, banking, and accounting software first
- When someone leaves, remove their access and rotate any shared passwords that same day
- Check if your email has been in a breach at haveibeenpwned.com
Running a team or about to do a security review?
We’ve put together a full step-by-step guide covering password standards, MFA setup, staff
offboarding, and a printable cheat sheet your team can keep at their desk.
Social Media
Protect Your Brand & Your Team
Your social media accounts are a target. Fake “your page has been suspended” messages are common, and if someone gets into your Facebook Business Manager, the damage can be significant.
Keep things locked down:
- Use Facebook Business Manager — don’t run business pages from a personal profile
- Keep admin access to 1–2 people maximum
- Be careful what you share publicly about your operations, systems, or staff
- Review which apps have access to your accounts — do this quarterly
- If you get a message saying your page is suspended, verify it through Meta directly before
clicking anything If your account is compromised:
- Change your password immediately from a clean device
- Remove any unknown admins or apps
WordPress Security
Keep Your Site Locked
If your website runs on WordPress, keeping it updated and locked down is non-negotiable. An outdated plugin is one of the most common entry points for attackers.
Core habits:
- Update WordPress core, plugins, and themes as soon as updates are available
- Remove any plugins or themes you’re not actively using
- Delete the default “admin” username — use something unique
- Install a security plugin — Wordfence is a reliable free option
- Set up automated offsite backups — UpdraftPlus works well
- Make sure your SSL certificate is active (your site should show https://)
If You’ve Been Hacked
Do This Now
Stay calm and move quickly. The faster you act, the less damage gets done.
- Disconnect the affected device from the internet immediately
- From a clean device — your phone or another computer — reset your email password first
- Then reset passwords for banking, accounting, and any other critical accounts
- Call your bank directly if any financial accounts may be involved
- Contact Zoik if your website may have been affected — we can lock it down
Need Help?
If something doesn’t look right or you’re not sure where to start, get in touch. We work with small businesses across Brisbane to get the basics right before something goes wrong.