Business cyber safety guide

Staff Cyber Safety Checklist for Small Business

A simple staff checklist helps everyone know when to stop, check and ask before approving risky emails, login prompts or payment changes.

Quick answer: stop and verify using a trusted contact method before you pay, approve, reply or ignore warning signs.

Your IT & Tech Mates staff cyber safety checklist for Australian small businesses covering suspicious emails, login prompts, passwords and payment changes.
Your IT & Tech Mates staff cyber safety checklist for Australian small businesses covering suspicious emails, login prompts, passwords and payment changes.

Fast decision

PauseDo not rush payment or approval.
VerifyUse a known contact method.
RecordKeep a short evidence note.
EscalateAsk for help if risk remains.

What this means for a small business

A simple staff checklist helps everyone know when to stop, check and ask before approving risky emails, login prompts or payment changes.

Most business cyber problems become expensive when a normal-looking request is handled too quickly. A safer process gives staff permission to pause, check the source, and ask for help before money, access or sensitive information is exposed.

This guide uses fake examples only. It is designed to help you prepare a safer next step, not to collect private records or replace professional investigation.

Warning signs to check

  • Staff know who to contact about suspicious email.
  • Staff do not approve unexpected login prompts.
  • Staff understand changed bank details must be verified.
  • New starters and departing staff have clear access steps.

What to do now

  • Give staff one clear internal reporting path.
  • Add payment-change checks to onboarding and finance procedures.
  • Remove access promptly when staff leave.
  • Repeat simple reminders instead of relying on one-off training.
Safe next stepUse the related free tool to turn the warning signs into a plain-English action note for your business.

What not to do

  • Do not blame staff for reporting suspicious activity.
  • Do not leave old accounts active because it is convenient.
  • Do not rely on memory for supplier payment checks.
Money already sent?Contact your bank immediately. Then save the email, invoice, payment and verification details for review.

Related Business Cyber Safety links

FAQ

Is this a formal cyber audit?

No. This is a practical self-check guide, not a formal audit, investigation, certification or guarantee.

Should I share passwords or login codes?

No. Do not share passwords, login codes, banking passwords, card numbers or private customer records through this guide.

What if money has already been sent?

Contact your bank immediately. Then collect the invoice, email details and verification notes for review.

Updated