Business cyber safety guide

Two-Person Approval for Supplier Payments: A Simple Small Business Control

Two-person approval makes supplier payment changes harder to rush, fake or approve by mistake.

Quick answer: stop and verify using a trusted contact method before you pay, approve, reply or ignore warning signs.

Your IT & Tech Mates two-person approval guide for Australian small businesses verifying supplier payment changes before money is sent.
Your IT & Tech Mates two-person approval guide for Australian small businesses verifying supplier payment changes before money is sent.

Fast decision

PauseDo not rush payment or approval.
VerifyUse a known contact method.
RecordKeep a short evidence note.
EscalateAsk for help if risk remains.

What this means for a small business

Two-person approval makes supplier payment changes harder to rush, fake or approve by mistake.

Most business cyber problems become expensive when a normal-looking request is handled too quickly. A safer process gives staff permission to pause, check the source, and ask for help before money, access or sensitive information is exposed.

This guide uses fake examples only. It is designed to help you prepare a safer next step, not to collect private records or replace professional investigation.

Warning signs to check

  • One person requests or enters changed supplier bank details.
  • A second person checks the evidence before payment.
  • Trusted contact details are used for verification.
  • The verification is recorded before the payment run.

What to do now

  • Use two-person approval for new suppliers, changed bank details and large payments.
  • Make the rule simple enough for staff to follow under pressure.
  • Record verification notes in a consistent place.
  • Review the process after any suspicious invoice or payment issue.
Safe next stepUse the related free tool to turn the warning signs into a plain-English action note for your business.

What not to do

  • Do not make exceptions because payment is urgent.
  • Do not let the same person verify, approve and pay when risk is high.
  • Do not rely only on email screenshots as proof.
Money already sent?Contact your bank immediately. Then save the email, invoice, payment and verification details for review.

Related Business Cyber Safety links

FAQ

Is this a formal cyber audit?

No. This is a practical self-check guide, not a formal audit, investigation, certification or guarantee.

Should I share passwords or login codes?

No. Do not share passwords, login codes, banking passwords, card numbers or private customer records through this guide.

What if money has already been sent?

Contact your bank immediately. Then collect the invoice, email details and verification notes for review.

Updated