Practical business cyber planning

Business Cyber Safety Action Plan

This is a practical self-check, not a formal Essential Eight assessment, audit or certification.

Start with the self-check, then record only general priority categories here. Do not enter passwords, security codes, bank details or private customer information.

1. Protect accounts

MFA, Microsoft 365, admin access, suspicious sign-ins and email compromise.

2. Protect money

Changed bank details, fake invoices, supplier verification and two-person payment approval.

3. Protect data

Backups, recovery readiness, device updates and unsupported software.

4. Protect staff

Staff access, phishing habits, risky attachments and safer browsing.