Staff receive invoices, spreadsheets, job documents or supplier files by email.
Staff receive invoices, spreadsheets, job documents or supplier files by email.
Could a document or spreadsheet trick your staff?
Check whether risky Office files, invoices, spreadsheets, supplier documents or attachments could put your business at risk. Based on public ASD/ACSC Essential Eight guidance.

Use this when you want a practical business-owner answer, not a technical framework first.
Staff receive invoices, spreadsheets, job documents or supplier files by email.
People sometimes enable content, macros or editing because a file asks them to.
You want simple rules for handling suspicious Word, Excel or PDF attachments.
Privacy: this checker runs in your browser and does not ask for sensitive details.
Tick the statements that are true or risky for your business.
This check relates to risky Office files. In Essential Eight language, it supports Microsoft Office macro controls and safer application use.
Helps improve Essential Eight alignment step by step. This is a practical self-check, not a formal government certification or audit.
A single risky invoice, spreadsheet or supplier document can lead to stolen logins, fake payments, device compromise or lost work time.
These basic checks help protect business operations and reduce avoidable cyber risk.
Your IT & Tech Mates can help review Microsoft 365, Office settings, email safety and staff-friendly file handling rules.
Use the hub and related tools to check the other parts of your small business cyber safety setup.
Return to the hub and choose your business concern.
Start with the full five-minute check across logins, backups, updates, access and device safety.
Check two-step login and account access for email, cloud, accounting, website and social platforms.
Check whether files, invoices, records and job photos can be recovered if something goes wrong.
Review old accounts, admin access, shared passwords and contractor access.
Check whether computers, browsers, Office, accounting apps, POS systems and remote access tools are being kept up to date.
Check whether risky Office files, invoices, spreadsheets, supplier documents or attachments could put your business at risk.
Check browser updates, extensions, downloads, password saving, PDF readers, remote access apps and common unsafe app settings.
Prepare a plain-English evidence checklist for insurers, suppliers, clients or tenders.
Turn your answers into a simple action plan: first 3 fixes, this week, this month and later.
Your IT & Tech Mates can help set up two-step login, backups, updates, admin access, safer devices, and a plain-English cyber action plan for your business.
No, but unexpected files asking staff to enable content or macros are risky. Treat them carefully.
Do not reply to the same email thread. Verify using a known phone number or known contact method.
No. This is a practical self-check based on public ASD/ACSC Essential Eight guidance, not a formal government certification or audit.