You are not sure where to start
Get a simple risk level and a short list of fixes instead of trying to read a full framework first.
In five minutes, check the cyber basics that matter most to small businesses: email logins, backups, updates, staff access, risky files, and device safety.
Get a plain-English action plan and choose whether you want local help to fix the gaps. This is a practical self-check and preparation guide, not a formal government certification or audit.

Use this if you own or manage a small business and want to know what cyber basics need attention first.
Get a simple risk level and a short list of fixes instead of trying to read a full framework first.
Check whether email, cloud, accounting, banking and website admin accounts have basic login protection.
Find out which cyber evidence areas may need a closer review before answering business questions.
Tick the statements that are true for your business. The result updates automatically.
Based on public ASD/ACSC Essential Eight guidance. This page uses small-business language first, then maps back to the technical areas.
This self-check helps small businesses improve Essential Eight alignment step by step.
The goal is not to make you a cyber expert. The goal is to help you protect the things that keep your business running.
Email and accounting account protection helps reduce fake invoice and payment redirection risk.
Safe backups help you recover if files are locked, deleted or damaged.
Updates and reduced admin access can limit damage if someone clicks the wrong thing.
If your result shows gaps, do not try to fix everything at once. Start with the few items that reduce the biggest everyday risk.
Turn on two-step login for email, cloud, accounting, banking, website admin and social media accounts.
Make sure important files are backed up, recovery has been tested and ransomware cannot easily reach every backup copy.
Keep computers and apps updated, remove old access, and avoid using admin accounts for daily work.
Use the hub and related tools to check the other parts of your small business cyber safety setup.
Return to the hub and choose your business concern.
Start with the full five-minute check across logins, backups, updates, access and device safety.
Check two-step login and account access for email, cloud, accounting, website and social platforms.
Check whether files, invoices, records and job photos can be recovered if something goes wrong.
Review old accounts, admin access, shared passwords and contractor access.
Check whether computers, browsers, Office, accounting apps, POS systems and remote access tools are being kept up to date.
Check whether risky Office files, invoices, spreadsheets, supplier documents or attachments could put your business at risk.
Check browser updates, extensions, downloads, password saving, PDF readers, remote access apps and common unsafe app settings.
Prepare a plain-English evidence checklist for insurers, suppliers, clients or tenders.
Turn your answers into a simple action plan: first 3 fixes, this week, this month and later.
Your IT & Tech Mates can help set up two-step login, backups, updates, admin access, safer devices, and a plain-English cyber action plan for your business.
The tool runs in your browser and does not ask for passwords, login codes, card numbers or sensitive customer details.
No. Based on public ASD/ACSC Essential Eight guidance, this is a practical self-check and preparation guide, not a formal government certification or audit.
Do not panic. Start with the top three fixes and get local help if the risk involves email, money, backups, staff access or customer records.