Staff use computers, Microsoft 365, Google Workspace, accounting, POS, website or social media systems
Staff use computers, Microsoft 365, Google Workspace, accounting, POS, website or social media systems.
Do staff have more access than they need?
Check admin access, old staff accounts, shared passwords, contractor accounts, website access, social media access and accounting access in plain English. Based on public ASD/ACSC Essential Eight guidance.

Use this when you want a practical business-owner answer, not a technical framework first.
Staff use computers, Microsoft 365, Google Workspace, accounting, POS, website or social media systems.
You are not sure which staff or contractors still have admin access.
You want to reduce damage if one account, device or password is compromised.
Privacy: this checker runs in your browser and does not ask for sensitive details.
Tick the statements that match your staff access setup.
This check relates mainly to admin access and account control. In Essential Eight language, it supports restricting administrative privileges and safer identity practices.
Helps improve Essential Eight alignment step by step. This is a practical self-check, not a formal government certification or audit.
Least privilege simply means staff should have the access they need for their job, not extra access that can cause bigger damage if something goes wrong.
These basic checks help protect business money, files, customer records, staff devices and daily operations.
Need help reviewing staff access without disrupting the business? Your IT & Tech Mates can help clean up old accounts, admin access and shared passwords.
Use the hub and related tools to check the other parts of your small business cyber safety setup.
Return to the hub and choose your business concern.
Start with the full five-minute check across logins, backups, updates, access and device safety.
Check two-step login and account access for email, cloud, accounting, website and social platforms.
Check whether files, invoices, records and job photos can be recovered if something goes wrong.
Review old accounts, admin access, shared passwords and contractor access.
Check whether computers, browsers, Office, accounting apps, POS systems and remote access tools are being kept up to date.
Check whether risky Office files, invoices, spreadsheets, supplier documents or attachments could put your business at risk.
Check browser updates, extensions, downloads, password saving, PDF readers, remote access apps and common unsafe app settings.
Prepare a plain-English evidence checklist for insurers, suppliers, clients or tenders.
Turn your answers into a simple action plan: first 3 fixes, this week, this month and later.
Your IT & Tech Mates can help set up two-step login, backups, updates, admin access, safer devices, and a plain-English cyber action plan for your business.
It means people get the access they need to do their work, and not extra admin access they do not need every day.
Usually no. Admin access should be limited because it can increase damage if a device or account is compromised.
No. This is a practical self-check based on public ASD/ACSC Essential Eight guidance, not a formal government certification or audit.