Book a Consult

Your “I Don’t Do IT” Attitude is a Ticking Time Bomb – And It’s About to Explode

You’re a busy small business owner. You’re focused on growth, on innovation, on building a successful business. I get it – on some weeks I am lucky to get a lunch break, let alone considering the smaller stuff. It frustrates the hell out of me when I’m asked by staff members to consider something small. In your case, this could be stuff like IT – that’s for someone else to worry about, right?

Wrong.

But here’s the brutal, non-sugar-coated truth: your “I don’t do IT” attitude is a dangerous liability. Every day you ignore your digital security is a day you’re gambling with your company’s future. You’re not just risking data; you’re risking your entire livelihood.

You cannot afford to continue to have an “I don’t do IT” attitude anymore – it’s a dangerous gamble. It’s like driving a car without brakes, hoping for the best.

But you’re not here for a lecture – you get that at home from your spouse! I’ll keep this as brief as possible because I know you don’t have time for another ‘shoulda, coulda, didn’t’ conversation. My aim is to be as helpful as possible without trying to sell you anything, and to give you bite-sized chunks of information so that you can start acting on your information security today.

The Fatal Assumption: “The Cloud Handles Security, Right?”

Like the overwhelming majority of smaller businesses, undoubtedly you have moved on from having a server in your office, to going full cloud. Don’t get me wrong, the cloud has revolutionised the way smaller businesses use technology and have enabled unprecedented flexibility in how these organisations operate. But with this flexibility comes substantially increased susceptibility to cyber-attack, phishing or simple credential theft.

The “cloud” is just a term used to describe the fact that you are renting out space on someone else’s computer. For a large portion of small businesses, the cloud has replaced the traditional business server in that it holds your most valuable assets: customer information, financial records, sensitive company data.

You’ve probably heard, or even believe this: “We’re in the cloud, so security is taken care of.” This couldn’t be further from the truth. While cloud providers like Microsoft offer robust infrastructure security, the responsibility for your data and how it’s accessed remains firmly with you.

Think of it like renting a storage unit. The storage facility provides the building and basic security, but you’re responsible for what you put inside, how you lock it up, and who gets the key. The cloud is similar. Your provider secures the foundation, but you secure what’s built on top.

This “shared responsibility” model means:

  • You control access: Who can log in, what they can see, and what they can do.
  • You manage data: How it’s stored, encrypted, and backed up.
  • You handle user security: Passwords, multi-factor authentication, and user training.
  • You manage application security: Ensuring that applications are secure, up to date and patched.

Many business owners mistakenly assume that simply subscribing to a cloud service absolves them of security responsibility. This dangerous belief leads to a false sense of security, leaving their data vulnerable to attack, loss or theft. Hackers, and more likely, your employees as insider threats exploit this gap, knowing that many businesses are unaware of their obligations and don’t act to harden up security.

Even if you’ve taken some initial steps to secure your cloud environment, it’s not a “set it and forget it” situation. Cyber threats are constantly evolving, and your security measures need to evolve with them.

Your “I Don’t Do IT” Excuse Won’t Cut It Anymore – The Law is Watching.

Let’s be blunt: the days of blissful ignorance are over. You can’t plead ignorance when your data is breached, your customer information is stolen, or your business is crippled by a cyberattack or employee data theft. The Australian legal landscape is evolving, and it’s holding businesses accountable.

  • The Privacy Act 1988 (Cth): This legislation mandates that businesses handling personal information must take reasonable steps to protect it. A data breach resulting from inadequate security measures can lead to significant penalties under this Act. The amendments to this act, and the increased powers of the OAIC, show that the government is taking this seriously.
  • The Notifiable Data Breaches (NDB) Scheme: This scheme, established under the Privacy Act, requires organisations to notify individuals and the Office of the Australian Information Commissioner (OAIC) of eligible data breaches. Failure to comply can result in substantial fines.
  • Australian Consumer Law: If a data breach results in financial loss or other harm to consumers, they may pursue legal action under Australian Consumer Law, claiming that your business failed to provide services with due care and skill.
  • Recent Court Cases: As the ACSC has highlighted, recent court rulings are making it clear that businesses have a duty of care when it comes to cybersecurity. Courts are increasingly willing to hold businesses liable for failing to implement reasonable security measures.

These laws and rulings are not just abstract concepts. They have real-world consequences, including:

  • Substantial Fines: Breaching privacy laws or failing to report data breaches can result in hefty financial penalties.
  • Legal Action: Customers and other affected parties can sue your business for damages.
  • Reputational Damage: A data breach can erode customer trust and damage your brand’s reputation.

The “I don’t do IT” excuse simply won’t hold up in court. Ignoring cybersecurity is not just irresponsible; it’s potentially illegal.

Here’s the No-BS Breakdown of What You NEED to Do (Now):

  1. Lock Down Your Digital Doors: Make sure that multi-factor authentication (MFA). It’s not a suggestion; it’s a necessity and absolutely mandatory.
  2. Patch Your Software – Regularly: This isn’t like changing your oil every few years. It’s like changing it every few months. Every unpatched vulnerability is a hole in your defences.
  3. Control Who Gets In: Application control. Limit who can run what on your systems. No unauthorised software, period.
  4. Back Up EVERYTHING: If (and when) you get hit, this is your lifeline. A complete, regularly updated backup is the only way to recover.

 

The Essential Eight: The Basics You Can’t Ignore

The Australian Signals Directorate’s Essential Eight represent a foundational approach to cybersecurity, designed to significantly reduce an organisation’s vulnerability to cyberattacks. These eight strategies are prioritised based on their effectiveness in mitigating a wide range of cyber threats. By implementing these strategies, businesses can create a robust security posture, making it substantially more difficult for adversaries to compromise their systems and data, thereby strengthening their overall resilience against cyber incidents.

While it’s difficult, after you have implemented our No BS Breakdown, it’s vital that you sit down with your IT team and go over implementing these eight mitigation strategies – no matter how small you think your business is.

  • Application Control & Microsoft Office Macro Settings: Only allow trusted software to run on your systems. It’s like having a bouncer at the door. Turn off Macros unless they’re absolutely necessary.
  • Patching: Regularly update your software and operating systems. Think of it as regular maintenance – crucial for preventing vulnerabilities.
  • User Application Hardening: Configure your software to minimise security risks. It’s like locking down your most valuable assets.
  • Restrict Administrative Privileges: Limit who has the power to make critical changes to your systems.
  • Multi-Factor Authentication (MFA): Add an extra layer of security to your accounts. It’s like having two keys to open a door, making it much harder for intruders to gain access.
  • Patching Applications and Operating Systems: Keep your software and operating systems up-to-date to address vulnerabilities.
  • Regular Backups: This is your insurance policy. Regular backups ensure you can recover your data if a disaster strike

Brandon Strangman is the driving force behind Defy IT, a Brisbane-based IT management and cybersecurity firm dedicated to empowering small businesses. With a deep-seated belief that IT should be a catalyst for growth, not a source of frustration, Brandon established Defy IT to deliver proactive, tailored IT solutions built on genuine partnerships.

Brandon holds a Masters in Cyber Studies and Investigations from Charles Sturt University. This academic grounding, combined with nearly twenty years of experience in IT, has provided him with a comprehensive understanding of IT principles, network infrastructure, cyber security, digital change management and software systems.

Building upon his formal education, Brandon has amassed significant experience in the IT sector. This hands-on experience across diverse environments has equipped him with a nuanced understanding of businesses’ challenges and opportunities in leveraging technology. Since COVID, he has honed his skills in network management, cybersecurity protocols, cloud solutions, and IT strategy development for the benefit of his small and larger business clients, respectively.

Driven by a passion for innovation and a commitment to exceptional service, Brandon recognised the need for a different approach to IT support for small businesses. This vision led to the creation of Defy IT, where he fosters a culture of proactive problem-solving, clear communication, and a genuine dedication to client success. Brandon’s leadership and forward-thinking approach continue to shape Defy IT’s mission to redefine IT support and empower businesses to thrive in the digital age.

Skip to content