Knowledge Hub

Stay Protected: Preventing Data Breaches in Small-Medium Sized Businesses

Data breaches, or cybersecurity is a hot topic at the moment, following the recent hacking of Medibank and Optus customer data. In these instances, thousands of individual’s personal details were released, leaving many to wonder how this could happen in such large organisations.

But no matter what size your business is, there’s no such thing as too small to be hacked. Small and medium sized businesses are not immune to cybersecurity attacks. That’s why all businesses need to learn from these data breaches and look at how they can put in place processes to protect their business and the data of their customers.

The Australian Cyber Security Centre (ACSC) provides some tips to reduce the impact of cyber threats and security breaches.

Improve staff awareness of cybersecurity issues and threats

Cyber criminals use common tricks to get employees to reveal their organisational credentials. These include:

  • Phishing, where confidential information is stolen by sending fraudulent messages
  • Spear phishing, a dangerous class of phishing where criminals target companies and individuals using very realistic bait or messages, based on company information sourced from publicly available information such as annual reports, shareholder updates and media releases

The ACSC recommends prevention techniques such as clearly documenting and training employees in cyber security systems and designing and implementing cyber security awareness programs for employees.


To mitigate data spills, breaches, and other cyber security incidents, the ACSC has prepared a list of password requirements that small businesses can use as a guideline when setting employee’s passwords.

This list includes suggestions such as requiring all users to periodically reset their passwords, increasing the length and complexity requirements, implementing a lockout for failed login attempts and requiring all users to periodically reset passwords. The full list of suggestions can be found here.


The ACSC has several software suggestions when it comes to keeping your small business protected. These include using multi-factor authentication for all remote access to business systems, looking out for unusual activity or suspicious logins and encouraging users to think carefully before entering credentials. To read more, please visit the ACSC website here.

Beam is compliant

Ensuring we protect important information is something we’re committed to at Beam. Our Beam information security management system has been audited by a third-party accredited certification body for ISO 27001:2013 compliance, providing an independent validation that our security controls are in place and operating effectively.

What does this mean for our partners & users?

We ensure we obtain, store and secure important information in a safe and compliant way. ISO 27001:2013 certification is independent evidence that our data systems and processes meet this international standard.

What is ISO?

The International Organization for Standardization (ISO) develops international standards that certify that a system, process, service or procedure meets the requirements for standardisation and quality assurance.

ISO standards are in place to ensure consistency and mitigate risk. To find out more about the ISO international standards, visit here.

This content is provided for information purposes only and is not advice. You should consider the needs of your business before taking any action.