Protecting Your Business from Cyber Threats
What the real threats to Perth small businesses look like, what stops them, and why waiting until something goes wrong is not a strategy
The Three Threats Most Likely to Affect Your Business
Cyber security is often discussed in abstract terms that make it feel like someone else’s problem. The reality is more straightforward — there are three types of attack that account for the overwhelming majority of incidents affecting Perth small businesses, and all three are preventable with the right setup.
Ransomware — your files locked until you pay
Criminals send an email with an attachment or a link. One click, and software silently installs itself on your computer and spreads across your network. Within hours, every file your business has — documents, client records, accounting data — is encrypted and inaccessible. You receive a message demanding payment to get them back. Even if you pay, there is no guarantee you get your files back.
Fake invoices and payment redirection
Criminals monitor your email, wait until they spot a payment conversation, then step in with a convincing email — appearing to come from your supplier or your own business — asking the other party to update their bank details. The payment goes to the criminal’s account. By the time anyone realises, the money is gone. Australian businesses lose millions to this every year.
Stolen passwords and unauthorised access
Passwords get stolen constantly — through data breaches at other websites, through phishing emails, and through simple password guessing. Once a criminal has your password, they log in to your email, read your conversations, impersonate you, access your files, and in some cases quietly sit in your account for months before doing anything obvious. By then the damage is done.
Small Businesses Are Not Off the Radar — They Are the Target
The most common reason Perth small business owners do not take cyber security seriously is that they believe their business is too small to be worth targeting. That is a misunderstanding of how modern cyber attacks work.
The myth: criminals only target big companies
Large corporations have dedicated security teams, expensive tools and rapid incident response. Small businesses are easier targets with less protection and often more to lose proportionally. The majority of cyber attacks target businesses with fewer than 50 staff — not because they are interesting, but because they are accessible.
The reality: most attacks are automated and indiscriminate
Criminals do not usually hand-pick their victims. Automated tools scan the internet looking for unprotected systems, weak passwords and misconfigured email. Your business does not need to be on a list — it just needs to be reachable. The good news is that most attacks can be stopped with the right basic protections in place.
The Six Protections Every Perth Business Should Have in Place
Cyber security does not require a large budget or a dedicated IT team. For most Perth small businesses, the following six measures provide a robust level of protection against the attacks described above. DM1 sets all of these up and manages them as part of a standard Microsoft 365 Business Premium engagement.
Protection 1 — A second login step so a stolen password is not enough
When this is turned on, logging in to your email or business systems requires two things — your password and a code sent to your phone. Even if a criminal obtains your password, they cannot get in without also having your phone. This single measure blocks the vast majority of unauthorised login attempts.
Technical name: Multi-factor authentication (MFA)
Protection 2 — Scanning every email before it reaches your staff
Every incoming email is automatically checked for dangerous links, malicious attachments, and senders pretending to be someone they are not. Suspicious emails are blocked or flagged before any staff member sees them. This is included in Microsoft 365 Business Premium at no extra cost.
Technical name: Microsoft Defender for Office 365
Protection 3 — Blocking logins from suspicious locations
This protection allows DM1 to set rules about where and how your staff can log in. For example: only allow logins from Australia, or only from company devices. If someone tries to log in from an overseas location or an unknown device, they are blocked automatically — even if they have the correct password.
Technical name: Conditional Access policies
Protection 4 — Monitoring every device for threats in real time
Software running quietly in the background on every computer watches for unusual behaviour — files being encrypted, programs trying to spread across the network, suspicious processes starting up. If it detects something, it can automatically isolate the affected device before the damage spreads to the rest of your business.
Technical name: Microsoft Defender for Business (endpoint protection)
Protection 5 — Managing and securing every phone and laptop centrally
DM1 can manage all the devices your staff use to access company data from a single place. If a laptop is lost or stolen, it can be remotely wiped. Security settings and software can be pushed to every device automatically, without anyone needing to physically touch each computer. Staff who leave the business can have their access removed instantly across all devices.
Technical name: Microsoft Intune (device management)
Protection 6 — Making sure the right people can only see what they need to
Not every staff member needs access to every file or system. DM1 sets up your permissions so that people can only access the information relevant to their role. This limits the damage if an account is compromised — a criminal who gets into a junior staff member’s account cannot automatically access everything in the business.
Technical name: Role-based access control / least privilege
One Subscription That Covers It All
Historically, putting all six protections in place meant buying and managing multiple separate products from different vendors. Microsoft 365 Business Premium changed that — it brings the whole stack together in a single subscription that also includes your email, Word, Excel and PowerPoint.
All six protections are included in Microsoft 365 Business Premium
Microsoft 365 Business Premium brings together email, the full Office suite, device management and the security tools above in a single monthly subscription. For most Perth small businesses, it costs around $35 per person per month through DM1 as an authorised Microsoft CSP partner. There is no need to buy separate security software, separate device management tools or a separate email threat product — it is all in one place, managed by DM1.
See the full Microsoft 365 plan comparison →What Happens When Something Goes Wrong Without These Protections
A ransomware attack on an unprotected business typically follows the same pattern. An email arrives that looks legitimate. A staff member clicks a link or opens an attachment. Software installs itself silently and spreads across the network overnight. The next morning, nothing opens. Every file is encrypted. The business cannot operate.
Recovery without proper protection in place typically takes days to weeks, costs tens of thousands of dollars in IT recovery work, and in many cases results in permanent data loss. Cyber insurance premiums have also increased significantly — and many policies now require evidence of basic security measures before they will pay out. If those measures were not in place at the time of the incident, the claim may be declined.
The cost of putting the right protections in place is a fraction of the cost of recovering from an incident that those protections would have prevented.
Your Legal Obligations Around Client Data
For businesses that hold personal information about clients, staff or patients, cyber security is not just about protecting the business — it is a legal requirement. Here is what the law currently requires.
The law requires you to protect client information
Under the Australian Privacy Act, any business that holds personal information — names, contact details, financial records, health information — must take reasonable steps to keep it secure. That is not a suggestion. It is a legal obligation that applies to most Perth businesses regardless of size.
A security breach must be reported
If your business suffers a security incident that exposes client information, you are legally required to notify the affected individuals and report it to the Australian government. You need to be able to show what happened, who was affected, and what steps you had in place. Without proper security tooling, you cannot do any of that.
The penalties went up significantly in 2024
Fines for Privacy Act breaches can now reach $62,600 per incident. From June 2025, individuals have the right to take direct legal action against a business for serious privacy violations. Having the right security measures in place is not just good practice — it is your legal defence if something goes wrong.
For more detail on your specific industry obligations, see our Privacy Act & Compliance page.
What DM1 Finds When Businesses Switch From Their Previous IT Provider
DM1 runs a standard security check on every new client as part of the onboarding process. These are three examples of what that check regularly finds.
Discovered during DM1 new client onboarding
No second login step on any account — for a business handling sensitive client data
When a Perth healthcare business moved to DM1, our standard new client checks found that not a single staff account had a second login step enabled. The business was handling patient records daily. Their previous IT provider had never raised it. DM1 had it activated across the entire business within the same day as the onboarding check.
Discovered during DM1 new client onboarding
A former staff member still had full access to company files and email six months after leaving
A professional services firm that joined DM1 had no process for removing access when staff left. Our onboarding check found an ex-employee account that had been active and fully accessible for over six months after their departure. The account was closed immediately. The business had no visibility that this access existed.
Discovered during DM1 new client onboarding
Security software on company laptops had not updated in over a year
A retail business switching to DM1 had security software installed on their computers, but our onboarding check found it had silently stopped updating on several machines. The software looked fine on screen but was operating on definitions that were more than 12 months out of date. DM1 replaced it with properly managed protection as part of the new client setup.
Why DM1?
DM1 has been supporting Perth small businesses since the 1970s. Cyber security is not a product we sell separately — it is built into how we manage every client environment. When you engage DM1, the protections described on this page are assessed, configured and maintained as part of the ongoing relationship.
We are an authorised Microsoft CSP partner, which means we deploy and manage Microsoft 365 Business Premium — the platform that brings all six protections together — directly through the Microsoft partner channel. When something changes in the threat landscape or Microsoft updates their security tooling, DM1 manages that on your behalf. You do not need to follow it yourself.
Not Sure How Protected Your Business Currently Is?
Call DM1 on (08) 6202 6012 or send a message. We will tell you exactly where your gaps are, what they mean in practice, and what it would take to fix them — no obligation, no jargon.