How Secure Is Your Business IT?
Most Perth business owners assume their IT is fine — until something goes wrong. DM1’s standard checks reveal the gaps your current setup is quietly hiding.
What an IT Health Check Actually Involves
An IT health check is not a one-off scan that generates a long report nobody reads. It is a structured review of the things that actually put your business at risk — your accounts, your devices, your email, and your data. At the end you get a plain English summary of what needs attention and in what order.
Accounts and access
Who has access to what — and whether they should. This includes current staff, former employees, and any third-party contractors who may still have active logins to your systems.
Devices and software
Whether every computer and device used for work is running up-to-date software, has appropriate security settings applied, and is managed in a way that protects your business if it is lost or stolen.
Email, data and backup
Whether your email is correctly configured to block fake invoices and impersonation attempts, whether your data is stored in the right places, and whether your backup would actually work if you needed it.
The Problems We Find Most Often
These are the six most common issues DM1 finds when a new client comes on board. None of them are obvious from the outside — and none of them were flagged by the previous IT provider.
No second login step on any account
A stolen or guessed password is all it takes to get into the business. Without a second verification step, there is nothing else standing between an attacker and your email, files, and client data.
Multi-factor authentication (MFA)
Former staff still have active logins
Staff change. Contractors finish. If accounts are not removed when someone leaves, they retain access to your systems indefinitely. This is one of the most common findings DM1 encounters — often months or years after the person left.
Outdated or unprotected computers
Computers running outdated operating systems or software with known security holes are an open door for attackers. Many businesses have at least one device that has fallen behind on updates — often the oldest machine in the office.
Email settings that allow fake invoices
Three email settings exist specifically to prove that your emails are genuine and to block criminals from sending emails pretending to be you. Most businesses DM1 onboards have at least one of these missing or misconfigured. See our email health check page for more detail.
SPF, DKIM and DMARC records
Backup that has never been tested
Having a backup process is not the same as having a working backup. DM1 regularly finds businesses that believe their data is backed up, but where the backup has been silently failing for months — or where it exists but has never been tested with an actual restore.
Everyone shares the same login
Shared accounts mean no way to trace who accessed or changed a file. This creates compliance problems, makes incident investigation impossible, and means that when one person’s credentials are compromised, everyone’s access is at risk.
Why These Problems Are So Hard to Spot
None of these problems announce themselves. Your email still arrives. Your files still open. Your business still runs. The issue is that the problems only become visible when something goes wrong — and by then the damage is done.
The IT provider who never looked
Many small businesses have IT support that fixes things when they break — but never proactively reviews the security settings in the background. If nobody is checking whether accounts are configured correctly or whether former staff still have access, those problems simply accumulate quietly over time.
The settings nobody changed
Microsoft 365 and most business software ships with default settings that are not necessarily the most secure. A business that set up its own systems a few years ago, or that inherited a setup from a previous provider, is often running on defaults that nobody has ever reviewed. The settings look fine because everything is working — they are just not protecting the business properly.
What DM1 Checks
DM1’s health check covers four areas. Each one is reviewed against what a properly configured Microsoft 365 business environment should look like.
User accounts and login security
✓ All active accounts belong to current staff
✓ A second login step is enabled on every account
✓ Admin access is limited to people who need it
✓ Logins from unexpected locations are blocked
MFA, Conditional Access, role-based access control
Devices and endpoint security
✓ All business devices are enrolled and managed
✓ Security software is active and up to date
✓ Operating systems are receiving current updates
✓ Devices can be wiped remotely if lost or stolen
Microsoft Intune, Defender for Business
Email configuration
✓ Three anti-spoofing settings are correctly in place
✓ Email filtering is active and working
✓ Safe links and attachments are checked before opening
✓ No mail rules are forwarding email externally
SPF, DKIM, DMARC, Defender for Office 365
Data storage and backup
✓ Business files are stored in the right place
✓ Backup is running and has been tested with a restore
✓ Retention rules are in place for compliance purposes
✓ Access to sensitive data is appropriately restricted
SharePoint, OneDrive, Microsoft Purview
Your Legal Obligations Around IT Security
If your business holds personal information about clients or staff, you have legal obligations under the Privacy Act 1988. Those obligations include taking ‘reasonable steps’ to protect that information from misuse, interference, and loss.
The information on this page is general in nature and is intended to help business owners understand their obligations at a high level. It is not legal advice. If you have specific concerns about your compliance obligations, DM1 recommends speaking with a qualified lawyer.
What ‘reasonable steps’ means in practice
The law does not give a checklist — it requires you to do what is reasonable given the sensitivity of the data you hold, the size of your business, and what is technically feasible. For most Perth SMBs, reasonable steps include: second login verification on all accounts, access controls so staff only see what they need, a working backup, and prompt removal of access when staff leave.
The penalties for getting it wrong
The Privacy and Other Legislation Amendment Act 2024 introduced civil penalties of up to $62,600 per breach for individuals. If a data breach occurs and you cannot demonstrate that you took reasonable steps to prevent it, that is a compliance failure — not just a technical one. The right to sue for serious invasions of privacy has also been in effect since June 2025. See the full Privacy Act guide for Perth businesses.
What Happens After Your IT Health Check
The point of an IT health check is not a report — it is fixing what we find. Here is what happens from the moment we complete the review.
Step 1
Plain English summary
You receive a clear summary of what was found — written for a business owner, not an IT professional. No jargon, no long lists of technical codes. Just what the issue is, what it means for your business, and how urgent it is.
Step 2
Prioritised action list
Issues are grouped by urgency. Critical items — like active accounts belonging to former staff or no second login step on any account — are addressed first. Lower-priority items are scheduled so the work is manageable and does not disrupt the business.
Step 3
DM1 handles the fixes
You do not need to manage any of it. DM1 implements the changes, confirms what has been done, and monitors ongoing. For businesses that move to DM1 as their managed IT provider, the health check is the starting point for everything that follows.
What We Found on Day One
These are real findings from DM1’s standard onboarding checks — discovered when new clients came on board and we ran through our standard review.
Discovered during DM1 new client onboarding
Seven former staff still had active logins — including one who had left over a year earlier
When a Perth manufacturing business moved to DM1, our standard new client checks found seven user accounts belonging to staff who no longer worked at the business. One account had been active for more than a year after the person left. Their previous IT provider had never reviewed account access as part of offboarding. DM1 removed all inactive accounts and put a process in place to handle staff departures going forward.
Discovered during DM1 new client onboarding
Backup software had been running but every backup job had been silently failing for four months
When a Perth retail business moved to DM1, our standard checks included a review of their existing backup setup. The backup software was installed and appeared to be running. When DM1 checked the job logs, every backup had been failing silently for four months due to a storage quota issue nobody had noticed. The business owner believed their data was protected. DM1 resolved the fault and verified a successful restore before completing the onboarding.
Discovered during DM1 new client onboarding
No second login step on the owner’s account — the account with access to every system in the business
When a Perth professional services firm moved to DM1, our standard checks found that the business owner’s Microsoft 365 account — which had global admin access to the entire Microsoft 365 environment — had no second login step. A single compromised password would have given an attacker complete control. Their previous IT provider had never enabled it. DM1 secured the account within the first hour of onboarding.
Why Perth Businesses Choose DM1
DM1 is a Perth-based managed IT provider working exclusively with small and medium businesses. We are a Microsoft CSP partner, which means we manage Microsoft 365 licences and configurations directly across our client base — and we know what properly configured looks like.
We explain what we find in plain English
Every finding is explained in terms of what it means for your business — not in technical language. You will always understand what the issue is, why it matters, and what DM1 is doing about it. You will never receive a report full of numbers and codes with no explanation.
One point of contact for everything IT
DM1 manages your Microsoft 365 licences, your devices, your email, your security settings, your connectivity, and your backup — all from one place. You call one number and deal with one provider. There is no pointing fingers between vendors when something goes wrong.
Find Out How Your IT Actually Measures Up
Get in touch with DM1 to arrange an IT health check. We will review your setup, tell you exactly what we find, and handle everything that needs fixing. (08) 6202 6012