As more small businesses move their operations online, the risks that come with digital tools may also increase. Cybersecurity expert Jacqui Loustau shares some practical, low-cost steps women business owners can take to mitigate and manage cyber risk and keep their business, staff and customers digitally safe.
For many small business owners, getting online has been essential to growth. From websites and booking systems to cloud accounting and digital payments, technology now underpins how businesses operate and connect with customers.
But that reliance also creates new risks. Increasingly, cyber criminals are targeting small to medium-sized businesses through everyday digital tools like email, websites and online payments. Often, it’s because they assume these smaller organisations have fewer protections in place.
And for many women small business owners, digital safety often sits low on the priority list. In a recent survey by the Australian Cyber Security Centre, almost half of small to medium businesses rated their understanding of cybersecurity as ‘average’ or ‘below average’, and reported having poor cybersecurity practices.
The good news is that improving your cybersecurity doesn’t have to mean expensive systems or complex technical knowledge.
According to the CEO of the Australian Women in Security Network, Jacqui Loustau, who works closely with small businesses on cybersecurity, making a few key changes can make a big difference for women looking to protect their business, data and customers.

‘It’s the core of business’
With so much of business happening online, taking the time to learn and upskill on digital safety is a necessity for small business owners, Loustau says.
“The majority of businesses now have a website, they have email, they communicate with their customers digitally. And so, there’s a lot of reliance on technology and the digital world,” Loustau tells Women’s Agenda.
“When it comes to digital safety, it’s the core of the business. [Business owners] can’t pay their bills without using technology, and a lot of their customer data is stored digitally.”
Loustau says digital safety is about the small steps you can take as a business owner to keep your customer and financial data, and intellectual property safe.
“We work with quite a few small businesses, and a lot of the time they just don’t know what they need to do,” Loustau says. “They hear about all these scary stories in the news, and they don’t know where to start and what to do.”
So what can a cyber threat look like?
As Loustau explains, some of the most common cyber threats can seem harmless in the first instance.
Maybe it’s a supplier asking you to update their bank details. A customer inquiry with an attachment, or an urgent message from your “boss” asking you to pay an invoice.
One of Loustau’s key pieces of advice is to never be embarrassed to double check if something doesn’t feel right. Business owners should be leading the way in creating a culture where staff feel comfortable asking, “Does this look legitimate?”
“As a society, we need to not be afraid to ask and double check,” Loustau says.
Key scams business owners need to know about
Invoice fraud and email compromise
This is one of the biggest threats facing small businesses right now. Cyber criminals send emails pretending to be a supplier or contractor claiming they’ve changed their bank account details and asking you to pay to a new account.
“They follow the money,” says Loustau. “They’re preying on the fact that you may not check bank account details when somebody is changing them.”
_________________________________________________________________________________
The two-step verification check
Loustau suggests, for email requests to change bank account details or a payment method:
- Do not pay until you have called and verbally confirmed.
- Call using a number you already have, not one provided in the email.
- Even if the email looks completely legitimate, always verify it.
_________________________________________________________________________________
Phishing emails
Phishing emails are designed to trick you into clicking a malicious link or handing over sensitive information. Scammers typically harvest email addresses from data breaches and from business websites by “scraping” publicly listed addresses.
Loustau says to watch out for these red flags:
- A sense of urgency
- Threats or intimidation
- Offers that seem too good to be true
- Requests to pay through unusual methods
- Emails from addresses that look almost right, but not quite
_________________________________________________________________________________
Loustau’s 3 things small business owners can do to help manage cyber risk:
1. Turn on multi-factor authentication
Loustau suggests, if you only do one thing, make it this. Multi-factor authentication adds an extra verification step when logging into systems. Start with your most critical accounts, including business email, finance or accounting software, government logins and HR systems.
2. Double check any payment changes
One of the most common scams affecting businesses is invoice fraud, where criminals send fake emails claiming a supplier’s bank details have changed. If you receive an email asking you to update payment details, call the supplier to verify. Make sure to use atrusted phone number, not one listed in the email.
3. Train staff to spot suspicious emails
Your team is often the first line of defence against cyber threats. Encourage staff to stop and question emails that create urgency, include unexpected attachments or links, threaten consequences if action isn’t taken quickly, or seem too good to be true.
_________________________________________________________________________________
Train staff and keep data secure
Staff training is a key part of digital safety. Loustau recommends tailoring training to different roles. For example, accounting staff should know about invoice fraud, while HR teams need to know how to handle suspicious CVs.
Role-playing real scenarios and practicing how to spot scams can be a good place to start. Free resources from the Australian Cyber Security Centre include example scams you can work through with your team.
Keeping your data safe and secure should also be a priority, according to Loustau.
Identifying what data is most critical to your business is the first step, then asking questions like: where is it stored? Who has access? What would happen if it became public? Less data collected and shared means less exposure if something goes wrong.
_________________________________________________________________________________
Loustau’s recommended free resources for small business digital safety:
- cyber.gov.au: The Australian Cyber Security Centre — includes a dedicated Small Business Guide with practical steps
- scamwatch.gov.au: Report and research scams affecting Australians
- haveibeenpwned.com: Check whether your email address has been exposed in a data breach
- idcare.org: Australia’s national identity and cyber support service
- esafety.gov.au: Resources for online safety and personal digital wellbeing
_________________________________________________________________________________
Loustau’s key message is that digital safety doesn’t need to be overwhelming.
The trick is to start somewhere, even if it’s just setting up multi-factor authentication or booking in a staff training day to help make security a natural part of how you and your team work day-to-day.
“It just needs to become a habit,” says Loustau.
Thanks to our partner CommBank. CommBank supports women in business and the community across all industries and sectors through its Women in Focus team. For more information head toWomeninFocus.com.au.
This article represents opinions and views of the interviewees’ personal experiences only. It does not have regard to the situation or needs of any reader and must not be relied upon as advice. It is not intended to imply any recommendation or opinion about a financial product or service. Before acting on this information, consider its appropriateness to your circumstances.
