Cyber security tips from Stuart Dillon-Roberts, Digital Journey

Tap into Stuart’s expertise on all things digital. Find out his key steps to avoid being a cyber victim and download ASB's top cyber security tips.


Stuart is the founder of Digital Journey, a unique digital agency operating as a social enterprise helping community organisations, schools, and small businesses make a real impact with digital technology. He’s seen more than 18,000 organisations improve their digital knowledge via training courses, webinars, and online assessment tools, so he is ideally placed to help small businesses improve all things digital. An immediate area of focus for Digital Journey is cyber security and supporting businesses in enabling pragmatic cyber protections to safeguard critical IT services and data. In other words, being hacked!

The small business dilemma

We often hear that cyber security protection is important to business, yet, for many it is often an after-thought. ‘Undoubtedly, the tech sector has gotten better at protecting businesses with automatic in-built security features’, says Stuart, ‘but we still need business owners and employees to do their part. Rather than wait for something to go wrong, people need to take steps to avoid the issue in the first place’.

That’s the dilemma: how much time and money to spend on something that may not happen. It’s like life and house insurance, which you hope you never need to use. Cyber security is the same concept, yet many small business owners only react when disaster strikes. ‘Make time to check how you protect your essential systems and data’, says Stuart, ‘and ensure staff are aware of their obligations and its clear what risks you have in your business’.

Immediate cyber security issues and solutions

No doubt the risk to small businesses has never been so great. The methods used to attack businesses are broader and harder to prevent. The types of attacks most seen today are socially engineered to encourage you to click on a link or open an attachment. Once you do, your computer may be infected with a virus, used to attack others in your workplace or entice you to share personal or financial information.

‘While we may have seen past emails from a business requesting your payment details or a wild claim that you have won money’, says Stuart, ‘these are becoming less common and the savvy scammer now uses multiple ways to attack you including text, or social media messages and phone calls.  It’s not just through your computer’. The challenge is first contact looks legitimate and are hard to distinguish from real messages. Increasingly, a business needs to accept that cybercrime won’t stop, and for many it’s just a matter of time before they are impacted, if not already.

Part of the solution is the message that businesses need to safeguard their crucial information, make sure that access is restricted and that they have backups of the data and information that is important to them.  ‘Making staff aware of the risks and setting standards to password management’ advises Stuart, ‘is critical, as well as maintaining software versions and having 2 factor authentication’.

Steps to take to avoid cybercrime

Being a victim eventually is probable, but however Stuart recommends there are a number of things you can do in your business to reduce the chance of it being a disaster, such as:

  • Create a clear cyber security plan to restore access to key services and data if they happen to be lost.
  • Conduct an exercise internally or with your IT provider to check that the recovery process will work as expected, that more than one person can complete this process and the downtime is acceptable.
  • Consider cyber risk insurance, which depends on your risk profile. You’re less likely to need it (or not as much cover) if you have robust cyber security protection, good awareness with staff and a well-defined process for restoring business systems.
  • Establish good password management, keep your IT systems up to date, understand the threats and make sure you and your staff use 2-factor authentication to access critical information.
  • Getting the basics right, such as backing up your data regularly, secure your devices and including ensure all staff follow good management practices.  Password Managers can be used to store passwords and reduce remembering complex password sequences safely.
  • Make sure your software is auto-updating to patch any vulnerabilities.

Looking ahead

One world view is that the cyber security risk and growing sense of maintaining privacy will be the downfall of the internet as we know it today.  ‘We will see trusted networks appearing where access is restricted and highly controlled, says Stuart, ‘and if I was to crystal ball gaze, privacy and risk will be the two prime issues that force changes.’

No doubt the IT industry is far better placed that it has been to minimise the cyber security risk.  The challenge is that cyber security threats are more sophisticated and devious than ever.  ‘Over the past year’ says Stuart, ‘businesses we have worked with have lost data, had systems go offline, invoices paid to wrong accounts and websites compromised’.  Stuart found the common catalysts were a mistake by a staff member, poor processes in place and no awareness of risks. It’s these issues that will be harder to manage in the future, as everyone’s digital footprint gets wider and deeper.

Where to get practical cyber security advice

If you have internal staff or an external IT provider that manages your cyber security then great, otherwise Stuart suggests:

  • Go to It’s the agency called the Computer Emergency Response Team (CERT) to improve access to information on potential or real-time cyber-attacks.
  • Two steps to take immediately are a better password (find out more here), and turn on two factor (or if you’re really worried, three factor) authentication (2FA) everywhere you can.
  • Use the Two Factor Directory to check what IT services use 2FA, which is a recommended pre-requisite for accessing critical data.
  • Use ASB’s free Digital Assessment tool by Digital Journey to assess what you need to protect your business now and in the future.

What should I do now?

View our checklist to tick off the main cybersecurity dos and don'ts to keep your business safe.

Get tips and tools to help run your business straight to your inbox.

No thanks

Get tips and tools to help run your business straight to your inbox.

No thanks