Skip to main content Skip to log on Skip to search Accessibility at CommBank

The digital safety reality check every woman small business owner needs

As more small businesses move their operations online, the risks that come with digital tools may also increase. Cybersecurity expert Jacqui Loustau shares some practical, low-cost steps women business owners can take to mitigate and manage cyber risk and keep their business, staff and customers digitally safe. 

Jacqui Loustau
  • Small businesses increasingly rely on digital tools to operate, but this can also expose them to growing cyber threats, with criminals often targeting smaller organisations that may have limited protections.
  • Cybersecurity expert Jacqui Loustau says many risks stem from everyday scams such as invoice fraud and phishing emails, which are designed to trick businesses into transferring money or sharing sensitive information.
  • Simple steps, such as enabling multi-factor authentication, verifying payment changes, and training staff to recognise suspicious emails, are cyber risk management practices.

For many small business owners, getting online has been essential to growth. From websites and booking systems to cloud accounting and digital payments, technology now underpins how businesses operate and connect with customers. 

But that reliance also creates new risks. Increasingly, cyber criminals are targeting small to medium-sized businesses through everyday digital tools like email, websites and online payments. Often, it’s because they assume these smaller organisations have fewer protections in place. 

And for many women small business owners, digital safety often sits low on the priority list. In a recent survey by the Australian Cyber Security Centre, almost half of small to medium businesses rated their understanding of cybersecurity as ‘average’ or ‘below average’, and reported having poor cybersecurity practices. 

The good news is that improving your cybersecurity doesn’t have to mean expensive systems or complex technical knowledge. 

According to the CEO of the Australian Women in Security Network, Jacqui Loustau, who works closely with small businesses on cybersecurity, making a few key changes can make a big difference for women looking to protect their business, data and customers.

‘It’s the core of business’

With so much of business happening online, taking the time to learn and upskill on digital safety is a necessity for small business owners, Loustau says. 

“The majority of businesses now have a website, they have email, they communicate with their customers digitally. And so, there's a lot of reliance on technology and the digital world,” Loustau tells Women’s Agenda.

“When it comes to digital safety, it's the core of the business. [Business owners] can't pay their bills without using technology, and a lot of their customer data is stored digitally.”

Loustau says digital safety is about the small steps you can take as a business owner to keep your customer and financial data, and intellectual property safe. 

“We work with quite a few small businesses, and a lot of the time they just don't know what they need to do,” Loustau says. “They hear about all these scary stories in the news, and they don't know where to start and what to do.”

So what can a cyber threat look like?

As Loustau explains, some of the most common cyber threats can seem harmless in the first instance. 

Maybe it’s a supplier asking you to update their bank details. A customer inquiry with an attachment, or an urgent message from your “boss” asking you to pay an invoice. 

One of Loustau’s key pieces of advice is to never be embarrassed to double check if something doesn’t feel right. Business owners should be leading the way in creating a culture where staff feel comfortable asking, “Does this look legitimate?”

“As a society, we need to not be afraid to ask and double check,” Loustau says.

Key scams business owners need to know about

Invoice fraud and email compromise

This is one of the biggest threats facing small businesses right now. Cyber criminals send emails pretending to be a supplier or contractor claiming they've changed their bank account details and asking you to pay to a new account. 

"They follow the money," says Loustau. "They're preying on the fact that you may not check bank account details when somebody is changing them."

The two-step verification check

Loustau suggests, for email requests to change bank account details or a payment method:

  • Do not pay until you have called and verbally confirmed.
  • Call using a number you already have, not one provided in the email.
  • Even if the email looks completely legitimate, always verify it.

Phishing emails

Phishing emails are designed to trick you into clicking a malicious link or handing over sensitive information. Scammers typically harvest email addresses from data breaches and from business websites by "scraping" publicly listed addresses.

Loustau says to watch out for these red flags:

  • A sense of urgency
  • Threats or intimidation
  • Offers that seem too good to be true
  • Requests to pay through unusual methods
  • Emails from addresses that look almost right, but not quite

Loustau’s 3 things small business owners can do to help manage cyber risk

1. Turn on multi-factor authentication 

Loustau suggests, if you only do one thing, make it this. Multi-factor authentication adds an extra verification step when logging into systems. Start with your most critical accounts, including business email, finance or accounting software, government logins and HR systems.

2. Double check any payment changes

One of the most common scams affecting businesses is invoice fraud, where criminals send fake emails claiming a supplier’s bank details have changed. If you receive an email asking you to update payment details, call the supplier to verify. Make sure to use a trusted phone number, not one listed in the email.

3. Train staff to spot suspicious emails 

Your team is often the first line of defence against cyber threats. Encourage staff to stop and question emails that create urgency, include unexpected attachments or linksthreaten consequences if action isn’t taken quickly, or seem too good to be true.

Train staff and keep data secure

Staff training is a key part of digital safety. Loustau recommends tailoring training to different roles. For example, accounting staff should know about invoice fraud, while HR teams need to know how to handle suspicious CVs.

Role-playing real scenarios and practicing how to spot scams can be a good place to start. Free resources from the Australian Cyber Security Centre include example scams you can work through with your team.

Keeping your data safe and secure should also be a priority, according to Loustau. 

Identifying what data is most critical to your business is the first step, then asking questions like: where is it stored? Who has access? What would happen if it became public? Less data collected and shared means less exposure if something goes wrong.

Loustau’s recommended free resources for small business digital safety:

  • cyber.gov.au: The Australian Cyber Security Centre — includes a dedicated Small Business Guide with practical steps
  • scamwatch.gov.au: Report and research scams affecting Australians
  • haveibeenpwned.com: Check whether your email address has been exposed in a data breach
  • idcare.org: Australia's national identity and cyber support service
  • esafety.gov.au: Resources for online safety and personal digital wellbeing

Loustau’s key message is that digital safety doesn’t need to be overwhelming. 

The trick is to start somewhere, even if it’s just setting up multi-factor authentication or booking in a staff training day to help make security a natural part of how you and your team work day-to-day.

"It just needs to become a habit," says Loustau.

This article was written in partnership with and originally published by Women's Agenda.

Learn more about how we can work together

Request a call back from a Business Banker.

Request a callback

Things you should know

  • This article is intended to provide general information of an educational nature only. It does not have regard to the financial situation or needs of any reader and must not be relied upon as financial product advice. You should consider seeking independent financial advice before making any decision based on this information.

    This article represents opinions and views of the interviewees’ personal experiences only. It does not have regard to the situation or needs of any reader and must not be relied upon as advice. It is not intended to imply any recommendation or opinion about a financial product or service.

    The Commonwealth Bank of Australia does not endorse any other views and opinions expressed in this article, nor services or advice of a particular provider.

    The links within this article will bring you to a third party website, owned and operated by an independent party over which CBA has no control ("3rd Party Website"). Any link you make to or from the 3rd Party Website will be at your own risk. Any use of the 3rd Party Website will be subject to and any information you provide will be governed by the terms of the 3rd Party Website, including those relating to confidentiality, data privacy and security. Unless otherwise expressly agreed in writing, CBA and its affiliates (collectively "CBA") are not in any way associated with the owner or operator of the 3rd Party Website or responsible or liable for the goods and services offered by them or for anything in connection with such 3rd Party Website. CBA does not endorse or approve and makes no warranties, representations or undertakings relating to the content of the 3rd Party Website.

    Unless otherwise expressly agreed in writing, CBA and its affiliates (collectively "CBA") are not in any way associated with the owner or operator of the 3rd Party Website or responsible or liable for the goods and services offered by them or for anything in connection with such 3rd Party Website. CBA does not endorse or approve and makes no warranties, representations or undertakings relating to the content of the 3rd Party Website.

    CBA disclaims liability for any loss, damage and any other consequence resulting directly or indirectly from or relating to your access to the 3rd Party Website or any information that you may provide or any transaction conducted on or via the 3rd Party Website or the failure of any information, goods or services posted or offered at the 3rd Party Website or any error, omission or misrepresentation on the 3rd Party Website or any computer virus arising from or system failure associated with the 3rd Party Website.

    The Commonwealth Bank of Australia does not endorse any other views and opinions expressed in this article, nor services or advice of a particular provider.