Sentinel Stack Pty. Ltd.

Insights

Cybersecurity for small business in Australia: a practical starting point

Cybersecurity

Cybersecurity for small business in Australia starts with the ASD Essential Eight — practical controls that prevent the most common attacks.

Cybersecurity for small business does not need to start with expensive tools or enterprise-scale programmes. It needs to start with the controls that prevent the most common incidents — and in Australia, there is already a clear framework for that.

The Australian Signals Directorate (ASD) publishes the Essential Eight — a set of baseline mitigation strategies designed to make it significantly harder for adversaries to compromise systems. While the framework was originally aimed at government, it is increasingly used as a practical benchmark for any Australian business that wants to get the fundamentals right.

The Essential Eight at a glance

The eight strategies target three objectives: preventing attacks from landing, limiting the impact when they do, and ensuring data can be recovered.

Prevent attacks:

  • Application control — only allow approved software to run. This blocks malware and unauthorised programs from executing on business devices.
  • Patch applications — keep third-party software such as browsers, PDF readers, and office applications up to date. Unpatched applications are one of the most exploited entry points.
  • Configure Microsoft Office macro settings — disable or restrict macros for users who do not need them. Macros remain a common delivery mechanism for malware.
  • User application hardening — block unnecessary features in web browsers and other applications, such as ads, Java, and Flash, that attackers use as footholds.

Limit impact:

  • Restrict administrative privileges — limit admin accounts to those who genuinely need them and use separate accounts for day-to-day work. Compromised admin credentials give attackers broad access.
  • Patch operating systems — apply security updates to operating systems promptly. This closes known vulnerabilities before they can be exploited.
  • Multi-factor authentication — require MFA on every account, especially email, VPN, cloud platforms, and remote access. This is one of the most effective controls against credential theft.

Recover data:

  • Regular backups — maintain tested backups of critical data and systems. Backups should be stored separately from the production environment and verified regularly, not just scheduled.

Applying the Essential Eight in a small business

The Essential Eight uses a maturity model with three levels. Most small businesses should aim for Maturity Level One as a starting point — that already addresses the majority of common attack techniques.

The challenge for cybersecurity for small business is rarely awareness. It is consistent execution. Patching drifts behind schedule, MFA is enabled for some accounts but not all, admin privileges accumulate over time, and backups go untested. Partial coverage creates a false sense of security.

That is why a managed approach matters. Somebody needs to own the posture end to end, review it regularly, and close gaps before they are exploited.

Sentinel Stack includes cybersecurity and data protection as a core part of managed service delivery. We use the Essential Eight as a practical baseline for every environment we support — covering patching, access control, MFA enforcement, backup oversight, and ongoing review so that controls stay current as the business changes.

Privacy Policy

1. Overview

Sentinel Stack Pty. Ltd. (ABN 13 695 971 772) is committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you interact with our website or services.

2. What Personal Information We Collect

We may collect the following types of personal information:

Information you provide

  • Name
  • Business name
  • Email address
  • Phone number
  • Address or location details
  • Information submitted via contact forms or support requests

Technical and usage information

  • IP address
  • Browser type and device information
  • Pages visited and referring sources
  • Interaction data related to website usage

Communication records

  • Emails, enquiries, and support interactions
  • Information provided during service delivery or consultations

We do not collect, request, or store user passwords under any circumstances.

3. How We Collect Information

We collect personal information through:

  • Contact forms (via Formspree)
  • Live chat interactions (via Crisp)
  • Direct communications (email or support)
  • Automated technologies (e.g. security and hosting infrastructure)

4. Purpose of Collection

We collect and use personal information for the following purposes:

  • Responding to enquiries and providing requested services
  • Managing client relationships and communications
  • Delivering, maintaining, and improving our services
  • Ensuring website security and preventing abuse
  • Monitoring performance and operational reliability
  • Complying with legal and regulatory obligations

We do not use personal information for unsolicited marketing without consent.

5. Disclosure of Personal Information

We may disclose personal information to trusted third-party service providers where necessary to operate our business, including:

  • Crisp — live chat and communication
  • Formspree — contact form processing
  • Cloudflare (Pages & Turnstile) — hosting, security, and bot protection

These providers may process data in Australia or overseas.

We take reasonable steps to ensure that third-party providers handle personal information in accordance with applicable privacy obligations.

We may also disclose information where required by law or to protect our legal rights.

6. Overseas Disclosure

Some of our service providers operate infrastructure outside Australia.

Where personal information is disclosed overseas, we take reasonable steps to ensure that the recipient does not breach the Australian Privacy Principles.

7. Data Security

We take reasonable technical and organisational measures to protect personal information against:

  • Unauthorised access
  • Loss or misuse
  • Interference or disclosure

Access to personal information is restricted to authorised personnel and service providers who require it to perform their duties.

8. Data Retention

We retain personal information only for as long as necessary to:

  • Fulfil the purposes outlined in this policy
  • Comply with legal and regulatory obligations
  • Resolve disputes and enforce agreements

9. Access and Correction

You may request access to, or correction of, your personal information by contacting us.

We will take reasonable steps to:

  • Provide access to your information
  • Correct inaccurate, incomplete, or outdated data

Verification of identity may be required.

10. Cookies and Tracking

We use limited cookies and similar technologies as described in our Cookie Policy.

We do not use advertising tracking or behavioural profiling technologies.

11. Complaints

If you believe we have breached the Australian Privacy Principles, you may submit a complaint by contacting us.

We will respond within a reasonable timeframe.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

https://www.oaic.gov.au/

12. Changes to This Policy

This Privacy Policy may be updated periodically to reflect changes in our operations, technology, or legal obligations.

13. Contact

For any privacy-related enquiries or requests:

Sentinel Stack Pty. Ltd.
tel.: (07) 3260 0470

Open standalone page

Service Terms

1. Overview

These Service Terms provide a general overview of how Sentinel Stack Pty. Ltd. delivers its services.

They are intended for informational purposes only. Full contractual terms, including detailed service scope, service levels, and legal provisions, are provided as part of a formal agreement prior to the commencement of services.

2. Engagement Model

Sentinel Stack provides services under one or more of the following models:

  • Fixed monthly managed service plans
  • Project-based or consulting engagements
  • Ad hoc or on-demand technical services

All services are provided based on an agreed proposal, quote, or service agreement.

3. Scope of Services

The scope of services is defined in the applicable proposal, quote, or agreement.

Any work outside the agreed scope may be subject to additional fees. Sentinel Stack will make reasonable efforts to notify you before undertaking out-of-scope work.

4. Fees and Payment

  • Fees are defined in the applicable proposal or agreement
  • Invoices are typically payable within the agreed payment terms
  • We reserve the right to suspend or limit services where payments are overdue

5. Customer Responsibilities

To enable effective service delivery, customers are expected to:

  • Provide accurate and complete information
  • Ensure timely access to systems, environments, and personnel
  • Maintain appropriate internal processes and approvals
  • Follow reasonable security and operational practices

Failure to meet these responsibilities may impact service delivery.

6. Third-Party Services

Sentinel Stack may interact with third-party platforms, software, or infrastructure as part of service delivery.

We are not responsible for:

  • Performance or availability of third-party services
  • Changes made by third-party vendors
  • Issues outside our direct control

7. Service Availability

While we aim to deliver reliable and responsive services, we do not guarantee:

  • Uninterrupted service availability
  • Absence of errors or disruptions

Service levels, response times, and support coverage (if applicable) are defined in formal agreements.

8. Limitation of Liability

To the maximum extent permitted by law:

  • Sentinel Stack is not liable for indirect, incidental, or consequential loss
  • Liability is subject to applicable Australian Consumer Law rights, which cannot be excluded

9. Termination

Either party may terminate services in accordance with the terms defined in the applicable agreement.

Termination may require notice and may be subject to agreed commercial conditions.

10. Privacy

We handle personal information in accordance with our Privacy Policy.

11. Changes to These Terms

We may update these Service Terms from time to time. The latest version will be published on this website.

12. Contact

For any enquiries regarding our services:

Sentinel Stack Pty. Ltd.
tel.: (07) 3260 0470

13. Important Note

These Service Terms are a general summary only and do not replace a formal agreement.

A detailed Master Services Agreement (MSA), including specific terms, conditions, and service levels, will be provided prior to engagement.

Open standalone page

Terms of Use

1. Acceptance of Terms

By accessing or using this website, you agree to be bound by these Terms of Use and all applicable laws and regulations.

If you do not agree with these terms, you must not use this website.

2. Use of This Website

This website is provided for general information about Sentinel Stack Pty. Ltd. and its services.

You agree to use this website only for lawful purposes and in a manner that does not:

  • Violate any applicable laws or regulations
  • Infringe the rights of others
  • Interfere with the security, availability, or operation of the website
  • Attempt unauthorised access to systems or data

We reserve the right to restrict or terminate access where misuse is detected.

3. No Professional Advice

Content on this website is provided for general informational purposes only.

It does not constitute legal, financial, cybersecurity, compliance, or technical advice tailored to your circumstances. You should obtain appropriate professional advice before making decisions based on website content.

4. Intellectual Property

Unless otherwise stated, all content on this website, including text, branding, graphics, and design, is owned by or licensed to Sentinel Stack Pty. Ltd.

You may not reproduce, distribute, modify, or commercially exploit any content without prior written consent, except as permitted by law.

This website may include links to, or integrations with, third-party services.

We do not control and are not responsible for:

  • The content or availability of third-party websites
  • The privacy practices or terms of third parties
  • Any loss or damage arising from their use

Use of third-party services is subject to their own terms and policies.

6. Website Availability

We aim to keep the website available and up to date but do not guarantee:

  • Continuous, uninterrupted, or error-free access
  • Accuracy, completeness, or timeliness of content

We may modify, suspend, or discontinue any part of the website at any time without notice.

7. Limitation of Liability

To the maximum extent permitted by law:

  • This website is provided on an “as is” and “as available” basis
  • Sentinel Stack Pty. Ltd. excludes all liability for any loss, damage, or expense arising from:
    • Use of, or inability to use, the website
    • Reliance on website content
    • Errors, omissions, or inaccuracies

Where liability cannot be excluded under Australian law, it is limited to the minimum extent permitted.

8. Indemnity

You agree to indemnify and hold harmless Sentinel Stack Pty. Ltd. from any claims, damages, liabilities, or expenses arising from:

  • Your use of the website
  • Your breach of these Terms of Use
  • Your violation of any law or third-party rights

9. Privacy

Your use of this website is also governed by our Privacy Policy and Cookie Policy.

10. Changes to These Terms

We may update these Terms of Use at any time.

Changes take effect upon publication on this website. Continued use of the website constitutes acceptance of the updated terms.

11. Governing Law

These Terms of Use are governed by the laws of Queensland, Australia.

You submit to the exclusive jurisdiction of the courts of Queensland.

12. Contact

For any questions regarding these Terms of Use:

Sentinel Stack Pty. Ltd.
tel.: (07) 3260 0470

Open standalone page

1. Overview

This website uses cookies and similar technologies to support core functionality, ensure security, and enable communication features.

We do not use advertising or tracking cookies. We do not use Google Analytics or similar third-party behavioural tracking tools.

By continuing to use this website, you consent to the use of cookies as described in this policy, unless you disable them via your browser settings.

2. What Are Cookies

Cookies are small text files stored on your device when you visit a website. They allow the website to recognise your browser and maintain certain information, such as session state or preferences.

We may also use related technologies such as local storage and embedded service scripts where required.

3. How We Use Cookies

We use cookies and similar technologies only where necessary for the following purposes:

Essential Cookies

Required for the operation, security, and integrity of the website, including:

  • Page navigation and basic functionality
  • Protection against automated abuse and spam
  • Remembering consent preferences

These cookies are strictly necessary and cannot be disabled without impacting core functionality.

Functional and Communication Technologies

Used to enable user interaction and service features, including:

  • Live chat functionality
  • Temporary session handling for communication tools

These technologies may store short-lived data to maintain session continuity.

4. Third-Party Services

We use a limited number of third-party services to provide specific functionality. These services may place cookies or use similar technologies:

Crisp (Live Chat)

Provides real-time chat functionality. May use cookies or local storage to:

  • Maintain chat sessions
  • Store user preferences (e.g. chat state)

Privacy Policy: https://crisp.chat/en/privacy/

Formspree (Contact Forms)

Handles secure submission of contact form data. May process technical metadata required to:

  • Deliver form submissions
  • Prevent abuse

Privacy Policy: https://formspree.io/legal/privacy-policy/

Cloudflare Turnstile (Bot Protection)

Used to protect forms from spam and automated abuse. May use non-intrusive signals and minimal client-side storage to verify legitimate users.

Privacy Policy: https://www.cloudflare.com/privacypolicy/

Cloudflare Pages (Hosting & Edge Network)

This website is hosted on Cloudflare infrastructure. Cloudflare may process limited request-level data and provide aggregated, privacy-focused traffic statistics.

We do not use tracking-based analytics platforms.

Privacy Policy: https://www.cloudflare.com/privacypolicy/

5. Analytics Approach

We use privacy-focused, aggregated analytics provided by Cloudflare. These statistics:

  • Do not rely on cross-site tracking
  • Do not profile individual users
  • Are used only for high-level performance and usage insights

6. Managing Cookies

You can control or disable cookies through:

  • Your browser settings (block or delete cookies)
  • Privacy-focused browser extensions

Note that disabling essential cookies may affect website functionality, including form submission and security protections.

7. Data and Privacy

Any data collected through cookies or related technologies is handled in accordance with our Privacy Policy.

We prioritise minimal data collection and avoid unnecessary tracking technologies.

8. Updates to This Policy

This Cookie Policy may be updated periodically to reflect changes in infrastructure, services, or legal requirements.

9. Contact

If you have any questions regarding this Cookie Policy:

Sentinel Stack Pty. Ltd.
tel.: (07) 3260 0470

Open standalone page
Cookie and chat consent

This website uses essential browser storage for consent preferences and may load live chat tooling.