The steps

  1. Use unique strong passwords per system (password manager)
  2. Enable two-factor authentication on email, NDIS Commission portal, PRODA, software
  3. Encrypt laptops and phones
  4. Use Australian-hosted, security-certified software where possible
  5. Train staff in phishing recognition
  6. Have a written cybersecurity policy
  7. Carry cyber liability insurance

Common mistakes to avoid

  • Shared passwords across the team
  • No 2FA on critical systems
  • No staff training (most breaches are phishing)