Some Common IT Issues Small Businesses in Sydney Face (and How to Fix Them)
1) Slow internet or drops—especially during peak times
Symptoms: Video calls glitch, cloud apps time out, Wi‑Fi keeps disconnecting.
Quick checks:
-
Power‑cycle the modem/router.
-
Test with Ethernet cable vs Wi‑Fi to isolate Wi‑Fi issues.
-
Use your provider’s app or the nbn® network status page to confirm an area outage.
Improvements: -
Use a business‑grade router and enable 4G/5G failover so the office keeps working during nbn® outages.
-
Add an extra Wi‑Fi access point for better coverage; place it away from microwaves and cordless phones.
We can help with: selecting the right router, setting failover, and optimising Wi‑Fi.
2) Weak passwords and no MFA on business accounts
Why this matters: Most account takeovers succeed where MFA isn’t enabled.
Quick win: Turn on Security Defaults in Microsoft 365/Entra ID to require MFA for all users.
Better: Use Authenticator app or a FIDO2 key; phase‑out SMS codes; block legacy protocols; review sign‑in alerts monthly.
We can help with: MFA rollout without locking out users, device registration, and Conditional Access for advanced scenarios.
3) “We thought OneDrive was a backup”—until ransomware struck
Reality check: Cloud sync is not the same as a versioned, offsite backup. If files are encrypted or deleted, synced copies may also be affected.
Fix: Adopt a 3‑2‑1 backup strategy (3 copies, 2 media, 1 offsite), schedule daily backups of Microsoft 365 and critical devices, and test restores quarterly.
We can help with: choosing a right‑sized backup tool, automating backups, and running restore drills.
4) Out‑of‑date Windows/macOS and apps
Risk: Unpatched software is a common way attackers get in.
Quick win: Turn on automatic updates.
Better: Centralise patching (e.g., Microsoft Intune for Windows), set a monthly schedule with maintenance windows, and test updates on a small pilot group first.
We can help with: setting policy, monitoring update health, and fast‑tracking critical patches.
A Plain‑English Guide to the Essential Eight (Level 1)
1) Application control
Goal: Only allow approved (trusted) apps to run.
Quick start: Tighten browser extensions; block unsigned apps; remove Java where not needed.
Next step: Use allow‑lists via Intune or similar.
2) Patch applications
Goal: Fix known software flaws fast.
Quick start: Turn on auto‑updates for browsers, Office, Adobe.
Next step: Monthly patch window and a pilot group.
3) Configure Microsoft Office macro settings
Goal: Stop malicious macros from running.
Quick start: Block macros from the internet; only allow macros signed by you.
Next step: Enforce via Intune/Group Policy.
4) User application hardening
Goal: Reduce attack surface in browsers and common apps.
Quick start: Disable Flash/Java; prevent Office from creating child processes; turn on Attack Surface Reduction (ASR) rules.
Next step: Apply vendor baselines and review quarterly.
5) Restrict administrative privileges
Goal: Use admin accounts only when needed.
Quick start: Separate admin and everyday accounts; use Just‑In‑Time elevation where possible.
Next step: Review admin group membership monthly.
6) Patch operating systems
Goal: Keep Windows/macOS current.
Quick start: Auto‑update OS; don’t skip security updates.
Next step: Centralise with Intune/MDM and monitor compliance.
7) Multi‑factor authentication (MFA)
Goal: Stop account takeovers.
Quick start: Turn on Security Defaults (MFA for all).
Next step: Move toward phishing‑resistant MFA (FIDO2), block legacy auth, and review risky sign‑ins weekly.
8) Regular backups
Goal: Recover quickly from mistakes, failures or ransomware.
Quick start: Daily cloud backups for Microsoft 365 and critical devices; keep versions for at least 30–90 days.
Next step: Test restores quarterly; keep an offline copy for the most important data.
How to get started this month
-
Week 1: Turn on Security Defaults (MFA) and harden Office macros.
-
Week 2: Enable auto‑updates for OS and apps; schedule monthly patching.
-
Week 3: Implement domain email protection (SPF/DKIM/DMARC) and review admin accounts.
-
Week 4: Set up a 3‑2‑1 backup plan and run a restore test.
Case Study:
1) “My PC is so slow”
-
Situation: 6‑year‑old Windows laptop; 4GB RAM; HDD; heavy browser tabs; AV conflicts.
-
Actions: SSD upgrade, +8GB RAM, remove bloatware/startup apps, OS & driver updates, browser hygiene, malware scan.
-
Result: Boot time from 4m20s → 28s; 3× faster load times in Office; happier staff.
-
Lesson: Hardware refresh + basic hygiene extends life 2–3 years.
2) “We were locked out of Microsoft 365”
-
Situation: Account phished; MFA not enabled; inbox rules forwarding mail out.
-
Actions: Reset passwords, kill sessions, enable MFA, remove malicious rules, review sign‑ins, raise secure score, tenant alerting.
-
Result: Account restored within hours; zero data loss.
-
Lesson: MFA + alerting would have prevented this.
3) “Files encrypted—what now?”
-
Situation: Ransomware via malicious attachment; files synced to cloud.
-
Actions: Isolate devices, disable sync, restore from backups/versions, rotate creds, incident post‑mortem.
-
Result: Same‑day restore; policies tightened.
-
Lesson: Tested backups and ASR rules shorten downtime.
Need help? Ocean Tech Support provides remote IT support across Australia and onsite service across Greater Sydney. Call us or Request IT Support on the website. We’ll fix issues fast and set you up to avoid them next time.