Let’s get your team trained and using Microsoft Copilot and moving your business forward. Click here to book +61 3 4803 4915Client PortalRemote Support
Belton IT Nexus
NZ AU
Contact us
01 Run

We become your IT department and own the day-to-day.

Managed IT Your whole environment, owned Managed Devices Endpoints, patched & tracked Microsoft 365 The workplace, managed Cloud & Azure Networks, Wi-Fi, voice
02 Protect

Security operations you can verify, and show.

24-Hour CyberSOC Security ops that don't clock off Compliance Reviews Aligned to Essential 8 & ISO Backup & Recovery Provably restorable Identity & Email MFA enforced, threats stopped
03 Improve

Honest strategy and predictable budgets.

IT Advisory & vCIO Honest, predictable plans AI & Copilot Where it genuinely helps Compliance & Governance Audit-ready evidence Projects & Consulting Build what you can't buy
Belton · Run / Protect / ImproveView all services ›
Professional Services

Firms that run on trust, time and confidential data.

Accounting Ledgers & client data Legal Privilege & matter files Business Advisory Plans & reporting Mortgage & Finance Loan files & AML/CFT Insurance Claims & client records Insurance Brokers Cover & premiums
Built & Made

Site, studio and floor, where uptime is the product.

Construction Sites & project files Architecture Drawings & large models Quantity Surveyors Cost data & big files Manufacturing Floor & ERP uptime Healthcare Patient data & privacy
Trade & Technology

Fast-moving operations that can't carry downtime.

Logistics Fleet, orders & tracking Retail & Wholesale POS & storefronts Technology Cloud-native teams Distribution Inventory & systems
Belton · Sector-specialised IT & securityAll industries ›
Guides & Frameworks

Plain-English playbooks for the controls that matter.

Essential Eight ASD's eight, explained DIY Cybersecurity Lock down the basics Cyber Standards Guide ISO, SMB1001 & more M365 Selection Guide Pick the right licences
Tools & Assessments

Self-serve checks that map where you stand.

Security Assessment Score your posture Network Assessment Find the weak spots M365 Security Checklist Find the gaps Cyber Insurance Readiness Be claim-ready
Reading & Learning

Get more from the tools you already pay for.

SME Tech Outlook 2026 Where NZ tech heads next Copilot Learning Hands-on with Copilot FAQ Straight answers CEO's Blog Plain-English views
Belton · Knowledge, not gatekeepingResource library ›
The Firm

A senior team with the skills and scale for any project.

About Belton Who we are, plainly How We Work Our delivery process Who We Work With The fit we look for Leadership Jason & Amy Agnew + team
Proof & Partners

The evidence behind the claims, and ways to build with us.

Case Studies Real outcomes, named Accreditations The proof behind the practice Industries Sector-specialised White-label / Partners Our bench, your brand
Connect

Real people, fast, no ticket-queue runaround.

Contact Us Talk to a human, today Book a Session A 90-minute discovery Find Us Newmarket, Auckland Remote Support Get help now
Belton IT Nexus · Est. 2004 · Newmarket, AucklandAbout us ›
Home/ Resources/ DIY Cybersecurity

Security basics you can do yourself

Practical steps to improve your security posture. No enterprise budget required.

8Fundamentals $0Budget to start TodayYou can begin now SMEBuilt for small business

Not every business can afford a full security team. But that does not mean you have to be an easy target. Most breaches exploit simple weaknesses. Reused passwords. Unpatched systems. Staff clicking links they should not. Fix these basics and you eliminate the majority of threats.

This guide covers the fundamentals. Things you can implement yourself, today, with minimal cost. They will not stop a nation-state attack. But they will stop the opportunistic criminals who target businesses without basic protections.

The basics
§01

Start with these eight fundamentals

Each closes a common attack vector
01 Enable multi-factor authentication everywhere Passwords get stolen. MFA means stolen passwords alone cannot grant access. Enable it on email, banking, cloud services, VPNs. Every login that matters. Use authenticator apps, not SMS where possible.
02 Use a password manager People reuse passwords because remembering unique ones is hard. Password managers solve this. They generate strong, unique passwords and remember them for you. Most have business plans that let you share credentials safely with staff.
03 Keep everything updated Most attacks exploit known vulnerabilities with available patches. Enable automatic updates on Windows, macOS, phones, browsers. Update your router firmware. Patch your web applications. Updates are free security fixes.
04 Back up your data properly Ransomware encrypts your files and demands payment. Good backups let you restore without paying. Follow the 3-2-1 rule: three copies, two different media types, one offsite. Test your restores. A backup that cannot be restored is not a backup.
05 Train your people Phishing works because people click without thinking. Regular, brief training keeps security awareness fresh. Teach staff to verify unexpected requests, hover over links before clicking, report suspicious emails rather than ignoring them.
06 Limit admin access Not everyone needs administrative privileges. Daily work should use standard accounts. Admin access only for tasks that require it. This limits damage when an account gets compromised.
07 Secure your email settings Configure SPF, DKIM, and DMARC records for your domain. These prevent attackers from sending emails that appear to come from your business. Most email providers offer guides. It takes an hour and costs nothing.
08 Know what you have You cannot protect what you do not know exists. Maintain a list of your devices, software, and cloud services. When vulnerabilities emerge, you will know what needs attention.

These fundamentals address the most common attack paths. Password attacks, unpatched vulnerabilities, phishing, and ransomware. Master them before worrying about advanced threats.

Security is a process, not a destination. Review these practices quarterly. Technology changes. New threats emerge. What protected you last year may not be enough next year.

When DIY is not enough.

These basics protect against opportunistic attacks. They may not be sufficient if you handle sensitive data, face regulatory requirements, or operate in a high-risk industry. If you are unsure about your risk level, a professional assessment can identify gaps you might miss.

We built this guide because good security information should not be locked behind consulting fees. These recommendations apply to businesses of any size. They require effort, not budget. If you find yourself needing more than basics, we can help. From security assessments to full managed protection. But start with these fundamentals. They matter more than any tool you can buy.

Ready for professional
security support?

A discovery & security session takes you from basic protection to a clear picture of your real risks. We review your setup, name the gaps, and give you the truth, whether or not you ever work with us.

Book the session Talk to a human
NEW ZEALAND OWNED & OPERATED EST. 2004
Sovereign by design

New Zealand owned and operated.

Sovereign data centres across New Zealand and Australia, with your data kept onshore wherever it's required. Our team understands New Zealand, and our leaders have built, scaled and secured businesses right across the New Zealand landscape.

Sovereign data centres · New Zealand & Australia
  • Auckland
  • Christchurch
  • Sydney
  • Melbourne
  • Brisbane
  • Perth
International data-centre operations
  • Singapore
  • Germany
  • Netherlands
  • USA

Servers available in minutes, not days.

Explore data centres & hosting →
Accredited partners
Microsoft Solutions Partner Fortinet Partner Lenovo Partner HP Partner Apple Business Manager