MFA and Password Manager Setup for Brisbane SMBs: Make Phishing Stop Working Before It Costs You a Mailbox

Your office manager gets an email that looks exactly like a Microsoft 365 password expiry notice. She clicks, types her password into the page, and goes back to her morning. Two days later your bookkeeper notices a rule in her mailbox quietly forwarding every email containing the word “invoice” to an address nobody recognises. By then the attacker has been reading your correspondence for 48 hours and is choosing which client to impersonate. MFA and Password Manager Setup from Cyber by Exegesis is the engagement that closes that door for a Brisbane SMB before the email arrives.

The problem

ACCC Scamwatch consistently reports phishing as the most-reported scam category in Australia. The mechanics are simple: a convincing email or SMS, a fake login page, and a reused password. The ACSC Small Business Cyber Security Guide is blunt that the single highest-leverage control against credential phishing is multi-factor authentication on the accounts that matter — email, banking, accounting, and remote-access tools — paired with a password manager so staff stop reusing the same five passwords across every system.

Most Brisbane SMBs we speak to are in a partial state. MFA is on the owner’s mailbox but not on the bookkeeper’s. The password manager exists but only the IT contractor uses it. Recovery codes are written on a sticky note or, worse, nowhere — meaning the first time someone is locked out, the business panics and turns MFA off again. The control gap is small and inexpensive to close, but it is rarely closed properly without someone sitting down with each staff member.

What MFA and Password Manager Setup does

Cyber by Exegesis runs a fixed-scope, hands-on engagement targeting credential phishing specifically:

• Hands-on enrolment of multi-factor authentication across your most important accounts — email tenant (Microsoft 365 or Google Workspace), banking, super, accounting platform (Xero/MYOB), and remote-access tools.
• A password manager rolled out across staff, with each person walked through their first login, browser extension, and mobile app.
• Replacement of reused and weak passwords on the accounts that matter most, generated and stored inside the manager.
• Recovery-code storage guidance — printed, sealed, and stored somewhere the business can actually find them in a crisis, not on a sticky note under a keyboard.
• A 30-minute staff session on recognising phishing emails and SMS, with current Australian examples drawn from ACCC Scamwatch alerts.
• A short written report listing which accounts now have MFA, which password manager you are on, and where the recovery codes live.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. Our scope here is preventive hardening. We set the controls, train your team, and step back.

How it works

1. We confirm scope on a short call, list the accounts in scope per staff member, and choose a password manager that fits your business (we are not tied to a vendor).
2. We come on-site or run a screen-share session with each staff member to enrol MFA on their accounts and bring them into the password manager.
3. We rotate weak and reused passwords on the highest-value accounts and store the new ones in the manager.
4. We document recovery codes, seal them, and agree with the owner where they live.
5. We run the 30-minute phishing-recognition session and leave you with the written report and a 90-day check-in.

Why this matters in Brisbane

Brisbane’s SMB base skews toward trades, construction, healthcare, and professional services — businesses that run lean on internal IT and depend heavily on email and cloud accounting. That is exactly the operating pattern phishing campaigns target. The ACSC Small Business Cyber Security Guide names MFA and password managers as the two controls with the highest return for a small business, and ACCC Scamwatch reporting shows credential-phishing volume against Australian businesses is not slowing down. A Brisbane SMB that enrols MFA properly and gets every staff member onto a password manager closes the door phishing depends on — well before any of it becomes an OAIC notification under the Notifiable Data Breaches scheme.

Sources

• ACSC Small Business Cyber Security Guide: https://www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-cyber-security-guides
• ACCC Scamwatch (National Anti-Scam Centre): https://www.scamwatch.gov.au/
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — MFA and Password Manager Setup (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens MFA and Password Manager Setup for Brisbane SMBs

We are sequencing engagements by sector and by email tenant (Microsoft 365 first, Google Workspace second). Join the waitlist with your headcount, sector, and current email tenant — we will tell you when we are ready to take a brief from your business.