Backup and Ransomware Preparedness for Perth SMBs: Know You Can Restore Before You Have to Prove It

Your office manager comes in on a Monday and every file on the shared drive has been renamed with a strange extension. The accounting system will not open. There is a text file on the desktop with a payment address and a deadline. Someone asks the obvious question — “we have backups, right?” — and nobody in the room is quite sure when they were last tested, whether the attacker can reach them, or how long a restore would actually take. Backup and Ransomware Preparedness from Cyber by Exegesis is the engagement designed to answer that question on a calm Tuesday, not a panicked Monday.

The problem

Ransomware is consistently among the highest-impact cyber incidents reported by Australian SMBs. The ACSC Small Business Cyber Security Guide is direct about the control that matters most: regular, tested backups that an attacker on your network cannot reach. Almost every Perth SMB we talk to has something called a backup — a NAS in the cupboard, a cloud sync, a Veeam job somebody set up in 2021. Very few can answer the three questions that decide whether a ransomware event is a bad week or a closure event:

• Is the backup immutable or genuinely off-site, so the attacker cannot encrypt or delete it with the same credentials they used to encrypt production?
• When was the last successful restore test — not a backup job status, an actual file-and-system restore?
• How long would a full restore take, and what does the business do in the meantime?

If a ransomware incident also exposes personal information, the OAIC Notifiable Data Breaches scheme may apply, which adds a 30-day clock and a notification obligation on top of the operational crisis. Preparedness is what stops these two timers from colliding.

What Backup and Ransomware Preparedness does

Cyber by Exegesis runs a fixed-scope engagement covering the backup chain and the response plan together — because one without the other is not preparedness:

• A backup-chain review across frequency, retention, immutability, off-site separation, and credential isolation, mapped against ACSC Small Business Cyber Security Guide expectations.
• A restore test on a representative subset — file share, a database, and a critical line-of-business system — measuring actual time-to-restore rather than trusting the backup console.
• A ransomware response plan tailored to your business: who decides, who calls the bank, who calls the cyber insurer, who calls the OAIC if personal information is in scope.
• A 90-minute tabletop exercise walking your leadership team through a realistic Perth SMB ransomware scenario, including the moment somebody asks whether to pay.
• A short written report with the gaps, the fixes, and a 90-day review window.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. This engagement is preparedness, not incident response. We set the controls and rehearse the plan so the day it happens, your team already knows the next three phone calls.

How it works

1. We confirm engagement scope on a short call, identify the systems in scope, and request read-only access to your backup platform and a map of where production data lives.
2. We pull the current backup configuration, retention, and access model into a baseline report, flagging anything that an attacker with domain-admin credentials could reach.
3. We run a restore test on a representative subset and record the actual elapsed time, not the marketing number.
4. We sit with your leadership for 90 minutes and run a tabletop ransomware scenario, including the OAIC notification decision point if personal information is involved.
5. We leave you with the written report, the response plan document, and the 90-day review window.

Why this matters in Perth

Perth SMBs sit at the end of a long supply chain — mining services, engineering, logistics, professional services — where a few days of downtime cascades quickly into contractual penalties and lost site access. The time-zone gap with the eastern states also means that when a Perth business calls an east-coast incident responder at 7am local time, it is already mid-morning in Sydney and the queue is real. A Perth SMB that has tested its restores and rehearsed its response plan does not depend on that phone being answered immediately. The decisions are already made and the backups are already known to work.

Sources

• ACSC Small Business Cyber Security Guide: https://www.cyber.gov.au/protect-yourself/resources-protect-yourself/personal-cyber-security-guides
• ACSC Essential Eight Maturity Model (regular backups is one of the eight): https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
• OAIC Notifiable Data Breaches scheme: https://www.oaic.gov.au/privacy/notifiable-data-breaches
• ACCC Scamwatch (National Anti-Scam Centre): https://www.scamwatch.gov.au/
• Cyber by Exegesis — Backup and Ransomware Preparedness (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Backup and Ransomware Preparedness for Perth SMBs

We are sequencing engagements by sector and by backup platform. Join the waitlist with your sector and current backup tooling — we will tell you when we are ready to take a brief from your business.