This paper provides information to small business owners about computer security risks that could potentially impact their organizations and customers, and effective mitigation strategies they can be employed to protect their businesses. A cost-effective strategy consists of the implementation and regular review of technical prevention measures to restrict access to IT hardware and infrastructure. These prevention measures include strategies, such as ensuring that application and operating system patches are up-to-date and automated; enabling firewalls; using effective anti-malware software; implementing secure sites for customers to provide personal information while restricting administrative privileges for IT systems; developing organizational policies and staff training; informing employees about the proper and secure use of business resources; implementing password management and user access measures; and providing physical security. Small businesses in Australia are still in the early stages of ensuring that they remain safe in the ever-changing online environment. The risks for businesses and their online customers are likely to morph and potentially increase. Therefore, it is advantageous for a business to take steps to implement a security strategy and ensure that it is kept up to date to address future threats. Table and references