Frequently Asked Questions

What is managed IT support?

Managed IT support is when you outsource the management and maintenance of your IT environment to a specialist provider (an MSP) for a fixed monthly fee. Instead of calling someone when something breaks, your MSP proactively monitors, maintains, patches, and secures your systems to prevent problems before they happen. It typically includes helpdesk support, security, backup, cloud management, and strategic IT planning.

What is the difference between managed IT and break-fix?

Break-fix means you only call an IT provider when something goes wrong, and you pay per incident or per hour. There is no monitoring, no proactive maintenance, and no ongoing relationship. Managed IT is the opposite: your provider monitors and maintains your systems continuously, resolves issues proactively, and you pay a predictable monthly fee. Managed IT is almost always cheaper in the long run because it prevents the expensive outages and emergencies that break-fix clients experience regularly.

What is an MSP?

MSP stands for Managed Service Provider. It is a company that manages and supports your IT infrastructure and systems on an ongoing basis. An MSP acts as your outsourced IT department, handling everything from helpdesk support and security to cloud management and strategic planning. An MSSP (Managed Security Service Provider) is an MSP with a specific focus on cyber security services.

How much does managed IT support cost in Australia?

Managed IT support pricing in Australia typically ranges from $120 to $250 per user per month, depending on the size of your business, the complexity of your environment, and the level of service included. This usually covers helpdesk support, monitoring, patching, security, backup, and cloud management. We provide a fixed monthly price with no hidden fees after an initial assessment of your environment.

What size businesses do you work with?

We work with small and medium businesses with 5 to 100 employees across South East Queensland. Our clients range from sole practitioners and small offices through to multi-site businesses with staff across several locations. If your business relies on technology and you do not have an in-house IT team (or your in-house IT person needs backup), we can help.

Do you lock clients into long-term contracts?

No. We operate on flexible month-to-month terms. We do not lock you into 12, 24, or 36-month contracts. Most of our clients start month-to-month and stay for years because the service is good, not because a contract forces them to. If we are not delivering, you can leave.

Do you provide onsite support?

Yes. We provide both remote and onsite support across the Gold Coast, Brisbane, Ipswich, and the broader South East Queensland region. Most issues are resolved remotely, but when something needs hands on the ground, we come to you. We also provide remote support to businesses anywhere in Australia.

What is the Essential Eight?

The Essential Eight is a set of eight cyber security strategies recommended by the Australian Cyber Security Centre (ACSC) to help organisations protect themselves against cyber threats. The eight strategies are: application control, patching applications, configuring Microsoft Office macro settings, user application hardening, restricting administrative privileges, patching operating systems, multi-factor authentication, and regular backups. It is considered the baseline standard for cyber security in Australia and is increasingly referenced by insurers, regulators, and clients.

What is endpoint detection and response (EDR)?

EDR is a security technology that monitors your computers and devices for suspicious activity, detects threats in real time, and can automatically respond to contain and remediate attacks. It goes well beyond traditional antivirus software. Where antivirus relies on known threat signatures, EDR uses behavioural analysis to detect threats that have never been seen before, including ransomware, fileless attacks, and advanced persistent threats.

What is multi-factor authentication (MFA)?

MFA requires users to verify their identity using two or more methods when logging in. Typically this means entering your password plus a code from an authenticator app on your phone, or approving a push notification. MFA prevents the vast majority of account compromises because even if an attacker steals your password, they cannot access your account without the second factor. It is one of the single most effective security controls any business can implement.

What is business email compromise (BEC)?

BEC is a type of cyber attack where criminals gain access to or impersonate a business email account to trick people into transferring money, sharing sensitive data, or providing access to systems. Common examples include fake invoices from “suppliers” with updated bank details, emails from “the director” requesting urgent fund transfers, and intercepted settlement instructions in property or legal transactions. BEC is one of the most financially damaging cyber threats in Australia.

Do small businesses really get targeted by cyber attacks?

Yes. Small and medium businesses are frequently targeted because they often have weaker security than larger organisations while still holding valuable data: client records, financial information, payment details, and personal identification. Attackers know that many SMBs do not have dedicated security teams or proper protections in place. According to the Australian Treasury, the average cost of a cyber incident for an Australian SMB is approximately $46,000.

What is dark web monitoring?

Dark web monitoring scans underground forums, marketplaces, and data dumps where stolen credentials are traded and sold. If your business email addresses, passwords, or other credentials appear in a breach, we are alerted and can take immediate action: resetting passwords, enforcing MFA, and investigating whether any of your systems have been accessed using those compromised credentials.

Can you help us get cyber insurance?

Yes. Cyber insurers require specific security controls to be in place before they will approve or renew a policy. The controls we implement as standard, including MFA, endpoint protection, EDR, patching, tested backups, and email security, are exactly what insurers look for. We provide the documentation and evidence your insurer needs.

What is SMB1001?

SMB1001 is a cyber security certification framework designed specifically for small and medium businesses. It was developed by Dynamic Standards International (DSI) and provides a tiered approach to improving your security posture, starting with foundational controls and progressing through five levels: Bronze, Silver, Gold, Platinum, and Diamond. Each tier builds on the last, allowing businesses to improve at a pace that suits their size, budget, and risk profile. SMB1001 is increasingly recognised by insurers, enterprise clients, and government procurement teams in Australia.

What is the difference between SMB1001 and ISO 27001?

ISO 27001 is the international gold standard for information security management. It requires a full Information Security Management System (ISMS), extensive documentation, risk assessments, internal and external audits, and ongoing maintenance. It is comprehensive but resource-intensive and expensive, which puts it out of reach for many small businesses.

SMB1001 was designed specifically for SMBs who need credible, recognised security certification without the cost and complexity of ISO 27001. It focuses on implementing specific security controls and verifying they work, rather than building an entire management system. It is more affordable, faster to achieve, and tailored to the practical realities of running a small business with limited resources.

The two are not competing standards. SMB1001 aligns with ISO 27001 principles and can serve as a stepping stone. Businesses that achieve SMB1001 Gold or Platinum build the governance foundation, documentation, and security discipline that makes a future ISO 27001 certification significantly easier to achieve if they need it.

What are the SMB1001 certification tiers?

SMB1001 has five tiers. Bronze covers foundational controls like backups, antivirus, and MFA. Silver adds consistent security policies and basic monitoring. Gold introduces advanced access controls, proactive incident response, and AI governance. Platinum requires external audit for higher assurance. Diamond represents full security maturity and advanced threat resilience. Most small businesses start at Bronze or Silver and work toward Gold over time.

How much does SMB1001 certification cost?

The certification registration fee through CyberCert is relatively affordable compared to ISO 27001. The main cost is in implementing the required security controls, which varies depending on your starting point. Many of the controls required for Bronze and Silver, such as MFA, patching, backups, and endpoint protection, are things your business should already have in place. For businesses on our managed IT plans, many of the Gold-level controls are already built into the service.

Do I need ISO 27001 or is SMB1001 enough?

For most small and medium businesses in Australia, SMB1001 is sufficient. ISO 27001 is typically required by larger enterprises, government contracts, or businesses handling extremely sensitive data at scale. If your clients or tender requirements specifically ask for ISO 27001, then you may need it. But for the majority of SMBs, SMB1001 provides a credible, recognised certification that satisfies clients, insurers, and regulators at a fraction of the cost and complexity. If a tender asks for “ISO 27001 or equivalent”, SMB1001 is increasingly accepted as that equivalent for smaller vendors.

What is CyberCert?

CyberCert is the platform used to register, assess, and certify businesses under the SMB1001 framework. It manages the certification process and issues the digital certificates and trust marks that businesses can display to demonstrate their certification level. SEQ IT is an official CyberCert Certification Partner, which means we can guide your business through the certification process at any level.

What is the Australian Privacy Act and how does it affect my business?

The Privacy Act 1988 (Cth) governs how Australian businesses collect, use, store, and disclose personal information. If your business has an annual turnover of $3 million or more, or operates in healthcare, or is a not-for-profit, you are likely covered by the Australian Privacy Principles (APPs). You are required to protect personal information, notify individuals and the OAIC in the event of an eligible data breach (under the Notifiable Data Breaches scheme), and have a published privacy policy.

Should my business use Microsoft 365 or Google Workspace?

It depends on how your team works. Microsoft 365 is stronger for businesses that rely on desktop applications (Word, Excel, Outlook), need advanced security and compliance features, or operate in industries where Microsoft integrations are standard. Google Workspace is simpler, often more intuitive for teams that live in their browser, and offers a strong free tier for eligible not-for-profits. As both a Microsoft Partner and a Google Partner, we recommend the platform that fits your business rather than the one that benefits us.

What is Microsoft Copilot?

Microsoft Copilot is an AI assistant integrated into Microsoft 365 applications including Word, Excel, PowerPoint, Outlook, and Teams. It can draft emails, summarise documents, generate presentations, analyse spreadsheets, and transcribe meetings. It uses your organisation’s data within your Microsoft 365 tenant, which means it operates within your security boundary rather than sending data to public AI services. We help businesses configure Copilot securely and develop usage policies for their team.

Is my business eligible for free Microsoft 365 or Google Workspace?

If your organisation is a registered charity, not-for-profit, or has recognised charitable status with the ACNC, you are likely eligible for free Microsoft 365 Business Basic licences (up to 300 users) and heavily discounted premium licences through the Microsoft Nonprofit Programme. Google provides free Workspace licences to eligible NFPs through Google for Nonprofits. We handle the application and setup process for both platforms.

Can you migrate us from one platform to another?

Yes. We handle migrations between Microsoft 365 and Google Workspace in both directions, as well as migrations from on-premises email servers, hosted exchange, or other providers. This includes email, calendar, contacts, files, and shared drives. We plan migrations to minimise disruption and typically complete them with zero downtime for your team.

Is it safe for my staff to use ChatGPT?

It depends on how they use it. The risk is when staff enter confidential client data, financial information, or sensitive business details into public AI tools. That data may be stored, used to train models, or exposed in ways you did not intend. We help businesses develop AI usage policies that define which tools are approved, what data can and cannot be entered, and how AI outputs should be reviewed. We also configure enterprise AI tools like Microsoft Copilot and Google Gemini within your secure environment so your team can use AI safely.

What is the difference between ChatGPT, Copilot, and Gemini?

ChatGPT is made by OpenAI and is available as a standalone product. Microsoft Copilot is built into Microsoft 365 and operates within your organisation’s secure tenant. Google Gemini is integrated into Google Workspace. The key difference for businesses is data security: Copilot and Gemini (when configured within your business platform) keep your data inside your environment, while the free versions of ChatGPT process data on public servers. We recommend using enterprise AI tools configured within your existing platform wherever possible.

Can AI help my business be more productive?

Yes. AI tools can draft emails, summarise documents, generate reports, analyse data, create marketing content, and automate routine tasks. For small businesses with limited staff, AI can significantly reduce the time spent on administrative work. The key is adopting it safely with clear policies, the right tools configured securely, and staff who understand what they can and cannot do with it.

How do we get started?

We start with a free consultation. We talk through your business, your current IT setup, and what is and is not working. From there, we conduct an assessment of your environment and provide a proposal with a fixed monthly price. If you decide to proceed, we onboard your business onto our managed services platform, which typically takes one to two weeks. There is no obligation at any stage.

What areas do you service?

We provide onsite support across South East Queensland, including the Gold Coast, Brisbane, Ipswich, Logan, Sunshine Coast, and Toowoomba. We also provide remote support to businesses anywhere in Australia.

What certifications does SEQ IT hold?

We are SMB1001 Gold certified, an official CyberCert Certification Partner, a Microsoft Partner, and a Google Partner. We were also recently recognised by Huntress as Queensland’s fastest-growing business in our category.

What industries do you specialise in?

We work with businesses across a range of industries including healthcare, accounting and finance, legal, professional services, property and real estate, retail and franchise, wholesale and distribution, and not-for-profit organisations. Each of our industry pages provides detailed information about how we support that specific sector.

Can you help if we already have an in-house IT person?

Yes. We offer co-managed IT services where we work alongside your internal IT staff. We can handle the areas they do not have time for or expertise in, such as security, compliance, cloud management, and after-hours monitoring, while they focus on day-to-day support and internal projects.