YSYarra Secure

Services

Every service, clearly scoped and priced

Four categories: cyber security, IT setup, training & policies, and ongoing support. Every service states who it's for, what's included, what's not, and the price. Prices are in AUD. GST treatment to be confirmed with Yarra Secure's accountant before publication of whether prices are inclusive or exclusive of GST.

Cyber Security Services

Audits, fraud protection, and fixes for the risks that actually cost small businesses money.

$1,500

Quick Cyber Risk Review

A 48-hour, plain-English review of your public-facing security posture and the everyday processes scammers exploit first.

Who it is for

Small businesses that want fast, honest answers about their biggest cyber risks without committing to a large project.

The problem it solves

Most owners do not know whether their email domain can be impersonated, whether their website leaks obvious weaknesses, or whether one convincing email could redirect a client payment.

What is included
  • Public-facing review of your website and domain settings
  • Email and domain posture snapshot (SPF, DKIM, DMARC presence and configuration signals)
  • Website basics snapshot: TLS, security headers, exposed admin paths, visible software signals
  • Structured questionnaire covering invoice handling, payment-change verification, MFA, and backups
  • A short, prioritised action plan written for owners
What is not included
  • Intrusive or authenticated testing of any system
  • Penetration testing or exploitation of any kind
  • Changes to your systems
  • Compliance certification of any framework
What you provide
  • Business and domain details
  • Completed questionnaire (about 20 minutes)
  • A contact who can answer process questions
Deliverables
  • Short written report with risk snapshot and evidence
  • Prioritised action plan
  • 15-minute walkthrough call on request

Timeline

48 hours from receiving the completed questionnaire (business days).

Boundaries

Public-facing and questionnaire-based only. No testing of systems beyond publicly visible information without separate written authorisation.

Book a Quick Cyber Risk Review

$3,500

Essential Cyber Health Check

A structured 5–7 day review of accounts, email security, website, backups, and policies, with a prioritised remediation roadmap.

Who it is for

Established small businesses and practices that handle client data, invoices, and payments and want a documented baseline.

The problem it solves

Accounts accumulate, staff change, settings drift, and nobody owns the security basics. A single compromised mailbox or stale admin account can become an expensive incident.

What is included
  • Account and MFA review checklist across your key systems
  • Email security configuration review (SPF, DKIM, DMARC, forwarding rules, recovery settings)
  • Website and contact-form handling check
  • Backup and recovery checklist review
  • Policy gap summary against a practical small-business baseline
  • Prioritised remediation roadmap with effort estimates
What is not included
  • Intrusive testing or exploitation
  • Hands-on remediation (available separately via sprints)
  • Formal compliance audit or certification
What you provide
  • Read-only or screen-share access to agreed settings, or screenshots
  • List of key systems and who administers them
  • Time with the owner or office manager for two short sessions
Deliverables
  • Written health check report with findings and risk ratings
  • Remediation roadmap ordered by risk and effort
  • Walkthrough call

Timeline

5 to 7 business days.

Boundaries

Review and recommendations only. Configuration changes remain the client's decision and responsibility unless a sprint is engaged.

Book an Essential Cyber Health Check

$7,500

14-Day Cyber & AI Protection Sprint

A hands-on two-week sprint that closes the most common gaps: MFA, email authentication, invoice fraud controls, staff awareness, and a safe AI-assisted enquiry workflow.

Who it is for

Businesses ready to fix the basics properly in one focused block instead of dragging changes out over months.

The problem it solves

Knowing the gaps is not the same as closing them. Most small teams never get past the report stage because nobody has time to drive the changes.

What is included
  • MFA rollout and admin account cleanup guidance, working alongside your team
  • SPF, DKIM, and DMARC recommendations and implementation support with your IT or hosting provider
  • Invoice and payment-change verification SOP, tailored to your workflow
  • Staff scam awareness cheat sheet for your team
  • Website basics uplift recommendations (TLS, headers, forms, admin exposure)
  • One low-risk AI-assisted enquiry workflow set up with clear data boundaries
  • Final report and 30-day action plan
What is not included
  • Penetration testing
  • New software licences or paid tooling (recommended only with your approval)
  • Guaranteed prevention of any incident
What you provide
  • A decision-maker available for two short check-ins per week
  • Access coordination with your IT provider or hosting company
  • Approval for each change before it is made
Deliverables
  • Implemented controls as agreed in the sprint plan
  • Payment-change verification SOP document
  • Staff cheat sheet
  • Final report and 30-day action plan

Timeline

14 days from kickoff.

Boundaries

All changes are approved by the client before implementation. Yarra Secure advises and assists; the client remains the owner of systems and decisions.

Book a sprint scoping call

$12,500

Premium Security Sprint

Everything in the 14-day sprint plus staff training, an incident response runbook, a tailored policy pack, extra workflow automation, and a 30-day support window.

Who it is for

Businesses with more staff, more systems, or higher trust obligations — clinics, legal practices, NDIS providers, multi-site trades.

The problem it solves

Higher-trust businesses need more than fixed settings: staff who can spot scams, policies that hold up to client and insurer questions, and a plan for the first hours of an incident.

What is included
  • Everything in the 14-Day Cyber & AI Protection Sprint
  • Live staff cyber awareness training session
  • Incident response runbook tailored to your business
  • Practical policy pack (privacy, acceptable use, access, incident reporting, AI use, payment-change verification)
  • Additional secure workflow automation support
  • 30-day post-sprint support window for questions and tuning
What is not included
  • Penetration testing
  • Legal sign-off on policies (adviser review recommended)
  • 24/7 monitoring or guaranteed emergency response
What you provide
  • Staff availability for one training session
  • A decision-maker for weekly check-ins
  • Change approvals as for the standard sprint
Deliverables
  • All 14-day sprint deliverables
  • Training attendance record and materials
  • Incident response runbook
  • Tailored policy pack with adviser-review notes

Timeline

14 days of implementation plus a 30-day support window.

Boundaries

Policies are practical templates requiring legal review. The support window covers advice and tuning, not emergency incident response.

Discuss a Premium Sprint

$2,000–$4,000Depends on site size and platform.

Authorised Website Security Baseline Review

A non-invasive review of your website's security baseline: TLS, headers, exposed admin paths, form handling, CMS and plugin hygiene, backups, and owner recovery path.

Who it is for

Businesses whose website takes enquiries, bookings, or payments, or whose brand would be damaged by a defacement or outage.

The problem it solves

Websites are usually set up once and left. Outdated plugins, exposed admin pages, weak form handling, and unclear hosting ownership are common and quietly dangerous.

What is included
  • TLS and security header review
  • Exposed admin path and software signal review
  • Contact and booking form handling check (where do enquiries actually go?)
  • CMS and plugin hygiene checklist (WordPress and similar platforms)
  • Backup and restore-path review
  • Owner recovery path: can you regain control if your developer disappears?
What is not included
  • Intrusive vulnerability scanning or penetration testing unless a separate written testing scope is signed
  • Code review of custom applications (separately scoped)
  • Fixing the issues (available via sprints or your developer)
What you provide
  • Written authorisation from the website owner
  • Hosting and CMS details, or your developer's contact
Deliverables
  • Baseline report with evidence and risk ratings
  • Fix list for your developer or host
  • Owner action list

Timeline

5 business days.

Boundaries

Non-invasive by default. Any active testing beyond public observation requires a signed testing scope with explicit written authorisation.

Request a website review

$3,000–$6,000Depends on business size and systems.

Incident Readiness & First-24-Hours Support Pack

Be ready before something goes wrong: a tailored readiness pack, emergency contact tree, evidence preservation checklist, and a coordination guide for insurers, lawyers, and escalation.

Who it is for

Businesses that would face serious client, regulatory, or financial consequences from a breach and want a tested plan rather than panic.

The problem it solves

The first 24 hours of an incident decide most of the damage. Without a plan, businesses lose evidence, miss notification obligations, and make the situation worse.

What is included
  • Incident readiness assessment of your current state
  • Tailored first-24-hours runbook
  • Emergency contact tree (internal, IT, bank, insurer, legal)
  • Evidence preservation checklist
  • Insurer, lawyer, and escalation coordination guide
  • Notifiable Data Breaches scheme awareness briefing (general guidance, not legal advice)
  • Optional tabletop walkthrough exercise
What is not included
  • Guaranteed emergency incident response or forensic investigation
  • Legal advice on notification obligations (escalate to a lawyer)
  • 24/7 on-call coverage unless separately agreed in writing
What you provide
  • System and contact details for the runbook
  • Time for one working session and optional tabletop exercise
Deliverables
  • Readiness report
  • First-24-hours runbook and contact tree
  • Evidence preservation checklist

Timeline

5 to 10 business days depending on scope.

Boundaries

This is preparation, not incident response. Live incident support is subject to availability and a separate written agreement. Forensics, legal, and insurance matters are escalated to qualified professionals.

Get incident ready

IT Setup Services

Practical Melbourne small-business tech setup — workstations, laptops, email, backups — done securely from day one.

From $250–$450Per workstation; Melbourne on-site call-out from $180, remote support from $120/hour.

Workstation, Monitor & Dock Setup

Monitors, docks, and desks set up properly: tidy, ergonomic, updated, and locked down with the basics from day one.

Who it is for

Melbourne offices and home-office professionals who want desks that just work — without a cable spaghetti or default passwords left behind.

The problem it solves

New gear usually gets plugged in, not set up: wrong resolutions, unstable docks, no screen lock, default settings, and an afternoon of staff frustration.

What is included
  • Monitor, dock, keyboard, and peripheral setup and arrangement
  • Display configuration (resolution, scaling, multi-screen layout)
  • Driver and firmware updates for docks and peripherals
  • Screen lock, sensible power settings, and login basics
  • Cable tidy-up and a quick handover walkthrough
What is not included
  • Licensed electrical work, new power points, or structured cabling
  • Desk/furniture assembly
  • Hardware purchases (we can advise; you buy direct)
What you provide
  • The hardware on site
  • Access to the workspace and accounts being set up
Deliverables
  • Working, tidy workstation(s)
  • A short note of what was configured

Timeline

Usually 1–2 hours per workstation, booked at a time that suits.

Boundaries

No licensed electrical work, structured cabling, or security camera/alarm installation — where that is needed we help you brief a licensed trade. Hardware, software, and licence costs are paid by you directly. Third-party hardware and software is set up carefully but cannot be guaranteed to work perfectly in every combination.

Book a workstation setup

From $450–$900Per device, depending on migration needs.

New Laptop / Desktop Secure Setup

New computers set up securely: accounts, encryption, MFA, updates, backups, and your data moved across — done once, done right.

Who it is for

Business owners and small teams unboxing new machines who want them business-ready and secure, not factory-default.

The problem it solves

A factory-default laptop has no encryption, no MFA, no backup, and an admin account used for everything — the gaps that turn a stolen laptop into a data breach.

What is included
  • Business account setup with a separated admin account
  • Disk encryption enabled and recovery key stored safely
  • Operating system and application updates
  • MFA on the key accounts, password manager installed
  • Email, printer, and file access connected
  • Data migration from the old device (where in scope)
  • Backup connected and verified
What is not included
  • Hardware repairs or warranty claims
  • Software licence purchases (you buy direct)
  • Recovery of data from failed devices (specialist referral)
What you provide
  • The device and licence logins
  • Time for a brief handover
Deliverables
  • Business-ready device
  • Setup summary including encryption recovery key location

Timeline

Typically same-day per device; migrations may take longer.

Boundaries

No licensed electrical work, structured cabling, or security camera/alarm installation — where that is needed we help you brief a licensed trade. Hardware, software, and licence costs are paid by you directly. Third-party hardware and software is set up carefully but cannot be guaranteed to work perfectly in every combination.

Book a secure device setup

From $900–$2,500Scope-dependent bundle; quoted in writing after a quick walkthrough.

Small Office Tech Setup

A whole small office set up to work: workstations, printer/scanner, Wi-Fi and router basics, shared files, and secure defaults throughout.

Who it is for

New offices, fit-outs, and growing Melbourne teams of 2–15 who want everything working on day one.

The problem it solves

Office tech accumulates piecemeal — a printer nobody can find, Wi-Fi on the default password, files scattered across personal accounts.

What is included
  • Workstation and peripheral setup across the office
  • Printer/scanner setup and sharing
  • Wi-Fi and router basics: strong admin password, current firmware, guest network separated
  • Shared file structure in your Microsoft 365 / Google Workspace
  • Secure defaults: screen locks, updates, MFA on key accounts
  • A one-page 'how our office tech works' note for the team
What is not included
  • Licensed electrical work or new cabling runs (licensed trades; we can help brief them)
  • Security cameras or alarm systems
  • Enterprise networking (managed switches, VLAN design) — referred where needed
What you provide
  • Hardware purchased (we can advise beforehand)
  • Internet service active
  • Access to the premises
Deliverables
  • Working office
  • Configuration summary and team note

Timeline

Usually 1–3 days depending on office size.

Boundaries

No licensed electrical work, structured cabling, or security camera/alarm installation — where that is needed we help you brief a licensed trade. Hardware, software, and licence costs are paid by you directly. Third-party hardware and software is set up carefully but cannot be guaranteed to work perfectly in every combination.

Get an office setup quote

From $750–$2,500Depends on team size and migration needs.

Microsoft 365 / Google Workspace Setup

Business email on your own domain, set up securely: accounts, MFA enforced, email authentication (SPF, DKIM, DMARC), and shared files that make sense.

Who it is for

Businesses starting fresh, moving off personal Gmail/Outlook addresses, or untangling a setup that grew without a plan.

The problem it solves

Email is the front door of the business, and most small-business tenants are set up in a hurry: no MFA enforcement, no email authentication, admin access shared around.

What is included
  • Tenant/workspace setup or review on your own domain
  • User accounts with MFA enforced from day one
  • Email authentication: SPF, DKIM, and DMARC configured
  • Shared mailboxes (accounts@, info@) set up properly
  • File sharing structure (SharePoint/Drive) with sensible permissions
  • Mail migration from existing accounts (where in scope)
  • Admin handover: you own the tenant, documented
What is not included
  • Subscription costs (billed to you directly by Microsoft/Google)
  • Complex hybrid/on-premises migrations (scoped separately or referred)
  • Ongoing administration (see Ongoing Support)
What you provide
  • Domain registrar access
  • Decisions on accounts and licences
  • Subscription payment details
Deliverables
  • Working, secured tenant
  • Email authentication live
  • Admin documentation

Timeline

Typically 2–5 business days including migration windows.

Boundaries

No licensed electrical work, structured cabling, or security camera/alarm installation — where that is needed we help you brief a licensed trade. Hardware, software, and licence costs are paid by you directly. Third-party hardware and software is set up carefully but cannot be guaranteed to work perfectly in every combination.

Set up business email properly

From $350–$1,200Depends on systems covered.

Backup Setup

Automatic, separated, tested backups for the data your business cannot lose — with a restore path you have actually seen work.

Who it is for

Any business whose files, accounts, or client records exist in exactly one place right now.

The problem it solves

Most small businesses believe they are backed up because files are 'in the cloud' — but sync is not backup, and the first test of a restore shouldn't be during a disaster.

What is included
  • Backup needs review: what matters, where it lives
  • Backup tool setup with automatic schedules
  • Separation from day-to-day credentials (so account takeover doesn't take the backups too)
  • A test restore performed with you watching
  • A one-page recovery card: who does what, how long it takes
What is not included
  • Backup subscription/storage costs (paid by you)
  • Recovery from existing data loss (specialist referral)
  • Enterprise backup platforms
What you provide
  • Access to the systems being protected
  • Backup service subscription (we advise, you purchase)
Deliverables
  • Working automatic backups
  • Successful test restore
  • Recovery card

Timeline

Usually 1–2 days including the test restore.

Boundaries

No licensed electrical work, structured cabling, or security camera/alarm installation — where that is needed we help you brief a licensed trade. Hardware, software, and licence costs are paid by you directly. Third-party hardware and software is set up carefully but cannot be guaranteed to work perfectly in every combination.

Get backups sorted

From $450–$1,500Depends on team size.

Password Manager & MFA Setup

A password manager rolled out across your team and MFA switched on for the accounts that matter — the two highest-value security upgrades a small business can make.

Who it is for

Teams still sharing passwords by text and spreadsheet, or owners who know MFA matters but haven't had time to roll it out cleanly.

The problem it solves

Reused passwords and missing MFA are behind most small-business account takeovers. The fix is well known; the rollout is what never happens.

What is included
  • Password manager selection guidance and business account setup
  • Team rollout: vaults, sharing groups, browser setup on each user
  • MFA enabled on email, accounting, banking-adjacent, and admin accounts
  • Recovery codes stored safely and documented
  • A 20-minute team walkthrough so everyone actually uses it
What is not included
  • Password manager subscription costs (paid by you)
  • Ongoing account administration
What you provide
  • Team availability for short setup sessions
  • Subscription payment details
Deliverables
  • Working team password manager
  • MFA coverage on key accounts
  • Recovery documentation

Timeline

Usually 1–2 days for teams up to 15.

Boundaries

No licensed electrical work, structured cabling, or security camera/alarm installation — where that is needed we help you brief a licensed trade. Hardware, software, and licence costs are paid by you directly. Third-party hardware and software is set up carefully but cannot be guaranteed to work perfectly in every combination.

Roll out passwords & MFA

Remote from $120/hourMelbourne on-site call-out from $180. Quoted before work starts.

Remote IT Support & On-Site Call-Out

Practical help when something tech needs doing: a printer that won't print, a new starter to set up, settings nobody understands.

Who it is for

Small businesses without in-house IT that occasionally need a competent, security-aware pair of hands.

The problem it solves

Small jobs pile up because there's nobody to do them — and quick fixes done insecurely (shared admin passwords, disabled updates) create tomorrow's incident.

What is included
  • Remote support sessions for setup and troubleshooting tasks
  • On-site visits around Melbourne for hands-on jobs
  • Security-aware fixes: we never leave default passwords or disabled protections behind
  • Clear notes on what was changed
What is not included
  • Hardware repairs (referral to repairers)
  • Emergency 24/7 response
  • Managed IT contracts (see Ongoing Support for our retainer)
What you provide
  • Access to the system needing help
  • Description of the issue
Deliverables
  • The job done
  • Notes on changes made

Timeline

Booked sessions; most small jobs same week.

Boundaries

No licensed electrical work, structured cabling, or security camera/alarm installation — where that is needed we help you brief a licensed trade. Hardware, software, and licence costs are paid by you directly. Third-party hardware and software is set up carefully but cannot be guaranteed to work perfectly in every combination.

Book IT help

IT setup boundaries: no licensed electrical work, structured cabling, or security camera/alarm installation — where that is needed we help you brief a licensed trade. Hardware, software, and licence costs are paid by you directly. See IT setup Melbourne for details.

Training & Policy Services

Staff awareness training and practical policies your team, clients, and insurers can work with.

$1,800 per session

Staff Cyber Awareness Training

A 45–60 minute practical session covering invoice fraud, phishing, MFA, password habits, safe AI use, and how to report something suspicious.

Who it is for

Teams of 3 to 50 in businesses that handle invoices, client records, or payments — delivered in plain English, no jargon.

The problem it solves

Most successful scams against small businesses start with a staff member acting in good faith. Short, specific training changes the everyday habits that matter.

What is included
  • 45–60 minute live session (in person in Melbourne or video Australia-wide)
  • Invoice fraud and payment redirection scenarios relevant to your industry
  • Phishing, MFA, and password habit walkthroughs
  • Safe AI use at work: what to share, what never to share
  • How and where to report something suspicious
  • Q&A with real examples from your workflows
What is not included
  • Simulated phishing campaigns (separately scoped with written authorisation)
  • Compliance-accredited training certificates
What you provide
  • A session time and attendee list
  • Optional: examples of suspicious emails your team has received
Deliverables
  • Attendance record
  • Staff cheat sheet (digital, printable)
  • Short knowledge-check quiz

Timeline

Booked sessions; materials delivered within 2 business days after.

Boundaries

Awareness training reduces risk; it does not eliminate it and is not presented as a compliance certification.

Book a training session

$2,500

Policy & Compliance Starter Pack

Practical small-business policies tailored to how you actually work: privacy, acceptable use, access control, incident reporting, data handling, AI use, and payment-change verification.

Who it is for

Businesses that need credible written policies for clients, insurers, tenders, or their own staff — without enterprise bloat.

The problem it solves

Insurers, larger clients, and tenders increasingly ask for written security policies. Generic downloads do not match how your business operates and rarely survive scrutiny.

What is included
  • Working session to understand your tools and workflows
  • Tailored policy set: privacy, acceptable use, access control, incident reporting, data handling, AI use, supplier/payment-change verification
  • Plain-English staff summary versions
  • Implementation checklist
What is not included
  • Legal advice or legal sign-off (the pack includes a legal-review disclaimer and is designed for adviser review)
  • Certification against ISO 27001, SOC 2, or similar frameworks
What you provide
  • One working session with the owner or manager
  • Details of tools, staff roles, and data held
Deliverables
  • Editable policy pack
  • Staff summary sheets
  • Implementation checklist and adviser-review notes

Timeline

5 business days from the working session.

Boundaries

Policies are practical drafts requiring review by an Australian lawyer and, where relevant, your insurer and accountant before reliance.

Order the policy pack

Ongoing Support

Monthly checks and a security contact your team can actually reach.

$1,500–$2,500 / monthScope-dependent. Minimum 3-month initial term.

Monthly Protection Retainer

Ongoing monthly control checks, quarterly reviews, staff refreshers, and a security contact your team can actually reach.

Who it is for

Businesses that have completed a health check or sprint and want the basics to stay fixed as staff, tools, and threats change.

The problem it solves

Security decays. New staff skip MFA, suppliers change bank details, settings drift, and nobody notices until something goes wrong.

What is included
  • Monthly control check against your agreed baseline
  • Quarterly security review and updated roadmap
  • Staff awareness refreshers (short, practical)
  • Email and domain monitoring checklist run
  • Policy and process tuning as your business changes
  • Light advisory support for staff security questions
What is not included
  • 24/7 monitoring or a security operations centre
  • Guaranteed incident response (incident readiness pack available separately)
  • Unlimited project work
What you provide
  • A nominated contact
  • Continued access arrangements for agreed checks
Deliverables
  • Monthly one-page status report
  • Quarterly review report and roadmap update

Timeline

Ongoing monthly cycle; quarterly in-depth review.

Boundaries

Advisory and review retainer, not a managed security service. Urgent incident work is scoped and agreed separately.

Ask about the retainer

Not sure which service fits?

Email contact@yarrasecure.com.au or call 0435 315 894 with your business context and the concern you want sorted. Sam will recommend a practical starting point.

Or call Sam directly on 0435 315 894.

Book a discovery callView pricing