Cyber security checklist

The Australian Cyber Security Centre (ACSC) has information to help you protect your business and staff from cyber threats.

This includes:

• turning on multi-factor authentication
• using strong passwords or passphrases
• updating software
• backing up information
• protecting your business data
• educating employees.

You need to keep your customers' information safe. Losing or compromising their information will damage your business reputation and could have legal consequences.

Make sure your business:

• uses a secure online environment for transactions
• stores any personal customer information securely.

If you take payments online, find out what your payment provider does to prevent online payment fraud.

Australia has laws about what you can do with personal information you collect from customers. You need to understand the Australian Privacy Principles (APPs) and have a clear, up-to-date privacy policy. It’s a good idea to display your privacy policy on your business website.

A cyber security policy helps your staff understand their responsibilities when they use or share:

• data
• computers and devices
• emails
• websites.

An emergency management plan can help you respond to a cyber security incident and reduce its impact.

When creating your emergency management plan, you will need to consider:

• the process to report a cyber security incident
• how you will tell your employees and customers about a cyber security incident 
• how to manage your business during a cyber security incident.

The cost of dealing with a cyber-attack can be much more than just repairing databases, strengthening security or replacing laptops.

Cyber liability insurance can help your business with the costs of an attack. But like all insurance policies, it is important to understand exactly what you are covered for.

It’s important you know where to get support and advice on cyber security.

You can:

• call the Australian Cyber Security Hotline on 1300 292 371 for support preparing for and responding to cyber incidents
• get help with cyber resilience or recovering from an incident through the Small Business Cyber Resilience Service
• get individual support through the Digital Solutions – Australian Small Business Advisory Services program. This program gives small businesses low-cost, high-quality advice on digital solutions, including online security
• search online for non-government IT service providers or cyber security professionals.

It’s important to keep up with the latest scams and security risks to your business.

You can:

• become an Australian Signals Directorate partner to receive up-to-date information on cyber security issues and how to deal with them
• sign up for ACSC alerts or check their alerts and advisories page regularly.