Cyber security checklist

Take sensible precautions to reduce the risk of a cyber incident. This includes:

• choosing strong passwords or passphrases. Consider using a password manager to create unique passwords for each account
• turning on multi-factor authentication for your accounts
• installing software updates as soon as possible
• using antivirus software and malware filters
• backing up information so you can restore it easily after a cyber incident
• only giving staff members access to the systems they need
• protecting the physical security of your computers and other devices.

Small business owners are often the targets of scams where criminals try to trick you into giving them money or personal information. 

Scammers usually contact you via email, text message or a phone call. Their messages may seem like they are from a legitimate business or the government. Often they will ask you to download a file, log in to a fake website or transfer money or gift cards.

It’s important to know the signs of a scam so you can avoid losing money or giving cyber criminals access to your systems.

You need to keep your customers' information safe. Losing or compromising their information will damage your business reputation and could have legal consequences.

Make sure your business:

• uses a secure online environment for transactions
• stores any personal customer information securely.

If you take payments online, find out what your payment provider does to prevent online payment fraud.

Australia has laws about what you can do with personal information you collect from customers. You should understand the Australian Privacy Principles (APPs) and have a clear, up-to-date privacy policy. It’s a good idea to display your privacy policy on your business website.

A cyber security policy helps your staff understand their responsibilities when they use or share:

• data
• computers and other devices
• emails
• websites
• social media.

An emergency management plan can help reduce the impact of unexpected events, including cyber security incidents.

When creating your emergency management plan, think about:

• the process to report a cyber security incident
• how you’ll tell your employees and customers about a cyber security incident
• how you’ll manage your business during and after a cyber security incident.

Cyber security is everyone’s responsibility. 

Teach your staff about common cyber threats and how to protect against them. Make sure they understand how to report a scam or potential cyber security threat. 

You could also consider formal cyber security training and making this a part of onboarding new employees.

The cost of dealing with a cyber-attack can be much more than just repairing databases or replacing laptops. For example, you might be unable to operate your business for a while or need to compensate customers for data loss.

Cyber liability insurance can help your business with the costs of an attack. Like all insurance policies, it is important to understand exactly what you are covered for.

There are plenty of places to go for support and advice on cyber security.

You can:

• call the Australian Cyber Security Hotline on 1300 292 371 for help preparing for and responding to cyber incidents
• get help with cyber resilience or recovering from an incident through the Small Business Cyber Resilience Service
• get individual support through the Digital Solutions – Australian Small Business Advisory Services program. This program gives small businesses low-cost, high-quality advice on digital solutions, including online security
• contact non-government IT service providers or cyber security professionals.

Cyber criminals are constantly coming up with new threats. It’s important to keep up with the latest scams and security risks to your business.

You can:

• become an Australian Signals Directorate partner to receive up-to-date information on cyber security issues and how to deal with them
• sign up for Australian Cyber Security Centre alerts or check their alerts and advisories page regularly.