Cyber security – protect your online business activity
Cyber security is the tools and techniques applied to IT data and systems to protect them from attacks and loss.
A cyber attack can seriously damage your business and you may have to spend lots of time, money and resources to fix it.
Best practice cyber security processes can improve your business by:
- preventing loss
- maintaining legislative compliance
- building customer trust
- maintaining business continuity.
Legal obligations for cyber security
If your business handles personal data (of employees, customers and suppliers) and financial information, you are responsible for meeting all legislative data-protection requirements.
Learn more about legal requirements for working online.
Online threats and risks
Online threats and risks can target your IT systems, data and online assets and negatively affect your business, such as:
- brand and reputational damage
- loss of confidential and sensitive data
- loss of business continuity
- fines if your business is found negligent.
|Ransomware||Software designed to prevent users from accessing their files or any part of the computer system until a ransom is paid|
Software designed to damage a computer system
Disguised as harmless software to attack computers
Fake emails designed to capture your sensitive data and information
Unsolicited emails sent out in bulk
Software that tracks your movements online and reports back to originating website
People who are trying to gain unauthorised access to your computer or systems
Using your personal information to commit fraud
Stealing and profiting from private company or business data and information
Protecting your business from cybercrime
Protect your business with these tools and resources.
- Visit the Australian Cyber Security Centre (ACSC) to learn about:
- using virtual private networks (VPNs)—encrypted networks designed to protect data as it is transferred
- securely configuring a remote desktop client to enable greater remote-device protections
- improving the security of work devices, such as laptops and mobile phones for greater work-device protections
- implementing multi-factor authentication to prevent unauthorised access
- improving your overall security using employee training.
- Register for the ACSC alert service to stay updated on cyber security threats.
- Download ACSCs small business cyber security best-practice guide.
- Complete the Australian Taxation Office's online security self-assessment.
Reporting suspicious online activities can help authorities to combat cybercrime and develop tools and awareness programs to protect businesses and individuals from attacks.
You can report suspected cyber security threats to your business through the ACSC.
Read the preventing and reporting cybercrime recommendations from the Queensland Police Service.
Online security and fraud
Operating your business in a secure online environment will help you meet your legal obligations to keep your customers' information private.
Effective online security management is critical in managing your business's risk, and building and maintaining customer confidence and trust.
Use online security policies and procedures to plan and implement effective online security for your business.
Find out how to implement online security policies in your business.
Protect your business from fraud
Fraud occurs when someone uses false data or information for illegal profit.
You can protect your business from fraud by:
- securing bank accounts and related information
- managing access to personal and financial information
- conducting background checks on staff and contractors
- using suitable IT system security
- purchasing insurance.
Learn more about your fraud protection obligations.
Protecting your data, hardware, and software
All computers, servers and wireless networks that your business uses must be protected against online and cyber security threats and risks.
Steps to guard against external threats to IT systems
- Install anti-virus and anti-spyware software, including spam filters, and ensure they are active and updated regularly.
- Enable wireless network security and change the default password immediately because most default passwords are known to hackers.
- Install a software firewall, typically included in IT security bundles or operating systems.
- Choose strong passwords involving a combination of numbers, symbols and upper- and lower-case letters.
- Change passwords regularly—every 90 days is recommended.
- Find out if your computer's operating system has a free built-in virus and security system and backs up to the cloud.
- Back up data regularly and store copies off-site or in the cloud.
Learn more about cloud computing for business.
Read the ACSC's guides on implementing security protections for different software applications and devices.
You will need to protect your desktop computers and devices with robust, secure passwords. If your data is not adequately protected, hackers may be able to access your networks and corrupt or steal information.
Backing up your data is crucial—having a copy of your data in a separate location will enable you to recover information quickly and easily in the event of any data loss. You can back up your data to the cloud or an external drive.
You should establish policies for your business on how staff can protect data to avoid data loss from staff inadvertently taking important files outside of your business by emails, external drives or laptops.
Learn more about how to prevent data theft.
Protecting and renewing your domain name
Your domain name is your intellectual property. Letting your domain name expire means you could lose control of your online presence, branding and company website.
This may leave your business and customers vulnerable to cybercriminals. If criminals gain access to your domain name, they could create a fake website as your brand and send phishing scams to your customers.
Note down when your domain name will need renewing so it doesn't expire. Domain names can be renewed for more than 1 year at a time.
Common protection methods
These are some common protections that can be used.
Encrypted certificates that verify the site ID and creates a secure web link when used, and protect secure data and make your website more trusted.
Alphanumeric codes that ensure only verified users can access systems.
A program that will scan and detect threats to the system.
A software tool that will scan all data being entered and users, and only allow access to trusted items.
A function to ensure all software programs have the most up-to-date protections.
Internal documents that will explain the security requirements and actions for a business, and can be used for staff training.
Internal threats to IT systems
Threats to IT systems can occur from within your business. These internal threats could occur when staff are unaware of suitable protections or in some cases there could be malicious intent.
Steps to guard against internal threats to IT systems
- Allow only authorised staff to access IT data and systems.
- Create IT policies and procedures.
- Assess the risks of employees connecting portable devices to work systems.
- Check for spam claiming to be from 'trusted' email senders—for example, banks do not do business by email.
- Think before opening attachments or sharing information to ensure data protection.
- Store data carefully—choose who has access to it and decide what devices you will allow staff to connect to your network.
- Create strong, individual passwords to protect your website so only authorised users can access the site and make changes.
- Change shared passwords and revoke access from employees when they leave your organisation.
- Ensure that all file access and transfer mechanisms are approved and included in your cyber security plan.
- Read about protecting customers' personal information from the Office of the Australian Information Commissioner.
Seeking help from specialists
Cyber security and IT specialists can help develop a custom plan for your business if you do not want to manage digital risks yourself. This may be a good option for you if you are not tech savvy or do not feel confident.
When talking to cyber security and IT specialists, it is important to ask the following questions.
- Is there a one-off or ongoing payment? You may want to seek advice on setting up your security protections but typically you won't need ongoing help unless your needs are complex.
- Will you create a custom security plan for my business? If you are paying a professional, it's important to make sure that their advice is tailored to your needs.
- Can you explain all the inclusions in your service? Many of the protections you will need can be set up easily yourself for little or no cost, so make sure you are only paying for services you are not comfortable completing yourself.
- Read about information technology risk management, including software failure, human error and natural disasters like cyclones.
- Find out how to avoid business scams, especially those originating outside of Queensland where our laws cannot protect you.
- Find out how to create a digital strategy for your business.
- Last reviewed: 11 May 2022
- Last updated: 20 Oct 2022