Keeping your business cyber secure
Cyber Wardens program
The free Cyber Wardens program helps you prepare your business to prevent cyber attacks.
The program includes self-paced cyber security short courses, webinars and guides to help you protect your business and upskill your team.
Cyber security includes the tools, techniques and processes to protect IT data and systems from attacks, and the people who manage them.
All businesses need to be cyber secure, no matter the size or industry. For small businesses, even a minor incident can be devastating.
The average cost of cybercrime in Australia is:
- $56,600 for small businesses
- $97,200 for medium businesses
- $202,700 for large businesses.
Online threats and risks
Online threats and risks can target your IT systems, data and online assets causing:
- brand and reputational damage
- loss of confidential and sensitive data
- loss of business continuity
- fines if your business is found negligent.
The most common types of cyber threats to small business are:
- scam messages (phishing)—designed to trick recipients out of money and data
- email attacks (business email compromise)—involves criminals impersonating legitimate business representatives, often through compromised accounts or deceptive domain names to steal information or trick victims into transferring funds to fraudulent accounts
- malicious software (malware)—provides criminals with a way to access important information (e.g. bank or credit card numbers and passwords). It can also take control of or spy on a user's computer
- ransomware —a type of malware that locks down your computer or files until a ransom is paid.
Educate yourself and your team
Ensure your staff are well trained in good cyber security practices. Include cyber security in staff inductions and provide regular staff training. Learn more by:
- enrolling your team in the free Cyber Wardens program. This program makes it easier for you to increase your business’s cyber readiness to prevent attacks and be resilient to them. The program includes a range of self-paced cyber security short courses, webinars and guides to help you better protect your business
- connecting with IDCARE's Small Business Cyber Resilience Service which is specifically designed to help you build cyber resilience and recover from cyber incidents. It's free for small businesses with 19 or less full-time equivalent staff and an active ABN
- watching cyber security webinars and reading related information sheets
- reading the Ask a mentor—cyber security mentor tips from our Mentoring for Growth program
- checking your business's cyber fitness by attending a Mentoring for Growth session.
How to protect your business from cybercrime
The Small business cyber security guide (PDF, 1.5MB) by the Australian Cyber Security Centre (ACSC), steps you through basic security measures.
As a starting point, the ACSC recommends the following 3 actions:
- turn on multi-factor authentication—a security measure that requires 2 or more proofs of identity to grant access to your accounts
- use strong passwords or passphrases—avoid using the same password on multiple accounts. You can use both password managers and passphrases to create strong passwords
- manage shared accounts—limit the use of shared accounts. When multiple staff use the same account, it can be harder to track cybercriminals breaking in
- implement access controls—ensure your staff only be allowed to access what they need to perform their duties. They do not require full access to all data, accounts and systems in a business
- update your device and software—this can fix security flaws in your operating system and other software
- back up your information—learn how to back up your files and devices.
The guide may include measures that are not relevant to your business, or your business may have more complex needs.
After completing this guide, the ACSC recommends small businesses implement Maturity level one of the Essential eight.
Watch our video on protecting your online business activity against cyber attacks to prevent serious damage and loss.
-
It seems like every day we're hearing of a new data breach of large-scale companies. These days, cyber attacks are increasing and becoming harder to stop, both as a small business owner and a consumer.
For small businesses, targeted cyber attacks can cause damage by accessing your client accounts, staff details, and important business information.
While there's no magic wand to protect against all cyber threats, here are the top 6 information security priorities for a small to medium business.
Step 1: Updating your operating systems and software applications.
By always updating software, you're essentially plugging any gaps the cybercriminals might try and get in through. Software developers are constantly releasing updates for their products, to fix any security concerns and improve functionality.
Step 2: Regularly back up your important data.
Our devices are home to all of our important data. But if that device is compromised, damaged, lost or stolen, your data may be lost. Whether it's hardware failure, theft, natural disaster, or your device being infected with a virus, recovering data can be expensive or impossible. So regular data backups are a must.
Step 3: Enable multi-factor authentication (MFA) on important accounts wherever possible.
MFA typically requires a combination of something the user knows (like a PIN or secret question), something you have (like a card or token) or something you are (fingerprint or other biometric).
Each device and accounts will have different ways to turn on MFA, so if you're unsure, visit the Australian Government Cyber Security Centre to find out more.
Step 4: Assess who can access what within your business.
Typically, staff don't require full access to all data, accounts, and systems in a business to perform their role. This access should be restricted where possible, so that employees and external providers do not accidentally or maliciously endanger your business.
Step 5: Where MFA is not possible, use passphrases to protect accounts and devices.
MFA is one of the most effective ways to protect your accounts from cybercriminals. But if MFA isn't available, use a passphrase to protect your account. A passphrase uses 4 or more random words as your password.
Step 6: Train your staff in cyber security basics.
Teach yourself and your staff how to prevent, recognise and report cybercrime. Train your employees in cyber security basics, including updating their devices, securing their accounts, and identifying scam messages.
Staff should also lock their computer if they leave their workstations for any prolonged period. Ensure that unaccompanied people visiting the workplace are questioned, and ensure workers are picking up their printing from the correct printer device.
You should also consider a cyber security incident response plan to guide your staff and business in the event of a cyber incident. This will help you understand your critical devices and processes, as well as key contacts to respond and recover.
The information provided in this video is provided from the Australian Small Business Cyber Small Business Security Guide.
If you find yourself or your business a victim of a cybercrime, you can report it at cyber.gov.au/report.
To find out more on support for your small business, go to business.qld.gov.au.
Report cybercrime
If you are a victim of cybercrime, find out how to get help and how to report the crime.
IDCARE can support eligible businesses with recovery from a cyber or privacy related incident.
Reporting suspicious online activities can help authorities to combat cybercrime and enable them to develop tools and awareness programs to protect businesses and individuals from attacks.
Phone the Australian Cyber Security Centre 24/7 hotline: 1300 CYBER1 (1300 292 371).
IT threat preparation
Protect your business by securing bank accounts and managing access to personal and financial information, using suitable IT system security, and consider purchasing insurance.
Learn more about preparing, preventing, responding and recovering from an IT threat.
Working with IT professionals
If you have questions about this information or cyber security in general, we recommend you speak to an IT professional or trusted adviser.
To improve your cyber security resilience, learn how to choose digital services and specialists.
Your legal obligations
If your business handles personal data (of employees, customers and suppliers) and financial information, you are responsible for meeting all legislative data-protection requirements. Know your legal obligations for online businesses, including storing and protecting privacy information.
Learn more about protecting customers' personal information from the Office of the Australian Information Commissioner.
Stay informed
Sign up to the ACSC alert service and receive information on recent online threats and how to manage them.
Subscribe to scam alert emails to learn about the latest scams and how to report them.
Enquiries
For general enquiries, phone 13 QGOV (13 74 68).
Also consider…
- Complete a basic 5-minute cyber security assessment using the cyber health check tool.
- Learn how to avoid business scams, especially those originating outside of Queensland where our laws cannot protect you.
- Learn about information technology risk management, including criminal IT threats.
- Protect your domain name by renewing annually, keeping your account secure and contact details up to date.