Cyber security: Steps to keep your business safe – video transcript

In this Cyber security: Steps to keep your business safe video, understand why it's important to protect your business online against cyber attacks and what steps to take to keep your business safe.

Steps to keep your business safe

It seems like every day we're hearing of a new data breach of large-scale companies. These days, cyber attacks are increasing and becoming harder to stop, both as a small business owner and a consumer.

For small businesses, targeted cyber attacks can cause damage by accessing your client accounts, staff details, and important business information.

While there's no magic wand to protect against all cyber threats, here are the top 6 information security priorities for a small to medium business.

Step 1: Updating your operating systems and software applications.

By always updating software, you're essentially plugging any gaps the cybercriminals might try and get in through. Software developers are constantly releasing updates for their products, to fix any security concerns and improve functionality.

Step 2: Regularly back up your important data.

Our devices are home to all of our important data. But if that device is compromised, damaged, lost or stolen, your data may be lost. Whether it's hardware failure, theft, natural disaster, or your device being infected with a virus, recovering data can be expensive or impossible. So regular data backups are a must.

Step 3: Enable multi-factor authentication (MFA) on important accounts wherever possible.

MFA typically requires a combination of something the user knows (like a PIN or secret question), something you have (like a card or token) or something you are (fingerprint or other biometric).

Each device and accounts will have different ways to turn on MFA, so if you're unsure, visit the Australian Government Cyber Security Centre to find out more.

Step 4: Assess who can access what within your business.

Typically, staff don't require full access to all data, accounts, and systems in a business to perform their role. This access should be restricted where possible, so that employees and external providers do not accidentally or maliciously endanger your business.

Step 5: Where MFA is not possible, use passphrases to protect accounts and devices.

MFA is one of the most effective ways to protect your accounts from cybercriminals. But if MFA isn't available, use a passphrase to protect your account. A passphrase uses 4 or more random words as your password.

Step 6: Train your staff in cyber security basics.

Teach yourself and your staff how to prevent, recognise and report cybercrime. Train your employees in cyber security basics, including updating their devices, securing their accounts, and identifying scam messages.

Staff should also lock their computer if they leave their workstations for any prolonged period. Ensure that unaccompanied people visiting the workplace are questioned, and ensure workers are picking up their printing from the correct printer device.

You should also consider a cyber security incident response plan to guide your staff and business in the event of a cyber incident. This will help you understand your critical devices and processes, as well as key contacts to respond and recover.

The information provided in this video is provided from the Australian Small Business Cyber Small Business Security Guide.

If you find yourself or your business a victim of a cybercrime, you can report it at

To find out more on support for your small business, go to