Online security and fraud

Operating your business in a secure online environment will help you meet your legal obligations to keep your customers' information private.

Providing online security is also critical in managing risk in your business and in building and maintaining customer confidence and trust.

Online security

You need to put security measures in place to make sure you and your staff are using the internet safely. Online security should be included in your business planning, particularly in your risk assessment.

Simple tips for staying safe online

  • Install security software and update it regularly to reduce the chance of getting viruses on your computer.
  • Turn on automatic updates so that all your software receives the latest fixes.
  • Choose a strong password and change it at least twice a year.
  • Stop and think before you click on links or attachments.
  • Stop and think before you share any personal or financial information - about yourself, your friends or family.

Find out how to implement online security policies in your business.

Data protection

You will need to protect your desktop computers and portable hardware (laptops, mobile phones, etc.) with strong, secure passwords. If your data is not properly protected, external hackers may be able to access your networks and corrupt or steal information.

Backing up your data is crucial. Having a copy of your data in a separate location will let you recover information quickly and easily in the event of any data loss. You should establish policies for your business on how staff can protect data. These policies can help you avoid data loss from staff inadvertently taking important files outside of your business by emails, external drives or laptops.

Learn more about how to prevent data theft.

Online scams

Scam and hoax websites and emails are designed to trick you into disclosing information such as bank account details, passwords or credit card numbers.

Fraudulent emails, know as 'phishing' scams, can target you and your staff. They are used to con people into giving up personal information that can then be used for illegal purposes, such as transferring funds or buying products online.

Phishing scams are common and it's important that you and your staff know how to identify them. You should be suspicious of emails from people or businesses you don't know, especially if they are offering something that sounds too good to be true.

Be aware that banks never ask for confidential information by email. If you are unsure if an email is legitimate or not, contact your bank before responding. They will also want to know about fraudulent emails.

Another common scam is 'pharming', where a hacker puts a malicious code on your computer to direct you to a fake website. Both phishing and pharming have been used for online identity theft or fraud. Victims' personal details may be used illegally to support crime or make online purchases.

Learn how to recognise online scams on the Scamwatch website.