Online security and fraud

Coronavirus (COVID-19): Cyber security and business scams

Take steps to protect your business from online threats, attacks, phishing emails and scam phone calls:

Operating your business in a secure online environment will help you meet your legal obligations to keep your customers' information private.

Providing online security is also critical in managing risk in your business and in building and maintaining customer confidence and trust.

Online security

You need to put security measures in place to make sure you and your staff are using the internet safely. Online security should be included in your business planning, particularly in your risk assessment.

Simple tips for staying safe online

  • Install security software and update it regularly to reduce the chance of getting viruses on your computer.
  • Turn on automatic updates so that all your software receives the latest fixes.
  • Choose a strong password and change it at least twice a year.
  • Stop and think before you click on links or attachments.
  • Stop and think before you share any personal or financial information - about yourself, your friends or family.

Find out how to implement online security policies in your business.

Data protection

You will need to protect your desktop computers and portable hardware (laptops, mobile phones, etc.) with strong, secure passwords. If your data is not properly protected, external hackers may be able to access your networks and corrupt or steal information.

Backing up your data is crucial. Having a copy of your data in a separate location will let you recover information quickly and easily in the event of any data loss. You should establish policies for your business on how staff can protect data. These policies can help you avoid data loss from staff inadvertently taking important files outside of your business by emails, external drives or laptops.

Learn more about how to prevent data theft.

Online scams

Scam and hoax websites and emails are designed to trick you into disclosing information such as bank account details, passwords or credit card numbers.

Fraudulent emails, known as 'phishing' scams, can target you and your staff. They are used to con people into giving up personal information that can then be used for illegal purposes, such as transferring funds or buying products online.

Phishing scams are common and it's important that you and your staff know how to identify them. You should be suspicious of emails from people or businesses you don't know, especially if they are offering something that sounds too good to be true.

Be aware that banks never ask for confidential information by email. If you are unsure if an email is legitimate or not, contact your bank before responding. They will also want to know about fraudulent emails.

Another common scam is 'pharming', where a hacker puts a malicious code on your computer to direct you to a fake website. Both phishing and pharming have been used for online identity theft or fraud. Victims' personal details may be used illegally to support crime or make online purchases.

Learn more about online scams on the Scamwatch website.

Renewing your domain name

Remember to note when your domain name will need renewing so it doesn't expire. Letting your domain name expire means you could lose control of your online presence, leaving your business and customers vulnerable to cybercriminals.

Read more about the risks of abandoned domain names from the Australian Cyber Security Centre.

Also consider...