Show download pdf controls
  • Stay smart online to avoid cybercrime

    Follow these steps this Stay Smart Online weekExternal Link to protect your business from cyber criminals.

    Know how to spot email scams

    Email scams cost Australian businesses more than $60 million in lost revenue and time in 2018. Encourage your staff to be aware of suspicious emails, including:

    • emails or invoices with new bank account details for a supplier
    • unexpected emails (for example, an invoice from a supplier you haven't dealt with recently or for an unexpected amount)
    • emails requesting urgent payment or threatening serious consequences
    • emails from someone who wouldn't normally send payment requests
    • email addresses that don't look right (make sure to check previous emails).

    If your staff receives any of these types of emails, encourage them to phone the company using a number from the company's website, not the number listed in the suspicious email.

    We will never send you an email or text message with a hyperlink directing you to a log on page for our online services.

    Create strong password security

    60% of data breaches by malicious actors involves stolen or compromised credentials such as passwords. You should:

    • create different passwords across all your online accounts, including
      • email
      • payroll
      • accounting software and administration accounts for your website and social channels
      • your myGov account
    • create strong passwords
      • develop a long passphrase made up of at least four words and at least 13 characters, such as 'horsecupstarshoe'
      • choose words that are meaningful to you that you can remember
    • turn on a second layer of security (also known as two-factor authentication), this means you need to provide two things before you can access your accounts, for example your password and something else such as
      • a code sent to your mobile device
      • a physical token
      • a fingerprint.

    Keep your business information private

    59% of Australian organisations have their business interrupted by a cyber breach every month. To keep your business information private you should:

    • ensure you restrict access to your business and customer information – only grant permissions to staff who need it to do their jobs, this reduces the risk of accidentally or maliciously releasing confidential information
    • make sure your staff understand their role in keeping customer and employee information confidential, this includes not disclosing information
      • online
      • on social media
      • to people who don't need or shouldn't have it.

    See also:

    Last modified: 09 Oct 2019QC 60275