ato logo
Search Suggestion:

Top cyber security tips for businesses

Tips to keep business and client data safe from cyber criminals.

Last updated 16 April 2024

Media: Protect your business against identity crime Link (Duration: 1:18)

Secure your information and systems

It is important you keep your business, staff and client information secure. If data is lost or compromised, it can be very difficult, time consuming and costly to recover.

We, along with leading industry bodies, have created this list of top cyber security tips to help keep you and your business information safe:

Use strong and secure passphrases

Consider moving from a password to a passphrase. A passphrase uses 4 or more random words as a password. Regularly change passphrases and don't share them. Check whether your passphrases have been compromised and change them immediately if they have. Learn more about creating and protecting your passphrases at the Australian Cyber Security CentreExternal Link.

Use multifactor authentication

Use multi-factor authenticationExternal Link if possible. Multi-factor authentication requires users to use multiple pieces of information to authenticate themselves.

Multi-factor authentication puts an additional layer of security on your accounts, making it harder for others to gain access.

Manage your employees' accesses

Implementing access controls can limit your employees' access to certain accounts, systems or programs and files, particularly those of sensitive nature. This can minimise the damage caused by a cyber incident.

Remove system access from past employees

Unauthorised access to systems by past employees is a common cause of identity security or fraud issues for businesses. You can mitigate this risk by removing access for people who:

  • no longer work for your business
  • have changed positions and no longer require access.

It's also important to change the login details for any shared accounts.

Check devices have security updates

Applying updates, also known as patches, to your devices as soon as possible reduces the risk of a cyber incident occurring.

You should:

  • turn on automatic updates as having automatic updates ensures the patches are applied as soon as they are available
  • consider using vulnerability scanning software as they constantly monitor your systems to identify security risks and vulnerabilities
  • upgrade devices, apps, or software to a newer product if the current product no longer receives updates
  • run weekly anti-virus softwareExternal Link and malware scans and update your system as soon as a patch becomes available.

Back up your data

Back up your files and devicesExternal Link regularly on a physical device (such as an external hard drive) or in the cloud. This is helpful if your data becomes damaged, lost, stolen or infected by ransomware.

A ransomware attack can:

  • lock your computer or encrypt your data until you pay a fee to the criminal
  • steal your personal or business information and threaten to leak or sell the information unless a ransom is paid.

Don't use USBs or external hard drives from unfamiliar sources

USBs and external hard drives may contain malware that can infect your business computers without you noticing. Ensure you and any employees only plug in USBs or external hard drives that have come from a trusted source.

Use a spam filter on your email account

Always use a spam filter on your email account and don't open any unsolicited messages.

Be wary of downloading attachments or opening email links you receive, even if they are from a person or business you know. They can infect your computer with malware and lead to your business or client information being stolen and used to commit fraud.

Don't download computer programs or open attachments

Be sure you are downloading authorised and legitimate programs. Unless you know the program is legitimate, don't open attachments or download any files.

Some programs contain malware that can infect your computer (including ransomware that locks your files until you pay a criminal). It can also be used to harvest your sensitive personal and business information.

Secure your wireless network and avoid public wireless networks

Avoid using public wireless networks to complete tasks. Not all wi-fi access points are secure. By making online transactions (such as online banking) on an unsecure network, you can put your information and money at risk.

Ensure you use a strong password for your business wi-fi. Consider the use of a private and public wi-fi network if you need to give your customers internet access.

Be aware about what you share on social media

Keep your personal and business information private and be aware of who you are interacting with online.

Scammers can take the information you publicly display and impersonate you or your business. Impersonators may send emails to trick your staff into providing valuable information or releasing funds.

Monitor your accounts for unusual activity or transactions

Regularly check your business accounts (including bank accounts, digital portals and social media) for transactions or interactions you didn't make or content you didn't post.

If you receive an email alerting you to unexpected changes on your account, don't open any links or attachments. Instead:

  • check your accounts by searching for the organisation's website in a web browser
  • phone the organisation using a number you've looked up.

Ask questions when sourcing software

When sourcing software for your business, it's recommended to ask vendors about their cyber security practices. For example:

Keep up to date with security issues

Constantly educate yourself about existing and emerging threats.

You can:

The Australian Cyber Security Centre has resources to help businessesExternal Link of all sizes secure their systems and data.

How we developed these tips

We developed these tips in consultation with the Cyber Security Stakeholder Group (CSSG). This group brings together key stakeholders from tax professional, superannuation, government and industry bodies to improve cyber security and combat emerging cyber security threats.

Download a printable version

You can download a printable version of Security tips for business (PDF, 214KB)External Link.