ato logo

Top cyber security tips for businesses

Tips for businesses to keep business and client data safe from hackers and identity thieves.

Last updated 26 July 2021

It is important you keep all your business, staff and client information secure. If your data is lost or compromised, it can be very difficult, time consuming and costly to recover.

We, along with leading industry bodies, have created a list of top identity security tips to help keep you and your information safe.

Next step:

Media: Protect your business against identity crime Link (Duration: 1:18)

Cyber Security Stakeholder Group

We developed these tips in consultation with the Cyber Security Stakeholder Group (CSSG), a group comprising of the ATO, tax practitioner industry groups, government agencies and industry partners. The CSSG are working with us to combat the growing threat of identity theft and cybercrime.

See also:

Use strong and secure passwords

Regularly change passwords and do not share them.

Use multi-factor authentication where possible. Multi-factor authentication requires users to provide multiple pieces of information to authenticate themselves – for example, a text message to your phone when logging in to a website.

As a business owner, remember:

  • multi-factor authentication puts an additional layer of security on your accounts – it can make it harder for others to access your account
  • consider using a passphrase that includes numbers and symbols which is easy for you to remember but difficult for someone to guess (for example, P!ne@pp1eP!zz@).

Remove system access from people who no longer need it

Immediately remove access for people who:

  • no longer work for your business
  • have changed positions and no longer require access.

Unauthorised access to systems by past employees is a common cause of identity security or fraud issues for businesses.

Make sure all devices have the latest available security updates

Run weekly anti-virus and malware scans and have up-to-date security software.

Instances of malicious software (malware) are increasing. It can be easy to accidently click on an email or website link which can infect your computer.

In some instances, your device may be impacted by ransomware. Ransomware can:

  • lock your computer until you pay a fee to criminals
  • install software which provides access to your bank accounts, allowing criminals to steal your business’s money.

Do not use USBs or external hard drives from an unfamiliar source

USBs and external hard drives may contain malware, which can infect your business computers without you noticing.

It can cost your business a lot of money to repair the damage.

Stolen information could be used to commit crimes, often in your business's name.

Use a spam filter on your email account

Always use a spam filter on your email account. Do not open any unsolicited messages.

Be wary of downloading attachments or opening email links you receive, even if they are from a person or business you know. They can infect your computer with malware and lead to your business or client information being used to commit fraud.

Spam emails can be embedded with malware and can be used to trick you into:

  • providing information
  • paying fraudulent invoices
  • buying non-legitimate goods.

Do not respond to or click on these emails.

Secure your wireless network, be careful using public wireless networks

Be vigilant when using public wireless networks. Avoid making online transactions while using public or complimentary wi-fi.

Not all wi-fi access points are secure. By making online transactions (such as online banking) on an unsecure network, you can put your information and money at risk.

Be vigilant about what you share on social media

Keep your personal information private and be aware of who you are interacting with.

Before sharing, ask yourself if it is information you want strangers to have access to.

Scammers can take information you publicly display and impersonate you or your business. Impersonators may send emails to trick your staff into providing valuable information or releasing funds.

Monitor your accounts for unusual activity or transactions

Check your accounts (including bank accounts, digital portals and social media) for transactions or interactions you did not make, or content you did not post.

If an organisation you deal with sends you an email alerting you to unexpected changes on your account:

  • don't click on included hyperlinks
  • don't log on to the organisation's website by using links or attachments included in the email.

You should immediately:

  • check those accounts
  • contact the organisation by phone.

Make sure your mail is secure

Make sure your mail is secure and consider using a secure PO Box.

Mail theft is a leading cause of information security breaches.

Do not download programs or open attachments unless you know the program is legitimate

Some programs contain malware that can infect your computer (including ransomware which locks your files until you pay a criminal). It can also be used to harvest your sensitive personal and business information.

Be sure you are downloading authorised and legitimate programs. Unless you know the program is legitimate, do not open attachments or download programs.

Do not leave your information unattended

Secure your electronic devices wherever you are. Your information can be stolen in an instant. In some situations, you won’t even know it's been stolen.

Make sure you:

  • do not leave your information unattended
  • secure your electronic devices (such as phones or tablets) with passcodes
  • securely store portable storage devices (such as thumb and hard drives) when not in use.