Keeping your business cyber secure

Cyber security refers to the tools and techniques applied to IT data and systems to protect them from attacks and loss. Essentially it is locking your digital doors and windows to keep intruders out and your information and systems secure.

All businesses need to be cyber secure, no matter the size or industry. For small businesses, even a minor incident can be devastating.

The average cost of cybercrime in Australia is up by 14%, this includes:

• small businesses $46,000
• medium businesses $97,200
• large businesses $71,600.

Online threats and risks

Online threats and risks can target your IT systems, data and online assets and negatively affect your business, such as:

• brand and reputational damage
• loss of confidential and sensitive data
• loss of business continuity
• fines if your business is found negligent.

The most common types of cyber threats to small business are:

• scam messages (phishing) – designed to trick recipients out of money and data
• malicious software (malware) – provides criminals with a way to access important information (e.g. bank or credit card numbers and passwords). It can also take control of or spy on a user's computer
• ransomware – a type of malware that locks down your computer or files until a ransom is paid.

How to protect your business from cybercrime

The Small business cyber security guide (PDF, 1.5MB) by the Australian Cyber Security Centre (ACSC), steps you through basic security measures.

As a starting point, the ACSC recommends the following 3 actions:

• turn on multi-factor authentication – a security measure that requires 2 or more proofs of identity to grant access to your accounts
• update your device and software – this can fix security flaws in your operating system and other software
• back up your information – learn how to back up your files and devices.

The guide may include measures that are not relevant to your business, or your business may have more complex needs.

After completing this guide, the ACSC recommends small businesses implement Maturity level one of the Essential eight.

IT threat preparation

Protect your business by securing bank accounts and managing access to personal and financial information, using suitable IT system security, and consider purchasing insurance.

Learn more about preparing, preventing, responding and recovering from an IT threat.

Working with IT professionals

If you have questions about this information or cyber security in general, we recommend you speak to an IT professional or trusted advisor.

To improve your cyber security resilience, learn how to choose digital services and specialists and search for cyber security providers.

Educate yourself and team

Ensure your staff are well trained in good cyber security practices. Include cyber security in staff inductions and provide regular staff training. Learn more by:

• enrolling your team in the free Cyber Wardens program
• watching cyber security webinars and reading related information sheets
• reading the Ask a mentor – cyber security mentor tips from our Mentoring for Growth program
• checking your business's cyber fitness by attending a Mentoring for Growth session

Your legal obligations

If your business handles personal data (of employees, customers and suppliers) and financial information, you are responsible for meeting all legislative data-protection requirements. Know your legal obligations for online businesses, including storing and protecting privacy information.

Learn more about protecting customers' personal information from the Office of the Australian Information Commissioner.

Also consider…

• Learn how to avoid business scams, especially those originating outside of Queensland where our laws cannot protect you.
• Learn about information technology risk management, including criminal IT threats.
• Protect your domain name by renewing annually, keeping your account secure and contact details up to date.