Cyber security is the tools and techniques applied to IT data and systems to protect them from attacks and loss.
A cyber attack can seriously damage your business and you may have to spend lots of time, money and resources to fix it.
Best practice cyber security processes can improve your business by:
Legal obligations for cyber security
If your business handles personal data (of employees, customers and suppliers) and financial information, you are responsible for meeting all legislative data-protection requirements.
Learn more about legal requirements for working online.
Online threats and risks
Online threats and risks can target your IT systems, data and online assets and negatively affect your business, such as:
Protecting your business from cybercrime
Protect your business with these tools and resources.
Reporting suspicious online activities can help authorities to combat cybercrime and develop tools and awareness programs to protect businesses and individuals from attacks.
You can report suspected cyber security threats to your business through the ACSC.
Read the preventing and reporting cybercrime recommendations from the Queensland Police Service.
Online security and fraud
Operating your business in a secure online environment will help you meet your legal obligations to keep your customers' information private.
Effective online security management is critical in managing your business's risk, and building and maintaining customer confidence and trust.
Use online security policies and procedures to plan and implement effective online security for your business.
Find out how to implement online security policies in your business.
Protect your business from fraud
Fraud occurs when someone uses false data or information for illegal profit.
You can protect your business from fraud by:
Learn more about your fraud protection obligations.
Protecting your data, hardware, and software
All computers, servers and wireless networks that your business uses must be protected against online and cyber security threats and risks.
Steps to guard against external threats to IT systems
Learn more about cloud computing for business.
Read the ACSC's guides on implementing security protections for different software applications and devices.
You will need to protect your desktop computers and devices with robust, secure passwords. If your data is not adequately protected, hackers may be able to access your networks and corrupt or steal information.
Backing up your data is crucial—having a copy of your data in a separate location will enable you to recover information quickly and easily in the event of any data loss. You can back up your data to the cloud or an external drive.
You should establish policies for your business on how staff can protect data to avoid data loss from staff inadvertently taking important files outside of your business by emails, external drives or laptops.
Learn more about how to prevent data theft.
Protecting and renewing your domain name
Your domain name is your intellectual property. Letting your domain name expire means you could lose control of your online presence, branding and company website.
This may leave your business and customers vulnerable to cybercriminals. If criminals gain access to your domain name, they could create a fake website as your brand and send phishing scams to your customers.
Note down when your domain name will need renewing so it doesn't expire. Domain names can be renewed for more than 1 year at a time.
Common protection methods
These are some common protections that can be used.
Encrypted certificates that verify the site ID and creates a secure web link when used, and protect secure data and make your website more trusted.
Alphanumeric codes that ensure only verified users can access systems.
A program that will scan and detect threats to the system.
A software tool that will scan all data being entered and users, and only allow access to trusted items.
A function to ensure all software programs have the most up-to-date protections.
Internal documents that will explain the security requirements and actions for a business, and can be used for staff training.
Threats to IT systems can occur from within your business. These internal threats could occur when staff are unaware of suitable protections or in some cases there could be malicious intent.
Steps to guard against internal threats to IT systems
Seeking help from specialists
Cyber security and IT specialists can help develop a custom plan for your business if you do not want to manage digital risks yourself. This may be a good option for you if you are not tech savvy or do not feel confident.
When talking to cyber security and IT specialists, it is important to ask the following questions.