Getting the basics of cyber security right
What you need to know and simple tips to help
Good cyber security practices are important to help keep your business secure. They can help protect things like your financial data, customer records and personal information. The good news is you don’t have to be a tech expert to start improving how you protect your business.
Below we explore:
- Important things to know about cyber security risks.
- Top tips to help keep your information safer.
- Why education is an important part of your cyber defences.
What you need to know about cyber security
Before thinking about technology solutions, it can help to understand what you need to protect. Asking the questions below can help you understand and manage your cyber security risk more effectively.
Know the value of your data
All data has value to someone. This could be your staff, your customers, or someone who wants to steal it. Work out what’s most important to your business.
Know who has access to your data
People inside and outside your company could have access to your information. Your employees may have “super user” admin rights to certain programs that they don’t need.
Know where your data is stored
Is your data on-site, such as on your business computers? Or is it in the cloud with a service provider? If so, do they share your data with other third parties? And how secure is it?
Know who is protecting your data
Keeping your data safe is a collective effort. What security processes are in place? Do your staff and suppliers understand these processes? Who can you contact if you need to — and can you contact them 24/7?
Know how well your data is protected
If you are using professional support to help protect your information, do you know how they are doing it?
Top tips for cyber security
Building a cyber-secure mindset doesn’t have to be difficult. You can start with a few key steps to help improve your business security.
Don’t use the same password repeatedly
Reusing the same password for multiple accounts may be convenient, but it can also be extremely risky. If hackers get one password, they could access your other accounts, like email, social media, or online banking.
Cyber criminals can share or sell stolen passwords. To help you stay safe:
- make sure every password is long - 12 characters is usually recommended.
- ensure it is unique to you - using phrases or sentences can help.
- a password manager can help you set, store, and remember them.
Discover more tips to get password management right
Set up multi-factor authentication
Multi-factor authentication (MFA) can help make your accounts more secure by adding an extra layer of protection. Even if a hacker gets your password, they still need more information to log in.
MFA works by requiring a time-sensitive code, usually sent to your phone. It can also be something more advanced like your fingerprint or facial recognition. These can be a lot harder for hackers to fake.
Remember, never share your MFA codes with anyone.
Find out more about two-factor and multi-factor authentication
Back up your data regularly
Form a habit to make sure you back up your important data. Try testing your backups to ensure they can be restored without issues. It can help to use the 3-2-1 backup strategy:
- create three backup copies of your data.
- store them on two different types of media (like a hard drive and a cloud service).
- keep one backup off-site in case of a physical disaster.
You can also use professional backup services to help make this process even simpler.
Discover why cloud security is important or your business
Schedule automatic software updates
Having your IT systems updated can help keep your business secure. So set up automatic updates where appropriate.
Updates help fix security flaws in any of your devices that are connected to the internet. These could be devices, apps, websites, or even your CCTV cameras. The more up-to-date your software is, the lower your risk of cyber attacks may be.
Learn more about how automatic updates can help keep your business secure
Educating your employees on cyber security
When we think about cyber -attacks, we might imagine hackers breaking into our computer systems, but many cyber criminals aren’t technology experts. They’re more like cheeky scammers who might try and trick you or your employees into making mistakes.
Small businesses can be more vulnerable to cyber-attacks that target people, not IT systems. According to StrongDM, employees of small businesses experience 350% more ‘social engineering’ attacks than employees at bigger companies.
Social engineering is when hackers trick a victim into giving up important information, or even control of a computer system. For example, hackers may pretend to be a boss or coworker to get hold of sensitive information.
A good first line of defence is making sure your employees are aware of potential scams and other digital threats. Investing in cyber security training programs can help save you a lot of money and hassle in the future.
Cyber Wardens: digital security guards
Cyber Wardens is a free cyber security program run by the Council of Small Business Organisations of Australia (COSBOA), with support from Telstra and CommBank. It helps small business owners and their teams learn how to protect themselves from cyber threats.
Being part of the Cyber Wardens program can help:
- protect your business. Your employees can learn how to identify online threats and report cyber security attacks.
- empower your team. Learning about different cyber security processes can help protect against hackers.
- encourage a support system. Your staff can become cyber security role models to foster a proactive and responsible online culture within your business.
Explore the free Cyber Wardens program in more detail or sign up now
Cyber security for businesses going beyond the basics
If you feel like you already have the basics in place and your business would benefit from further security precautions, make sure you’re across the Australian Signals Directorate’s (ASD) Essential Eight. This is a set of risk mitigation strategies aligned to a cyber security maturity model that will help you assess your business operations.
Read our article on the Essential Eight if you’d like to explore what else you could do to protect your business.
Stay alert with the right support
Cyber criminals are constantly looking for opportunities. So, it’s important to be aware of threats. These days, with many businesses working and communicating online, there are more opportunities for scams and attacks.
Telstra’s Cyber Security team keeps an eye on suspicious emails, phone calls, and texts to help keep you safe online. You can check for information on active scams online anytime. However, keep in mind that while this list is updated regularly, it doesn't cover every possible scam.
If you see something suspicious, you can look for a “Report Phishing” button in your app or online. Here are some other steps you can take.
- Report suspicious SMS, emails or calls to Telstra.
- Forward SMS messages to 7226 (SCAM).
- Report suspicious messages to the ACCC.
Make getting cyber security basics right a priority
A cyber security breach can have serious consequences if data and information is stolen or compromised. These could be financial, legal or just a nuisance, taking up time that could be spent elsewhere.
Start with a simple review of where you’re at and how you’re taking precautions today. Just like how we lock our front doors when we leave the house, it’s important to lock down your digital assets too.
Originally published March 2023, updated December 2024.
Insights to power your business today and tomorrow
Download your Tech State of Play report to help propel your business further through technology.
Explore more on this topic
Cyber security and your business
Insights to help you review your cyber security strategy and help you protect your business and customers.