Skip navigation
Government of South Australia - Department of Industry, Innovation and ScienceOffice for Small Family and Business

How to secure your business' data in 6 easy steps

Your business’ security needs are no longer confined to an alarm system, deadlocks and padlocks and possible CCTV cameras. Now it’s about firewalls, VPNs and malware. While you might think your small business isn’t a worthy target for a cyber-attack, the evidence suggests otherwise.

According to the Australian Cyber Security Centre (ACSC), the average financial loss per cybercrime report in 2021-22 was $39,000 for small business, $88,000 for medium-sized businesses. The ACSC receives a cyber-attack report every seven minutes.

What do hackers steal?

All businesses are at risk, not just office-based businesses or those that work with sensitive information. All data is valuable: it could be email contacts, supplier information or any details about your customers (names, addresses, phone numbers and emails), as well as your company’s bank and credit card details, your employees’ information including where you pay their salary and super.

By merging data from multiple sources, cybercriminals can build profiles of hacked account owners to enable other attacks, or increase the effectiveness of social engineering campaigns.

What could be the impact to your business if your data is hacked?

Repercussions can include:

  • instant reputational loss of trust and credibility among customers and suppliers
  • financial loss
  • legal action - not just from impacted customers but possibly government if you can’t show you’ve taken sufficient steps to prevent an attack
  • loss of valuable or historical data
  • operational downtime - a cyber-attack can close a business temporarily or in some cases permanently.

How could you be hacked?

The most common cyber threats that cause the most significant impacts are:

Some steps to protect you and your business

Before taking advantage of the free templates to help you write a detailed business plan, here are some tips about what to consider before you start.

  1. Consider using a password generator for your accounts, and a password manager like KeePass.
  2. Invest in an up-to-date virus scanner or software on all your computers and your mobile phone if it’s connected to business network.
  3. Make sure your wireless internet networks are password protected and secure and introduce multi-factor or 2-factor authentication (MFA) to your most important accounts: email accounts, online backing and any sites with payment details and your social media accounts. MFA is a security measure that requires two or more proofs of identity before granting access to your accounts.
  4. Treat every email you receive with caution and don't open email attachments from senders you don't trust. Click on the sender’s email address to check it matches the one you use.
  5. Be careful downloading “free” applications from the internet.
  6. Keep all computer programs or software up to date, including your operating system (OS). It’s easier to target older versions of your software or OS - this is like leaving a window open or your backdoor unlocked. Turning on automatic updates can make sure you're always on the most current versions.

Talk to your employees

Finally, make sure all your employees understand about the potential of cyber threats and what security measures you have in place.

Cyber awareness among you and your staff is critical to protecting them and you from cyber threats. Just as you take workplace place health and safety seriously, this shared data or cyber security.


Want to know more?


More information:

Cyber Uplift Program
Announcements and practical advice straight to your mailbox.
Name

Please enter a personal email address. Generic addresses beginning with ‘info@’ or ‘admin@’ may be blocked from our email distribution system.

All information is collected and used in accordance with the DIIS Privacy Statement.