Cyber security fundamentals

Learn more on the core principles and practices that are essential for safeguarding personal information, systems, and digital assets from cyber threats and attacks. 

Data security

Review data security procedures and systems and install security software.

Hire a professional to do an end-to-end security check. It is better to learn your vulnerabilities before an attacker does.

Strong passwords

Make sure that the passwords you use for your online accounts are both secure and difficult to guess. Make a phrase out of your password. You can replace some of the word's letters with numbers or symbols. Test your password. 

Business processes

Encrypt sensitive data and store a backup copy in a different location.

Regular backups are essential because they give you a chance to safeguard your data.

Third party systems

Evaluate the security of any external vendors or systems that you use.

Keep in mind that security procedures used by contractors will impact your company and can risk your reputation.

Minimum storage

Make sure that you are only gathering necessary personal information.

You must take reasonable steps to securely dispose of or de-identify personal information once it is no longer needed.

Access control

Review your current processes and know who in your business has access to your files and systems. Limit admin access and minimise opportunities for an attacker to access and control your systems.

Automatic updates

Keep your systems up to date with the latest upgrades and ensure automatic operating systems updates are enabled as this will install the latest security updates to protect your business from threats.

Trained staff

If a cyber-attack is attempted, you want your staff to be an additional line of defence. Making sure they recognise threats can make all the difference.

Cyber security is everyone's responsibility.

Breach response plan

In an emergency situation, it's critical to move fast. Having a clearly defined plan of action will ensure everyone is aware of their responsibilities.

Practical steps to safeguard your business and customer data

Strengthen accounts

  • Mandate strong and complex passwords for all accounts

  • Ensure accounts have unique passwords, especially email

  • Fortify online accounts with Multi Factor Authentication (MFA). 

Procedures

  • Develop a minimal collection practice

  • Encourage a culture of reporting

  • Encourage your people to speak up if an incident may have occurred

  • Work with them to resolve the issue and make improvements

  • Train your staff on the importance of keeping personal information safe

  • Upskill your team to know what to look out for. 

Vendors and third parties
  • Assess the security of any third-party systems your business uses.  
  • Remember contractors’ security practices will affect your business and reputation. 
  • Review contracts to check liability. 
Collection and retention

  • Only collect personal information that is reasonably necessary

  • Securely dispose of personal information when it is no longer required. 

Access to information

  • Limit access to sensitive information

  • Minimise opportunities for an attacker to access and control your systems

  • Remove previous employees’ access.

Security
  • Install security software and review data security practices and systems
  • Engage an expert to undertake and end-to-end security review

  • Enable automatic system updates to install the latest security fixes

  • Prevent hackers exploiting vulnerabilities

  • Encrypt personal information at rest and in transit. 

Plan for a data breach

  • Implement a breach response plan

  • Prevent urgent, panicked decision-making

  • Seek support – don’t suffer in silence.

Download as PDF Print this page
Top of page