Because you collect digital data, your business could be at high risk of being targeted in an attack. Any customer or employee information you hold can be stolen, sold on, or used to commit crimes like identity theft or financial fraud. Critical business data can be held ransom for payment or used to disrupt your business’s day-to-day operations.

• Do an audit of the data you have and where it’s stored.
• If you don’t already have one, create a clear protection plan or policy to manage this data.
• Run regular tests to make sure you can recover your website or files, and check your back-up frequency is adequate.

To learn more about how to protect your business information from cyber criminals, download the free Telstra Business Intelligence report on Managing Risks Online.

Many businesses don’t realise the extent of the data they collect – like customer email addresses, online account login details, invoicing/tax records, email chains and so on – let alone the value it can hold for criminals. But even if you don’t store this data on your systems or cloud services, you could still be at risk. Your email and banking accounts could be targeted through phishing (malicious emails) and other scams, while an unsecured website could be intercepted by hackers.

• Consider if you inadvertently collect any customer or business-critical data and if you need a protection plan to manage this.
• Ensure you and your employees are implementing secure online practices.
• Regularly check that you can recover your website or files, that your back-up frequency is adequate, and that you have a tested plan in place if your technology systems and data are unavailable.

To find out more about the vulnerabilities cyber criminals are looking for, download the free Telstra Business Intelligence report on Managing Risks Online.

Even though you’re not sure if you collect digital data, your business could be at high risk of being targeted in an attack if you do unknowingly collect information online. Any customer or employee information you hold can be stolen, sold on, or used to commit crimes like identity theft or financial fraud. Critical business data can be held ransom for payment or used to disrupt your business’s day-to-day operations.

• Do an audit of the data you have and where it’s stored.
• If you don’t already have one, create a clear protection plan or policy to manage this data.
• Run regular tests to make sure you can recover your website or files, and check your back-up frequency is adequate.

To find out more about the type of information cyber criminals are looking for, download the free Telstra Business Intelligence report on Managing Risks Online.

As a sole trader, you're at lower risk, but it's important to keep up with the rapidly changing online threat landscape and protect your own systems, networks and devices from an attack. Adopting a protective mindset and applying cyber security fundamentals can help protect your business.

• Ensure your passwords are unique, use multifactor authentication and keep your system software updated to the latest version.
• Stay informed of emerging attacks and recommendations by reading reports, articles and government advice in the cyber security space.
• Consider how you'll stay secure online if you do take on contractors or employees.

Seek out advice from a cyber security expert if you need it.

Your business size (2–10 employees) puts you at an increased risk of an online attack. Business owners and managers can help minimise this risk by adopting a protective mindset and implementing security fundamentals.

• Ensure all passwords are unique, use multifactor authentication and keep your system software updated to the latest version.
• Educate yourself on current government and expert recommendations by reading reports, articles and studies in the cyber security space.
• Create policies and processes that educate your employees on cyber security risks and promote secure working habits.
• Be vigilant around access and identity, so you know who can access what and that you have the authentication tools to know who they are.

Seek out advice from a cyber security expert if you need it.

Your business size (10+ employees) puts you at higher risk of an online attack. Business owners and managers can help minimise this risk by adopting a protective mindset and implementing security fundamentals.

• Ensure all passwords are unique, use multifactor authentication and keep your system software updated to the latest version.
• Educate yourself on current government and expert recommendations by reading reports, articles and studies in the cyber security space.
• Create policies and processes that educate your employees on cyber security risks and promote secure working habits.
• Be vigilant around access and identity, so you know who can access what and that you have the authentication tools to know who they are.

Seek out advice from a cyber security expert if you need it.

As your employees or contractors use their own devices for work purposes, you're at higher risk of a breach. All devices you and your employees work on need protection to help keep your business safe.

• Develop a tailored device management plan to minimise your risk.
• Ensure it includes personal use policies, minimum password requirements, and device protection software that gives you the ability to remotely wipe devices.

As your employees or contractors don't use their own devices for work purposes, your business is at a lower risk of an attack. But it's still important to make sure all of your work devices have the necessary measures in place to help prevent a breach.

• Implement antivirus software on every device used for work purposes.
• Set minimum password requirements.
• Create personal use policies to help keep your business devices secure.

An integrated cyber security plan with device-level protection can help keep your valuable business assets safe.

As you're not sure if your employees or contractors use their own devices for work purposes, you're at higher risk of a breach. All devices you and your employees work on need protection to help keep your business safe.

• Check if your employees use any of their devices for work purposes.
• If so, develop a tailored device management plan to minimise your risk.
• Ensure it includes personal use policies, minimum password requirements, and device protection software that gives you the ability to remotely wipe devices.

An integrated cyber security plan with device-level protection can help keep your valuable business assets safe.

As you don't have employees, your business's device use puts you at a lower risk. Even without employees, it's still essential that all of your work devices have the necessary measures in place to help prevent a breach.

• Implement antivirus software on every device used for work purposes.
• Use a unique password for all of your accounts to help secure your devices.

An integrated cyber security plan with device-level protection can help keep your valuable business assets safe.

Engaging an IT expert only when something goes wrong could indicate you have a reactive (rather than proactive) approach to how you handle cyber security, which puts you at a higher risk of damage from online incident.

• Document an online incident response plan with formal guidelines for how you confirm, report, repair and communicate a breach, as well as any legal obligations.
• Develop and test a business continuity plan, so you can quickly and confidently fall back to manual processes without disruption if technical systems are offline (which is often the most expensive part of a breach).

A cyber security expert can provide guidance on developing, reviewing and communicating an incident response plan to help you protect your business's valuables and reputation.

By having a formal cyber security response plan in place, you're helping to minimise your risk of damage from an attack. Being proactive in this area suggests you've thought out the risks and planned for how you'd handle the fallout of an online incident, but it's important to conduct regular reviews.

• Check that your response plan includes the most up-to-date, best-practice information on how you confirm, report, repair and communicate a breach, as well as any legal obligations.
• Develop and test a business continuity plan, so you can quickly and confidently fall back to manual processes without disruption if technical systems are offline (which is often the most expensive part of a breach).

A cyber security expert can help provide guidance on how to review, update and communicate your incident response plan to help you protect your business valuables and reputation.

Without a plan in place to respond to an online incident, you are at higher risk of damage from a potential attack, the effects of which can spread across your business in minutes. Proactive planning in this area can help save your business time, money and business resources in the event of a breach.

• Document your online incident response plan with formal guidelines for how you confirm, report, repair and communicate a breach, as well as any legal obligations.
• Develop and test a business continuity plan so you can quickly and confidently fall back to manual processes if technical systems are offline (which is often the most expensive part of a breach).

A cyber security expert can provide guidance on developing, reviewing and communicating an incident response plan to help you protect your business valuables and reputation.

Since you access public networks, you're at higher risk of an online attack.

• Limit your use of public networks and instead connect to private, secured networks that you know and trust for work purposes.
• If you must use public networks, use measures – like data encryption, virtual private networks (VPNs), and mobility and device protection on all work devices that move between spaces and networks – to protect yourself from some of the risks.

When it comes to how you connect to the internet, using secure business-grade networks with password protection and identity management (individual sign-ins) is the best way to keep your business and its information safe.

By not accessing public networks for work purposes, you're helping to minimise your risk of an online attack.

• Continue to limit your use of public networks and only connect to private, secured networks that you know and trust for work purposes.

When it comes to how you connect to the internet, using secure business-grade networks with password protection and identity management (individual sign-ins) is the best way to keep your business and its information safe.

Since you aren't sure if you access public networks, you're at higher risk of an online attack. If you've ever used a hotel's shared Wi-Fi to pay a business invoice, updated your business's social media account from the café next door or connected to the free Wi-Fi at the airport to shoot off a work email on your mobile, you've used public networks.

• Limit your use of public networks and instead connect to private, secured networks that you know and trust for work purposes.
• If you must use public networks, use measures – like data encryption, virtual private networks (VPNs), and mobility and device protection on all work devices that move between spaces and networks – to protect yourself from some of the risks.

When it comes to how you connect to the internet, using secure business-grade networks with password protection and identity management (individual sign-ins) is the best way to keep your business and its information safe.

Because your employees access public networks for work purposes, your business is at greater risk of a security breach.

• Educate your employees on what secure networks are and why they're essential.
• Implement network and internet access policies that include clear guidelines for when and how employees can safely get online (such as using VPNs when they're on the go).

Since your employees don't access public networks for work purposes, they're already using best practice and helping to minimise your risk of an online attack.

• If you don't already have one, formalise a network and internet access policy so your employees have clear guidelines on where and how they can safely get online.

Because you're unsure of your employees' network connection practices, it's possible they're accessing public networks and putting your business at greater risk of a security breach.

• Find out if your employees or contractors are using secure, trusted networks to handle your business's information.
• If they aren't, educate your employees on what secure networks are and why they're essential.
• Implement network and internet access policies that include clear guidelines for when and how employees can safely get online (such as using VPNs when they're on the go).

Because you work alone, there is no risk of employees accessing public networks for work purposes.

• If you do take on contractors or if your business grows beyond yourself, consider network and access policies so there are clear guidelines on where and how people connected with your business can safely get online.

By updating your operating system automatically or as soon as a prompt appears, you're lowering your risk of a cyber attack.

• It's worth formally implementing this approach for any devices used in your business, including those of any employees and contractors.

By delaying or neglecting to update your operating system, you're putting your business at high risk of a cyber attack.

• Enable automatic updates so patches are installed on your work devices' operating systems as soon as they're available, protecting your business from cyber criminals looking to take advantage of known flaws.
• You can set a convenient time for most updates so they don't interfere with your day-to-day work.

Because you're unsure if you regularly update your operating system, it's possible your devices do not automatically patch known security vulnerabilities, which puts your business at high risk of a cyber attack. It's best practice to keep your operating system up to date with the latest available patches, which helps to protect your business from cyber criminals looking to take advantage of known flaws.

• Check the settings on your main work device (and any others you work on) to make sure you have automatic updates enabled where possible, or check manually for new updates on a regular basis.
• You can set a convenient time for most updates so they don't interfere with your day-to-day work.

By enabling automatic updates on your antivirus software, your main work device is at lower risk of being infiltrated by malware. This also applies to any other devices you use for work purposes.

• Along with having the latest version of your antivirus installed, it's best practice to set up daily automatic updates and scans to help identify and defend your device from quickly evolving online threats.

While antivirus is a vital component of your security strategy, cyber criminals are constantly updating their methods, so it's a good idea to have a holistic, proactive security plan that evolves as your business needs do.

By running infrequent updates, your main work device is at high risk of being infiltrated by malware. This also applies to any other devices you use for work purposes. While occasional antivirus updates may seem sufficient, new malware is constantly being created by cyber criminals, and they change appearance quickly to avoid detection.

• Follow best practice by enabling automatic antivirus software updates.
• Automatic or regular scans are vital to help identify and defend your device from quickly evolving online threats.

While antivirus is a vital component of your security strategy, cyber criminals are constantly updating their methods, so it's a good idea to have a holistic, proactive security plan that evolves as your business needs do.

As you don't have antivirus software, your main work device is at high risk of being infected by malware. This also applies to any other devices you use for work purposes. It's imperative for every device to have antivirus software installed with automatic updates enabled.

Without this protective barrier in place, you could compromise your device through doing common online tasks like opening an infected email attachment, downloading infected apps or files, or even opening a false website link. One click is all it takes.

• Install antivirus software on your device.
• Ensure your antivirus software updates automatically.
• Run regular or automatic scans to help identify and defend your device from quickly evolving online threats.

While antivirus is a vital component of your security strategy, cyber criminals are constantly updating their methods, so it's a good idea to have a holistic, proactive security plan that evolves as your business needs do.

As you're unsure how often you back up your critical business data, it's likely your back-ups are infrequent or aren't happening at all. This means you could lose access to the information you need to operate, potentially putting your business continuity at risk.

The first step to keeping your data safe and accessible is understanding how, where and how often it's backed up. Then, put measures in place to prevent the risk of data loss.

• Check where your business's information is stored and consider what would happen if that means of entry was lost.
• Implement a secure storage solution that you back up regularly.
• Get familiar with the 3-2-1 strategy: save at least three copies of your data, two of which are on-site on different devices (like a laptop and a hard drive) and one that is off-site or on the cloud.
• Consider encryption for sensitive data as an extra layer of protection.

As you only back up your critical business data once a year, you could be at risk of losing a year's worth of information. If you need this data to operate, you could be putting your business continuity at risk.

Help keep your data safe and accessible by implementing best-practice measures in the day-to-day running of your business.

• Implement a secure storage solution that you back up regularly.
• Get familiar with and implement the 3-2-1 strategy: save at least three copies of your data, two of which are on-site on different devices (like a laptop and a hard drive) and one that is off-site or on the cloud.
• Consider encryption for sensitive data as an extra layer of protection.

As you only back up your critical business data weekly or monthly, you're at risk of losing anywhere from a week's to a month's worth of information. If you need this data to operate, you could be putting your business continuity at risk.

Help keep your data safe and accessible by implementing best-practice measures in the day-to-day running of your business.

• Implement a secure storage solution that you back up regularly.
• Get familiar with and implement the 3-2-1 strategy: save at least three copies of your data, two of which are on-site on different devices (like a laptop and a hard drive) and one that is off-site or on the cloud.
• Consider encryption for sensitive data as an extra layer of protection.

Your data back-up solutions may help significantly lower your risk of business disruption as you should be able to recover your critical business data and safeguard your business continuity.

• Test your restore processes to ensure they are seamless in the event of an incident.
• If you're backing up your data using an on-site server, consider switching to secure cloud storage with identity controls (like password policies, a password manager and multifactor authentication). This allows you to both work on and store important documents online, making ransomware less effective.
• If you're not already using it, get familiar with and implement the 3-2-1 strategy: save at least three copies of your data, two of which are on-site on different devices (like a laptop and a hard drive) and one that is off-site or on the cloud.