Академический Документы
Профессиональный Документы
Культура Документы
Supplemental
Guides
For more cyber security
measures to help keep
your business safe, refer
to our Small Business
Cyber Security suite
at cyber.gov.au
Step-by-Step Guide
Backing Up & Restoring
Your Computer
(For Mac)
STEP-BY-STEP GUIDES
cyber.gov.au
2
Small Business Cyber Security Guide
Table of Contents
FOREWORD �������������������������������������������������������������������������������������������������������������������������������������� 4.
Ransomware ������������������������������������������������������������������������������������������������������������������������������������� 8.
GLOSSARY���������������������������������������������������������������������������������������������������������������������������������������� 18.
cyber.gov.au 3
Small Business Cyber Security Guide
Foreword
This guide has been developed to help small businesses protect themselves
from the most common cyber security incidents.
A cyber security incident can have devastating Our Small Business Cyber Security Guide has
impacts on a small business. been specifically designed for small businesses
to understand, take action, and increase their
Unfortunately, we at the Australian Cyber Security
cyber security resilience against ever-evolving
Centre (ACSC) see the impact of cyber security
cyber security threats. The language is clear,
incidents each and every day, on individuals,
the actions are simple, and the guidance is
small businesses and large companies.
tailored for small businesses.
We recognise that many owners and operators of
For an overview of cyber security basics this
small businesses don’t have the time or resources
guide is an excellent place to start. If you
to dedicate to cyber security. However, there
want to improve your cyber security further,
are simple measures that a small business
you can find more information and advice
can introduce to help prevent common cyber
on the ACSC website at: cyber.gov.au
security incidents.
4
Small Business Cyber Security Guide
Cyber Threats:
Key Areas
For a small business, even the smallest
cyber security incident can have
devastating impacts.
This section is designed to help small businesses
stay alert and prepared. It identifies and explains
the most common types of cyber threats and
PROTECTING
your money, data
what you can do to protect your business.
& reputation
cyber.gov.au 5
Small Business Cyber Security Guide
Malicious Software
(Malware)
• F raud
• Identity theft
•D
isrupting business
• Stealing sensitive data or intellectual property
•S
iphoning computer resources for wider criminal activity
6
Small Business Cyber Security Guide
Scam Messages
(Phishing)
FEELING
•P
urchasing gift cards and sending them UNSURE?
to the scammer
Scam orEmails
If you think a message call might truly be from
Phishing scams are not limited to emails. They are an organisation you trust (such as your bank or a
increasingly sophisticated and harder to spot. supplier) find a contact method you can trust.
Search for the official website or phone their
Be cautious of urgent requests for money, changes advertised phone number. Do not use the links
or contact details in the message you have
to bank accounts, unexpected attachments, and been sent or given over the phone as these
requests to check or confirm login details. could be fraudulent.
cyber.gov.au 7
Small Business Cyber Security Guide
Why? Money
Ransomware offers cybercriminals a low-risk, high-reward
income. It is easy to develop and distribute. Ransoms
are typically paid using an online digital currency or
cryptocurrency such as Bitcoin, which is very difficult to
trace. Also in cybercriminals’ favour, most small businesses
are unprepared to deal with ransomware attacks.
8
Small Business Cyber Security Guide
Software
Considerations:
Key Areas
Managing your software, data, and online
accounts can drastically increase your
business’ protection from the most common
types of cyber threats.
For example, your operating system is the most
important piece of software on your computer.
PROTECTING
your money, data
It manages your computer’s hardware and all its
programs, and therefore needs to be updated & reputation
regularly to ensure you are always using the
most secure version.
Improve resilience, stay up to date and stay secure
with these software considerations for small
businesses.
cyber.gov.au 9
Small Business Cyber Security Guide
Automatic Updates
10
Small Business Cyber Security Guide
Automatic Backups
^ Certain industries have obligations to keep records for specific periods of time.
Make sure you are aware of your data retention requirements. cyber.gov.au 11
Small Business Cyber Security Guide
Multi-Factor Authentication
12
Small Business Cyber Security Guide
People
and Procedures:
Key Areas
Businesses, no matter how small, need
to be aware of and consciously apply
cyber security measures at every level.
Your internal processes and your workforce are
the last, and one of the most important lines of
defence in protecting your business from cyber
PROTECTING
your money, data
security threats.
Given small businesses often lack the resources & reputation
for dedicated IT staff, this section addresses how
you can manage access to information in your
business, secure your business accounts, and
train your staff how to prevent, recognise and
report cyber security incidents.
cyber.gov.au 13
Small Business Cyber Security Guide
Access Control
•D
ecide who should access certain files,
databases, and mailboxes
•C
ontrol any access permitted to external ACCESS CONTROL PRINCIPLES
providers e.g. accountants, website hosting
providers Transition your employees from ‘Administrator’
accounts to standard accounts on business devices
•R
estrict who has access to accounts such as
supplier websites and social media Review access permissions on digital files
and folders
•R
educe potential damage if any accounts, Do not share accounts or passphrases/
devices, or systems are compromised passwords between staff
•R
evoke access to systems and data when an Remember to revoke access, delete accounts
employee changes roles or leaves the business and/or change passphrases/passwords when
an employee leaves, or if you change providers
14
Small Business Cyber Security Guide
Passphrases
Password managers (which can also be used to store passphrases) enable good cyber
CONSIDER security habits. Having a unique passphrase for every valuable account may sound
USING A overwhelming; however, using a password manager to save your passphrases
PASSWORD will free you of the burden of remembering which passphrase goes where.
MANAGER Ensure that any password manager you use comes from a trusted and reputable
source and is protected with its own strong and memorable passphrase.
cyber.gov.au 15
Small Business Cyber Security Guide
Employee Training
and report
including updating their devices, securing their
accounts, and identifying scam messages.
cybercrime�”
You should also consider implementing a cyber
security incident response plan to guide your business
and your staff in the event of a cyber incident.
This will help you understand your critical devices
and processes, as well as key contacts that you
can use to respond and recover.
16
Small Business Cyber Security Guide
Summary Checklist
Software Considerations
utomatically update your operating
A egularly backup your important data
R
systems, software and apps
• Test your backups regularly by attempting
• I f you receive a prompt to update your to restore data
operating system or other software, you should
• A
lways keep at least one backup disconnected
install the update as soon as possible
from your device
• Set a convenient time for automatic updates
nable MFA on important accounts
E
to avoid disruptions to business as usual
wherever possible
• M
FA is one of the most effective ways to protect
your valuable information and accounts
• P rioritise financial and email accounts for
maximum effect
People and Procedures
anage who can access what within
M rain your staff in cyber security basics
T
your business
• This may include updating their
• Use the principle of least privilege for access devices, securing their accounts,
permissions and identifying scam messages
• Remember to delete accounts and/or change • Provide updated cyber
passphrases/passwords when an employee security training on
leaves a regular basis
here MFA is not possible, use passphrases
W
to protect accounts and devices
• Passphrases use four or more random words
as your password
• Passphrases are most effective when they
are long, unpredictable and unique
cyber.gov.au 17
Small Business Cyber Security Guide
Glossary
Antivirus Software Network
A software program designed to protect your computer or A collection of computers, servers, mainframes, network
network against computer viruses. devices, peripherals, or other devices connected to one
another to allow the sharing of data.
App
Also referred to as a mobile application, an app is a term for Operating System
software that is commonly used for a smartphone or tablet. Software installed on a computer’s hard drive that enables
computer hardware to communicate with and run computer
Attachment programs. Examples: Microsoft Windows, Apple macOS,
A file sent with an email message. iOS, Android.
18
Disclaimer.
The material in this guide is of a general nature and should not be regarded
as legal advice or relied on for assistance in any particular circumstance or
emergency situation. In any important matter, you should seek appropriate
independent professional advice in relation to your own circumstances.
Copyright.
© Commonwealth of Australia 2021.
With the exception of the Coat of Arms and where otherwise stated,
all material presented in this publication is provided under a Creative
Commons Attribution 4.0 International licence
(www.creativecommons.org/licenses).
For the avoidance of doubt, this means this licence only applies to material
as set out in this document.
The details of the relevant licence conditions are available on the Creative
Commons website as is the full legal code for the CC BY 4.0 licence
(www.creativecommons.org/licenses).
cyber.gov.au 19
For more information, or to report a cyber security incident, contact us:
cyber.gov.au | 1300 CYBER1 (1300 292 371).