Although there are ways to physically protect your laptop or other portable devices, there is no guarantee that they will not be stolen or lost. While the theft itself is frustrating and inconvenient, the loss of information on the device could have serious long-term consequences for your business.
Tip: One of the best things you can do to proactively protect your valuable business computing and information assets is to train your staff about device and information security.
Portable devices are designed to be easily transported and a lot of sensitive business information may be carried around outside the office, for example, sales or customer data.
Make sure you manage the physical assets themselves, as well as the security of the information they contain.
Manage your assets
You can’t put protective measures in place unless you know what you’re protecting.
Start by identifying what information your business stores and uses—for example, customer names and contact details; receipts and invoices; banking and supplier information; or other proprietary information.
Then identify what technology comes into contact with valuable information.
Create a register of your hardware, software and information assets and keep it in a safe place. This list should include:
- The location of critical business information assets. Identify the information that your business simply couldn’t function without and prioritise its protection.
- The name, version number and product keys for all your software.
- The brand, make and serial numbers for all your equipment such as monitors, printers, scanners, speakers, pointing devices, tablets, laptops, cameras, mobile phones and storage media. This information may be needed for maintenance, repairs or insurance purposes.
Why is this important? The faster you can recover from a cyber incident, the less it will impact your business and bottom line.
Protect your computers from threats online
Now that you have a clear picture of what needs to be protected, you can take steps to keep it safe. We consider the following measures to be the most important steps you can take to reduce cyber security risks to your business.
- Update software – including operating systems, web browsers, browser plugins and other applications. Hackers use vulnerabilities in software to access computers, smartphones or tablets. Using automatic updates and installing updates as soon as they become available is one of the best ways to protect your business. Learn more about software updates.
- Use unique and strong passwords or passphrases. Passwords are an important line of defence but they won’t protect your business if they are easy to guess. It is also important to use different passwords across your business – otherwise you are giving criminals one key that opens everything. Learn how to create and remember strong passwords.
- Install security software and use spam filtering. Security software, such as anti-virus and firewalls are used to protect your business from malicious software, while spam filters protect you and your staff from illegitimate and malicious messages. These solutions are not only a good first line of defence, they can also alert you when things go wrong by monitoring your computer and detecting unusual behaviour. Learn more about anti-virus software and firewalls.
- Use encryption on computers and mobile devices such as laptops, tablets and mobile phones. By using encryption on your computers and mobile devices, your valuable business information will stay safe – even if your device is lost or stolen.
- Use a secure internet connection and secure your Wi-Fi. Your internet connection provides a channel into your computer that could be exploited for malicious purposes if it’s not protected. Learn how to protect your internet connection and your wireless network.
- Don’t use the administrator account for daily tasks. The administrator account allows administrators to do important things like install software or give access to other users. But this level of access can be misused if it falls into the wrong hands. Ideally, this type of account and related access should be limited to your organisation’s system administrator. Ensure that standard user accounts are created for everyone else and used for everyday activities. Only log in to the administrator account when required.
- Disable untrusted Microsoft Office macros. Macros are small programs that automate common tasks in Microsoft Office documents. However, maliciously crafted macros are increasingly being used by attackers to install malware when an unsuspecting user opens an affected document. A common scenario is when businesses are sent bogus resumes or job applications that install malicious software when opened.
- Create backups daily. Recent backups of your important information are a last line of defence when things go wrong. Get into the habit of creating backups at the end of each day and test that they work as you expect. Learn how to create backups.
- Use the web wisely. Consider making your browsers more secure by blocking access to Adobe Flash Player (or uninstall if possible), web advertisements and untrusted Java code. Then, when you’ve taken steps to secure your computer, take steps to secure your staff. Learn how to browse the web safely and look at providing security awareness training for you and your staff.
Important: While security is everyone’s responsibility in your business, you need to consider information security as a priority in your business plans, and that you have at least one staff member who dedicates time to information security in your business. This person can be responsible for security functions such as creating back-ups, ensuring software is up-to-date and making sure the business is aware of any current threats. Security needs to be a day-to-day concern in your business. Learn more about the importance of planning when securing your business.
Protect your computers from physical threats
While it’s very important to protect your business from threats online, don’t forget to also protect your computers from physical threats, by applying the following measures:
- Lock portable equipment, not in daily use, in a secure cabinet.
- Use your asset register for staff to sign-out equipment. Remind them of relevant security procedures and obligations. Audit your register monthly to ensure equipment has been returned or is still on loan.
- Ensure all computers and devices are protected with strong passwords.
- Establish an action plan for staff so they know who to contact and what to do if equipment gets lost or stolen.
Learn how to protect your business with our Small Business Cyber Security Guide.
Learn about the ACSC's Essential Eight strategies for mitigating cyber security incidents.