Connect with Stay Smart Online
  • RSS feed

Small Business Guide

Whether you’re in business or managing someone else’s business, you are responsible for its success. Stay Smart Online is the Australian Government’s online safety and security information service, designed to help everyone understand the risks and simple steps that can be taken to protect personal and financial information when using the internet.

Every day we do things to safeguard ourselves and our businesses — we apply sunscreen to protect ourselves from the sun; we take out insurance for our health, homes, cars and business; and we watch the news to keep up-to-date on current issues and events. Just like putting on sunscreen when we go out on a sunny day, protecting our online information should become part of our normal day-to-day activities.

This short guide was developed to help you put in place some basic online security practices. It only takes a few minutes to read through the five easy steps, which will provide you with the basics on how to protect the information entrusted to you by your customers and suppliers.

This Guide has been developed by the Australian Government’s Stay Smart Online Initiative in collaboration with Australia Post, Australia and New Zealand Banking Group Limited, Commonwealth Bank, National Australia Bank, Westpac and Telstra.

Download a printable version of the Small Business Guide.


Sunscreen protects us: Passwords protect information.

Just as we all need a friendly reminder to protect ourselves from the sun, remembering to use strong passwords can protect your information.

If you’re a small business, you need to educate your team to protect your business information held on computers and portable devices. Good passwords are 10 characters or more long, and include a mixture of numbers, letters, special characters, upper and lowercase. Longer passwords are stronger. Change them regularly, and never use the same password more than once.

Good passwords can prevent intruders from accessing critical information that can be used for fraud or to extort your business. Phones and other portable devices need Passwords, PINs or Pattern Locks in case they are lost or stolen. These should be changed regularly.

ACTION: Tell staff to create a password using a phrase and replacing some letters with characters and number. e.g. 'Be good, be wise' can be modified to B3g00db3w1$e.

More details about passwords is available from the set and use strong passwords page. 

back to top


Insure your data: back it up!

You insure your house, health, car, life and physical business assets, but can you replace your lost or damaged business data? Not backing up your data can cost you your business.

What is business data? It includes accounting files, invoicing and quoting systems, letters and emails, information and resources, and even your website files. Regularly backing up your data can help you quickly recover from a cyber attack, hard disk failure or another disastrous event.

Back up your data to a removable storage device such as a hard drive. Do not backup to your computer as it may become compromised too.

ACTION: Take your backup offsite or store it securely, like other important documents. Test your backup system regularly to ensure that it restores all information correctly.

More details about backup is available from the back up your data page.

back to top


Keep friends close and information closer.

Take protecting your business seriously — do not share passwords or keep sensitive business or customer data on computers outside your control.

Avoid using applications that do not allow you to apply separate administrator and user logins. Employees should have individual logins and passwords for each business system (not shared credentials).

Your business information is a valuable commodity. Do you know who has access to your information? By limiting that access on a need-to-know basis, you reduce the risk of an ‘insider’ accidentally or maliciously releasing confidential information.

ACTION: Take responsibility for making your team understand information security, and include this in your business plan. Consider using a password safe to store an encrypted copy of your passwords.

More information about confidentiality is available from the business owners page.

back to top


All eyes open to stay secure.

Staying smart online is not just about you and your team, it’s about insisting your business partners and suppliers, and even your family and friends stay up-to-date with the latest scams, spam and internet threats.

Like keeping up with the daily news, the more that people are informed about online security, the more likely they are to apply that knowledge in your workplace to help protect your business.

ACTION: Ask everyone in your network to subscribe to the Australian Government’s free Stay Smart Online Alert Service to keep on top of current security information.

back to top

Network and Device Security

Lock down your phones (and networks)!

You keep your home free of pests — do the same for your business systems. Having antivirus software that is updated regularly is a good start, as well as setting your systems to automatically update software.

Did you know that mobile phones may provide access to your sensitive business information? Insist staff keep them locked with a PIN in case of loss or theft. Ensure staff limit business information stored on them, including email.

Treat any network that your business does not control as insecure, particularly public Wi-Fi. It is good practice to assume that someone is eavesdropping on your information.

ACTION: Check that websites have a padlock symbol in the browser bar before entering information into them — this is the best indicator that your information is kept private as it is transmitted to and from the website. 

More information about network and mobile device security are available from the mobile devices page and secure your computers page.

back to top

back to top

More information 

Detailed information about scams, including phishing scams, and how to report them is available at SCAMwatch or call 1300 795 995.

To report a cybercrime visit the Australian Cybercrime Online Reporting Network at or call your local police.

Information about small business privacy requirements is available at

The Australian Government’s Digital Business website can assist you with simple, practical tips on how to get your business or organisation online and take advantage of the opportunities that the internet can bring. Visit

Stay Smart Online recommends that if your computer network is compromised, seek immediate technical advice that is relevant to your personal circumstances.

back to top

back to top