Cyber security checklist for your business

How cyber safe is your business? Our cyber security checklist covers top tips to help you protect your business.

Top security tips 

  • Consider using passphrases instead of passwords 
  • Enable multi-factor authentication for an extra layer of security
  • Regularly back-up your data and complete antivirus scans

1. Protect your passwords

Passwords are the first line of defence when it comes to keeping your accounts safe. However, reusing a password multiple times makes it less secure. It only takes one breach to compromise all the accounts with the same password, so you should always make sure you use a unique password.  

Consider lengthening your passwords into passphrases (a string of three or four random words, or an unpredictable sentence) and ask your staff to make sure they have strong, secure passwords.  

If you don’t think you can remember multiple passwords, the Australian Cyber Security Centre suggests using a password manager. These tools can help you generate and store passwords for your less critical services. Make sure you’re not storing passwords for critical accounts such as internet banking, and that your password manager is itself protected with a long, unique passphrase that you can remember. 

2. Enable multi-factor authentication 

Multi-factor authentication is an extra step that requires you to supply an additional piece of information – such as a random code sent by SMS or generated on your phone – to complete the log on process. It adds another layer of security on top of a password alone.

Remember: we’ll never ask you to share your passwords, NetCodes, eTokens or physical token codes with us. There’s also plenty of useful information on our Business security hub, including what to do if you think you’ve been scammed.

3. Review who has access

Check who has access and administration rights to your company network and applications. Confirm each staff member still has the appropriate levels of access for their current role and make sure those who leave your organisation don’t keep their access.

You can see who has authority on your business accounts in the CommBank app, NetBank and CommBiz.

4. Update and automate your applications

Review all operating systems and applications your business is using to see if they’re still required. If you still need them, check to see if they’re up to date and whether security updates are available. Patching these security cracks will ensure you’re not inadvertently leaving a door open for a cyber-criminal.

Don’t forget to update all devices, including phones, tablets, laptops, desktops, routers, printers. You can stay one step ahead by switching on automatic updates.

5. Complete an antivirus scan

Take a moment to confirm all your devices are still protected by an up to date, quality antivirus program. Make sure you’re using all the features the antivirus provides and set it to conduct regular scans on all your devices.

6. Regularly back up

With ransomware becoming a serious threat for many businesses, it’s never been more important to know where your data lives, how it’s protected, and whether you’d be able to survive and recover from a cyber-security incident that knocked your business offline.

Carefully consider how frequently you back up your data. It can be helpful to assess how much potential data loss you can tolerate based on the volume of transactions or customer interactions your business is processing each day.

Think about consolidating your cloud storage needs and close any accounts you don’t need.

Review the access permissions you’ve granted to people and make sure your data is configured to automatically back up to cloud storage, in case you lose access to your laptop or phone.

7. Stay vigilant to scammers

As scams targeting businesses continue to evolve, it’s a good idea to be aware of the latest scams and security alerts.

Scammers are targeting businesses by posing as suppliers, vendors, telecommunication services and even CommBank. If something seems suspicious, remember to Stop, Check and Reject.

We'll never:  

  • Include a link to log on directly from an SMS or email 
  • Ask you to share your log on ID, passwords, or one-time codes 
  • Ask you to give us remote access to your computer

Always verify new account details by calling the vendor or supplier on a trusted number you already have, or through their official website.

We also have a range of security features to help keep you safe:

  • Use NameCheck to avoid false billing scams and mistaken payments when making first-time payments 
  • Verify whether a caller claiming to be from CommBank is legitimate with CallerCheck
  • Use CustomerCheck to identify yourself safely through the CommBank app, when in branch or with a CommBank specialist

8. Find tools to help

You don’t have to navigate the world of cyber security alone. If you’re a CommBank customer, explore a range of free tools through features such as Benefits finder in the CommBank app or NetBank. Check out the cyber security health check tool and the Cyber Wardens program, which supports and educates small businesses to build cyber resilience.

Find out more about keeping your business safe

Things you should know

This article is intended to provide general information of an educational nature only. It does not have regard to the financial situation or needs of any reader and must not be relied upon as financial product advice. As this information has been prepared without considering your objectives, financial situation or needs. You should, before acting on this, consider the appropriateness to your circumstances.