For more information about each of these steps, see our downloadable documents section at the bottom of this page.
1. Protect your data
Strong passwords and additional account security measures are an effective way
to prevent unauthorised access to computers, devices, networks and data.
Keep all your devices secure using password or PIN protection.
Use strong passwords, resetting them when required, and changing default passwords.
- Use multi-factor authentication when available. This provides an additional layer of
security to your accounts by confirming the identity of the user.
2. Prevent Malware
Malicious software (malware) can cause untold damage to computers, devices and an
organisation's data. The following steps will assist greatly in preventing malware attacks.
Ensure your anti-virus software is turned on, kept up to date, and regularly perform system scans.
Don't download or install third party software and apps from unknown sources.
- Encourage staff to only transfer files over the network, via email or secure
cloud storage, rather than removable media.
- Patch software regularly, and set software to update automatically, if possible.
Always keep your firewall turned on.
3. Avoid Phishing Attacks
Phishing attacks are scam emails, usually masquerading as a trustworthy person or organisation. They might ask for personal information, or provide links and attachments to malicious websites or malware.
Don’t browse the web or use email on accounts with administrator privileges.
Perform anti-virus scans for malware and change passwords if you suspect or identify an attack or compromised account.
- Is the sender's email address legitimate? Is the email unexpected or suspicious?
4. Backup your data
Backing up your data regularly and testing restoration will reduce the impact and inconvenience of any data lost from theft, physical damage or malicious software such as ransomware.
Consider complete backups of systems and data, but if this is not practical, decide what data your organisation needs to keep running and how often this data should be backed up.
- Store your backups in a different location to your original data - consider using the cloud.
5. Keep your devices safe
Businesses are using mobile devices more and more to perform work tasks. This can introduce risks, so it’s important to ensure the appropriate security measures are implemented.
Protect your devices using a password/PIN/fingerprint recognition.
Set up device tracking and remote wiping to prevent your data being compromised if you lose your device.
Keep all your devices and apps up to date.
Use mobile data (3/4/5G), rather than connecting to public Wi-Fi hotspots when sending or receiving sensitive data.
- Out of date devices that no longer receive updates should be replaced.