The ATO’s top 10 digital security tips

Here are some tips from the ATO to help business owners maintain the most digitally secure business they possibly can.

It can be difficult to cover all aspects of digital security. Security systems have many different facets and it can be hard to remember each of them at all times.

The ATO has tried to alleviate this burden by consulting with the Cyber Security Working Group to collate the best tips to help business owners maintain their digital security.

1. Have a strong and secure password
The ATO suggests using passwords that consist of a collection of lower and upper case letters, numbers and symbols, and changing them frequently.

However, experts such as Ixia’s senior product marketing manager Jason Landry and hacker-turned-security expert Kevin Mitnick have previously told My Business that the best passwords do not necessarily contain the previously mentioned combinations, but are instead simple, sometimes nonsensical, passphrases.

The ATO also suggests using multi-factor authentication. This involves using a provider that sends a temporary code to your phone, app or other device. This code is then required to log into a service, in addition to your regular log-in credentials.

2. Remove unnecessary access
Ex-employees should not be able to access the business’ files. As such, the ATO says steps should be taken to ensure that access is revoked once an employee stops working for the business.

This also applies to employees who change positions within the company, as their new role may not require access to files they previously could access.

By not taking steps to revoke unnecessary access, you could enable former employees to commit identity fraud.

3. Update all devices
To avoid falling victim to malware (malicious software) and ransomware (software that holds your files hostage unless you pay a fee), every device and program your business uses should be updated, including anti-virus and malware scanning software.

4. Be wary of external devices
External device security is a commonly ignored security consideration.

According to the ATO, unfamiliar USBs and external hard drives can contain malware and should not be plugged into business devices until they have been properly verified.

5. Watch out for email spam
Sooner or later, spam or scam emails will miss the junk folder and find their way into a user’s inbox. Business owners and their employees should be vigilant about not clicking any attachments or links in an email, even if they are from apparently legitimate email accounts.

Moving missed spam and scam emails into the junk folder can help your spam filter recognise more types of spam.

6. Use secure wireless networks
Using unsecured wireless networks when out and about, such as making business-related payments on a mobile device, can result in that data being observed by those with malicious intent.

As such, avoid using unsecured wireless networks in order to keep your data as secure as possible.

7. Don’t share everything on social media
A person in a hoodie holds a tablet. Their face is obscured by shadows. It is always important to keep personal information to an absolute minimum when using a social media account for a business.

Business owners should also be careful who they interact with as scammers may try to impersonate the business owner or the business itself. Scammers may try to obtain this information by sending emails to staff or suppliers via a middleman scam.

8. Watch out for unusual account activity or transactions
If your accounts, either financial or digital, show interactions that no one in the business is responsible for, they may have been breached.

The ATO also mentions that if a supplier sends an email about unexplained changes, it is important not to open any attached files or links as it may be a scam attempt.

If this occurs, contact that business or supplier by telephone to confirm.

9. Secure your mail
By using a PO box, the ATO says businesses can secure their mail and reduce the chance of information security breaches by mail theft.

10. Keep devices secured
Unattended devices are a simple way for private data to be stolen quickly and without much warning.

Make sure your devices with passcode functionality have a passcode enabled. Keep your storage devices secure, such as USBs and external hard drives, and ensure that information of any kind is not left unattended.

Source: RPM

Topics: Speaking Engagements, unusual activity, update devices, identity fraud, personal information, cybersecurity expert, digital security, email spam, external device security, Password Management, secure password, secure wireless devices, security awareness training, malware, transactions, anivirus software, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Bypassing Key Card Access: Shoring Up Your Physical Security

As you build additional layers of defense into your cybersecurity framework, it's important to implement physical security strategies as well.

Read more ›

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›

Understanding Post-Inoculation Cybersecurity Attack Vectors

If you’ve recently improved your cybersecurity posture, you should know that the work to protect your company’s data is not over.

Read more ›