skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus
Article related to:

Business risk

Cyber security basics for small businesses

ANZ Financially Ready

2023-05-30 04:30

Key points

  • The rise of cybercrime
  • Create a PACT to fight cybercrime
  • Pause before sharing information
  • Activate two layers of security
  • Call out suspicious messages
  • Turn on automatic software updates 
  • Stay on top of the latest updates

Technology has transformed how we do business. It helps us work faster, collaborate seamlessly and work from anywhere. Yet this transformation is not without risk. In fact, the risk of cyber attack is growing.

As more businesses work and transact online, cybercriminals get more sophisticated. Stories of phishing, social engineering, ransomware, malware and more are hitting the headlines frequently and the attacks are proving costly. Between July 2021 – June 2022, the Australian Cyber Security Centre reported an increase in financial losses due to Business Email Compromise, (BEC) to over $98 million, with an average loss of $64,000 per report.

Given that cybercrime is not going away, every business large and small should be prepared for an attack. A simple way to boost your cybersecurity is to create a PACT to fight cybercrime.

Here are some simple steps that may help to protect your business, people and information.

Pause before sharing information

Think before sharing or accessing information, especially sensitive data. Consider who you are sharing your information with, and if it doesn’t feel right, don’t share it. Convey this message to your staff and help them understand what is sensitive.

Beware of scam emails and messages even if the message appears to come from someone you know.


  • Never provide security details, in response to any email – even if it looks legitimate – without contacting the sender through official contact points (e.g. published phone number) to verify the request
  • Don’t click on any unexpected links even if it appears to come from a legitimate source
  • If it doesn’t seem right, or is unexpected, question it – even if it appears to be from someone senior in your business.  Use the contact details on the company’s official website to call and verify vendor or supplier requests.
  • Hang up if you receive a suspicious phone call

Activate two layers of security

Passwords can help protect sensitive information and may help keep hackers out of your systems – but only if they are strong enough. Cybercriminals can easily crack passwords of seven or eight characters, even if they are a mix of numbers, special characters and upper and lower case letters.

The Australian Cyber Security Centre now recommends you use passphrases instead. Passphrases are long, complex, and unrelated words that are a lot harder to crack.

Although passwords or passphrases protect information, when used alone, they are not infallible.

Multi-factor authentication (MFA) is an essential security measure, and for good reason – it can make it much harder for cybercriminals to access your systems or accounts.

With MFA in place, you can only gain access to devices or business systems with two or more forms of identity. Typically, it uses a combination of something you know (like a PIN or secret question), something you have (like a card or token) and a part of you (such as a fingerprint or facial recognition).


  • Replace short passwords with longer, complex passphrases
  • Use a different passphrase for every account
  • Use a password manager to help you remember and save your passphrases
  • Avoid using words or names (such as pet names, middle names, street names and date of birth) that can be easily found on social media profiles.
  • Use a password manager to help you securely store and create strong and different passwords or passphrases across your accounts.
  • Review all the devices and applications you use in your business and in your personal life, and schedule a time to set up MFA where it is available
  • Read the Australian Cyber Security Centre’s guidelines for setting up Two-Factor Authentication on platforms like Microsoft, LinkedIn and Gmail. If the platforms you use aren’t on their list, a simple Google search should provide guidance around how to activate it.

Report suspicious messages

Human error is a key cause of cyberattack, so it pays to educate your staff. For example, an employee might click on a phishing link, download malicious software, share customer information with an unauthorised caller, or use a weak password or passphrase for entry into your business applications.

Cybercriminals prey on human vulnerabilities like these. That’s why it’s so important to educate your employees about your security strategies, policies and processes.


  • Report scams on the ACCC’s Scamwatch website.
  • Share details of emails or SMS pretending to be ANZ to
  • Take note of any malicious emails, suspicious phone calls or irregular activity occurring within your business.
  • Take the time to set up MFA, passphrases and other security measures.
  • Act fast and get help as soon as a cyber incident is suspected. For example, contact your bank immediately if you suspect your business accounts have been compromised. 

Turn on automatic software updates

Security breaches almost always occur on out-of-date devices and software. If you don’t run the latest versions of operating systems, software and applications, you could expose yourself to more risk.

Automatically updating your operating systems and software to the latest versions – which come with better security – can help protect your business from exploitation of security vulnerabilities.

And don’t forget to back up! With ransomware and malware attacks on the rise, it’s more important than ever to regularly and automatically back up your data.

To provide more protection you can consider internet security software. Up-to-date security software can protect your computer from malware, like viruses, spam and spyware.


  • Enable automatic updates for all software from operating systems to antivirus programs; even on your phones
  • Keep an eye out for when older devices and software reach end of support – at this point, the manufacturer or developer no longer supports updates, and your exposure to threats increases significantly
  • Choose physical and digital backup systems that work for you
  • Physically remove your storage device after each backup and store it somewhere safe

Stay on top of the latest updates

When it comes to cybersecurity, you can’t afford to sit still. As well as tackling the tips above, you should also consider completing the Australian Cyber Security Centre’s Cyber Security Assessment Tool, which will give you actionable recommendations to improve your security position.

Next steps

Cyber security basics for small businesses
Business specialist
ANZ Financially Ready

Related articles

Any advice does not take into account your personal needs, financial circumstances or objectives and you should consider whether it is appropriate for you.

ANZ recommends you read the applicable Terms and Conditions and the ANZ Financial Services Guide (PDF) before acquiring the product.

This page contains only general information which is subject to change and is not a substitute for commercial judgement or professional advice. This information does not take into account your personal and financial needs, particular objectives and/or circumstances, and you should seek appropriate independent advice (which may include property, legal, financial, taxation and accounting advice) before making any decisions, investing, or acting on it.

Tools, templates, checklists, and calculators (“ANZ Tools”) linked or referred to on this page, are only some of many ways to analyse a business or industry, or to assist your planning and business decision making. You should seek the assistance of your accountant, business or other advisor when either planning for or analysing your business.

To the extent permitted by law, all members of the ANZ group of companies, their employees, officers and contractors (“ANZ“), offer no warranty and disclaim liability or responsibility to any person for any actions, claims, costs, demands, liability, or direct or indirect losses or damage that may result from using or relying on the information set out in the pages or the ANZ Tools, and / or any act, omission or error, by any person in relation to them.  To the extent permitted by law, ANZ makes no warranty and has no liability in respect of your use and reliance. ANZ Tools are also subject in many cases to further specific cautionary wording and disclaimers which you should read.

ANZ tools, templates and checklists are only some of many ways to analyse a business or industry to assist your planning and business decision making. You should seek the assistance of your business advisor or accountant when either planning for or analysing your business' performance. To the extent permitted by law, ANZ makes no warranty and has no liability, in respect of your use of and reliance on these tools.