Many cyber security incidents can be prevented by applying basic computer security practices, controls and software programs.

Here are the minimum steps you need to take to improve your cyber resilience.

Keep your business computer for business use only

If the computer you use for business is shared with family members or used for social media, playing games, watching videos and downloading music, there’s a higher chance of it being exposed to malicious software. Even with separate logins, there is still the possibility that another user of the computer may unintentionally download a virus or malicious software to the computer itself, which can affect your business information. It is good practice to have a dedicated computer for business use.

Always keep your Operating System and applications up to date

An operating system (OS) manages all the software and hardware on a computer system.  The most common types of OS are Microsoft Windows and Apple’s Mac OS X.  It’s good practice to upgrade your operating system when new versions become available. This is because the OS upgrades include enhanced security features and bug fixes.

Security vulnerabilities and bugs are emerging all the time. You can set up automatic updates and installations of the latest updates to keep your operating system protected.

Find out more about keeping your operating systems, applications and internet browsers up to date by reading How to protect your business from cyber security threats.

Install a firewall to block unwelcome access

A firewall is a protective security system that monitors and manages traffic between your computer network and the internet. It filters traffic types that can reach your network based on a set of defined security rules. If incoming traffic breaches a security rule, that traffic will be blocked from reaching your network.

Search Microsoft firewalls support, opens in new window and Apple iOS Support, opens in new window for information about firewalls for your operating system.

Keep your anti-virus and malware protection up to date

Anti-virus software is a tool to protect your computer or network from cyber security threats. Cyber security threats include malware being installed on your network. If a threat is detected, you receive an alert along with the recommended action you need to take.

Operating systems offer inbuilt anti-virus and malware protection. The key to staying protected is to install updates as soon as they are available.

Search the support pages of Microsoft, opens in new window and Apple iOS, opens in new window to find out more. Alternatively you can ask your trusted IT retailer or IT support for recommendations.

Protect your data with encryption

Encryption software protects your data by disguising it in a code that unauthorised people can’t view, even if they have physical access it. Search the support pages of Microsoft, opens in new window or Apple security, opens in new window to find out how to turn on encryption for data security.

Keep passwords strong and secured

Always have unique strong passwords for all your online accounts and logins. Never share passwords amongst business colleagues or family.

Set up two factor authorisation (2FA)

Over and above using strong passwords, add an additional layer of security by choosing 2FA. This is particularly important if you have staff accessing your systems remotely. Secure apps such as internet banking with 2FA.  

Uninstall programs that are not used

Get into the practice of checking what programs are installed on your systems. Uninstall any software program that you don’t need as you may be unnecessarily opening yourself up to security vulnerabilities.

Also, by getting familiar with the programs that you expect to see, any unwelcome or malicious programs will stand out.

Be vigilant on access management

  • Employees in your business should have their own login credentials to business systems.
  • Remove administration rights from computers that don’t need it.
  • Don’t browse the internet using an administration account. This prevents the entire network from becoming infected if a compromised website is visited.
  • Ask your IT provider if they have remote access to your systems and what security controls they have in place.
  • Ask your IT provider if they use different passwords for each of their customers’ sites.

Back up your data regularly

If your system is compromised, you’re at risk of losing all your business data. Make sure you back up your data regularly. To find out how read the article How to store your business data securely.

For more information about basic computer security

Helpful resources

How we can help

If you’re a NAB customer and you believe your business or personal accounts have been impacted by fraud or a scam, we’re here to help. Explore the immediate steps you can take to protect yourself and discover when you should get in touch with us to make a report.

Learn what to do in the event of fraud or scams

Get updates on the latest fraud alerts


IDCARE is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.

IDCARE can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians.

Learn more about IDCARE, opens in new window

Australian Government | Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.

Learn more about the Australian Cyber Security Centre, opens in new window

Australian Government | ReportCyber

ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.

Learn more about ReportCyber, opens in new window

Australian Competition and Consumer Commission | Scamwatch

Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.

Learn more about Scamwatch, opens in new window

Australian Government | Office of the eSafety Commissioner

The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.

Learn more about the Office of the eSafety Commissioner, opens in new window

Australian Government | Attorney-General’s Department

The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.

Learn more about the Attorney-General’s Department, opens in new window

Related articles

Important information