There are many ways criminals can gain access to your business data if you don’t store it and manage it securely.

Read Understanding the value of your business data to find out what business data is, and why getting access to it is a profitable pursuit for people that may otherwise have nothing to do with you or your business.

There are some basic steps you can take to keep your data safe. Making it hard for criminals to get to your data is the key.  

Follow the recommendations below to protect your business data and find out where you can go if you’re ready to secure your data beyond the basics.

Block unauthorised access to your network

Install a firewall to block unwanted access to your network. You can find out how to activate a firewall on Windows PCs by searching on the support pages of Microsoft’s website, opens in new window or the support page of Apple’s website, opens in new window.

Limit the number of employees with full administrative access to your network. Strong passwords will help protect your business data from unauthorised access.

Protect your data by encrypting it

Data encryption means translating or scrambling data into a code that can’t be understood by an unauthorised person. The code can only be translated back to its original form by people with access to a secret key or decoder.

Encryption software protects the confidentiality of your data by encrypting your stored data as well as data in transit. That means data being exchanged through your network and the internet – both incoming and outgoing. Here are some examples of data in transit that would be of value to someone with malicious intent:

  • Online payment transactions.
  • An email direct marketing (EDM) campaign that hasn’t been released to the public yet.
  • Update of personal contact details of new customer leads or existing customers.
  • Uploading taxation documents to your accountant’s system.
  • Email communication with attachments that contain confidential or legal information.

Search the support pages of Microsoft, opens in new window or Apple security, opens in new window to find out how to turn on encryption for data security.

Backup and recover your data regularly

‘Backing up’ data means making a copy on another device, for example, you might save your important files onto a second hard drive or even on a different encrypted USB drive. It is best practice to backup your data on two different devices.

There are two basic kinds of backups: a full backup and an incremental backup.

A full backup makes a complete copy of the selected data onto another device. An incremental backup saves just the data that has been added or changed since the last full backup.

A full backup, augmented by incremental backups, is quicker and takes less storage space. You might consider a policy of running a full backup on a weekly basis, followed by daily incremental backups. This could be as simple as copying your data at the end of your day onto a password-protected USB stick, and stashing it somewhere safe. You could cycle through 5 different USB’s for each working day of the week.

Remember to disconnect the backup device after you have completed your backup.

As attackers are known to encrypt or delete backups connected to the computer or network, it’s important to keep backups of business data offsite and off the network.

It’s also important to test your backups frequently by restoring data to a test location.

This helps ensure the backup device and backed up data are in good shape; identify problems in the restoration process; and provide a level of confidence that your backups will be useful during an actual crisis.

Storing your data in 'the cloud'

Cloud storage services are useful if you want to make sure that your data is backed up and accessible anywhere. But, where is this cloud?

The cloud is a physical computer located somewhere else. Any time you backup or save your data to the cloud, it (and potentially several copies for safety) is saved to physical servers located somewhere in the world. While many of these servers have state-of-the-art security, others may not, and that might leave your data available to criminals.

That’s why it’s important to select to encrypt your data when you backup, and choose a reputable storage provider.

Know where your business data is stored and the devices that can access it

Any device that connects to your office network is a risk to your business data. Ensure that all your employees:

  • secure their internet-connected devices with a PIN or password
  • only use secure Wi-Fi to access any information related to your business
  • minimise the business information they store on their mobile devices, including emails.

Make sure your data is safe no matter where it is located.

Keep software, applications and operating systems up to date

Software providers release updates to protect you against security threats as well as to provide you with the latest in functionality.

To find out more read How to protect your business from cyber security threats.

Helpful resources

How we can help

If you’re a NAB customer and you believe your business or personal accounts have been impacted by fraud or a scam, we’re here to help. Explore the immediate steps you can take to protect yourself and discover when you should get in touch with us to make a report.

Learn what to do in the event of fraud or scams

Get updates on the latest fraud alerts


IDCARE is Australia and New Zealand's not-for-profit counselling and support service set up to assist Australians impacted by identity theft and cyber-related crimes.

IDCARE can assist NAB customers to navigate through the process when identity details or credentials have been compromised through fraud or scams. IDCARE is a free service for all Australians.

Learn more about IDCARE, opens in new window

Australian Government | Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together in a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats. ACSC provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities and risky online behaviours.

Learn more about the Australian Cyber Security Centre, opens in new window

Australian Government | ReportCyber

ReportCyber is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.

Learn more about ReportCyber, opens in new window

Australian Competition and Consumer Commission | Scamwatch

Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.

Learn more about Scamwatch, opens in new window

Australian Government | Office of the eSafety Commissioner

The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.

Learn more about the Office of the eSafety Commissioner, opens in new window

Australian Government | Attorney-General’s Department

The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.

Learn more about the Attorney-General’s Department, opens in new window

Related articles

Important information