Practical cyber security tips for business leaders
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has developed a new resource, Practical Cyber Security Tips for Business Leaders, to support you with information that will help you improve your cyber security.
The new publication for senior leaders and executives includes guidance to secure accounts and devices, social media and communication channels, and how to travel securely.
Source: Australian Signals Directorate - January 2024
Overview:
Practical cyber security tips for business leaders
Enable multi-factor authentication (MFA) to prevent unauthorised access to your devices and accounts
Update and patch your software and applications to fix vulnerabilities and add security features. You should turn on automatic updates, wherever possible.
Update and patch your operating systems to protect your devices.
Protect your important information by regularly backing it up.
Secure your devices
Use separate work and personal devices and accounts
Do not share work devices with others
Keep your devices secure by using a screen lock
Give only minimum permissions to software and apps
Factory reset your devices after suspected compromises
Turn your mobile devices off and on at least once a day
Protect your devices by using trusted software and apps
Charge your devices only with trusted cables and power outlets
Only plug trusted devices into your laptop, phone or computer
Turn off your device’s communications capabilities when not required
Secure your accounts
Screen suspicious calls, emails and messages
Use a password manager or passphrases to create strong, unique passwords
Never share passwords and passphrases
Don’t use publicly available information for password reset questions
Secure your social media
Restrict social media privacy and security settings
Don’t share private information on social media - Never assume that anything you do or post online will remain secret from anyone, including malicious actors
Use separate work and personal social media accounts
Never share login details for social media accounts
Watch for and report fake social media accounts - People may attempt to impersonate you online. Malicious actors may also try to impersonate someone you trust in order to trick you. Be cautious when approving requests to verify social media accounts.
Secure your communications
Enable security features on messaging apps - Use encrypted messaging applications and familiarise yourself with their security features.
Be cautious when using group messages
Only do work communication from your work devices
Only share meeting invitations through private channels
Only allow invited participants to join meetings
Join meetings from a private location
Be cautious when screen sharing
Secure your travel
Don’t use public Wi-Fi - Public Wi-Fi is insecure by nature and can expose your internet activity to malicious actors. When you are travelling, it is more secure to set up a personal mobile hotspot rather than to use public Wi-Fi.
Take precautions to reduce the impact of lost or stolen devices - One of the biggest risks to your information is from lost or stolen devices.
Consider using dedicated travel devices and accounts - Your devices may be more susceptible to targeting by malicious actors when you travel overseas so only travel with the devices you need.
What to do if you think you have been compromised
If you think you have been the victim of a cyber incident you should speak to your IT support team immediately. The sooner they know, the sooner they are able to help you. Cyber incidents can also be reported to the Australian Cyber Security Centre on 1300 CYBER1 (1300 292 371). This service operates 24 hours a day, 7 days a week. For more detailed advice on how to immediately respond to a suspected cyber incident, visit ASD’s ACSC ‘Have you been hacked?’ tool at cyber.gov.au.
