Cyber Security Checklist

Cyber Security Checklist


Don't risk a cyber security incident!

  • Stay alert and prepared
  • Identify common types of security threats
  • Learn how to protect your business

Scam Emails (Phishing)

‘Dodgy’ emails designed to trick recipients out of money and data

Pronounced ‘fishing’, they are emails from individuals or organisations you ‘think’ you know. They mimic phrasing, branding and logos to appear ‘real’, before conning users to click on a link or attachment.

Here, they defraud users by asking them to provide or confirm their personal information, such as passwords and credit card numbers, or to pay a fake account. They can also send an attachment, designed to look genuine, with malware inside.

People with money – it is a numbers game

Phishing emails are typically sent to thousands of people. Even if only a small percentage of recipients fall for the scam, they can net significant data and sums of money.

  • Phishing (low sophistication, many targets) Usually general emails with obvious warning signs, sent to thousands of targets
  • Spear Phishing (high sophistication, less targets) Fraudulent and sophisticated messages sent to a specific individual, usually the business owner, receptionist or finance and payroll manager
  • Whaling (high sophistication, less and high value targets) Spear phishing aimed at very big fish like CEOs

Emails, SMS, Instant Messaging, Social Media

Phishing scams are not limited to emails. They are increasingly sophisticated and harder to spot.

Be cautious of:

  • Requests for money, especially if urgent or overdue
  • Bank account changes
  • Attachments
  • Requests to check or confirm login details

Malicious Software (Malware)

Unauthorised software designed to cause harm.

Malware is a blanket term for malicious software including viruses, spyware, trojans and worms.

Disrupt. Damage. Deceive.

Typically, for profit.

Malware gains access to important information such as bank or credit card numbers and passwords. It can also take control or spy on a user’s computer. What criminals choose to do with this access and data includes:

  • Theft
  • Pranks
  • Activism
  • Espionage
  • Other serious crimes

Anyone, anywhere

Malware creators can be anywhere in the world. They just need a computer, technical skills and malicious intent. Criminals can easily access cheap tools to use malware against you. It is not personal – they are not targeting you specifically – it is just business.



You are not guaranteed to regain access, and may be vulnerable to a second attack.

Certain malware that locks down your computer and files until a ransom is paid

Ransomware attacks are typically carried out via a malicious but legitimate looking email link or attachment. When downloaded or opened, most ransomware encrypts a user’s files, then demands a ransom to restore access – typically payable using cryptocurrency, like Bitcoin


Ransom, an age-old and effective crime, is now being committed online. Ransomware offers cyber criminals a low-risk, high-reward income. It is easy to develop and distribute. Also in cyber criminals’ favour, most small businesses are unprepared to deal with ransomware attacks.

Small, medium and large businesses

Many small businesses are often less security conscious, are less likely to implement cyber security measures, and spend less on cyber security measures.

Learning about cyber security for the first time?

Or are you keeping yourself up to date? This guide is an excellent place to start! If you want to improve your cyber security further, you can find more information and advice on the ACSC website at:

The ACSC is here to help make Australia the safest place to connect online.

The Australian Cyber Security Centre (ACSC), as part of the Australian Signals Directorate (ASD), provides cyber security advice, assistance and operational responses to prevent, detect and remediate cyber threats to Australia.


Have a Question?

Get In Touch!