Articles by business.gov.au

Taking your business online can have its benefits, but it can also increase the risk of scams and security threats. Follow our steps to help protect your business from cyber threats. A single cyber-attack could seriously damage your business and its reputation. 1. Back up your data Backing up your business’s data and website will help you recover any information you lose if you experience a cyber incident or have computer issues. It’s essential that you back up your most important data and information regularly. Fortunately, backing up doesn’t generally cost much and is easy to do. It’s a good idea to use multiple back-up methods to help ensure the safety of your important files. A good back up system typically includes: daily incremental back-ups to a portable device and/or cloud storage end-of-week server back-ups quarterly server back-ups yearly server back-ups Regularly check and test that you can restore your data from your back up. Make it a habit to back up your data to an external drive or portable device like a USB stick. Store portable devices separately offsite, which will give your business a plan b if the office site is robbed or damaged. Do not leave the devices connected to the computer as they can be infected by a cyber-attack. Alternatively, you can also back up your data through a cloud storage solution. An ideal solution will use encryption when transferring and storing your data, and provides multi-factor authentication for access. 2. Secure your devices and network Make sure you update your software Ensure you program your operating system and security software to update automatically. Updates may contain important security upgrades for recent viruses and attacks. Most updates allow you to schedule these updates after business hours, or another more convenient time. Updates fix serious security flaws, so it is important to never ignore update prompts. Install security software Install security software on your business computers and devices to help prevent infection. Make sure the software includes anti-virus, anti-spyware and anti-spam filters. Malware or viruses can infect your computers, laptops and mobile devices. Set up a firewall A firewall is a piece of software or hardware that sits between your computer and the internet. It acts as the gatekeeper for all incoming and outgoing traffic. Setting up a firewall will protect your business’s internal networks, but do need to be regularly patched in order to do their job. Remember to install the firewall on all your portable business devices. Turn on your spam filters Use spam filters to reduce the amount of spam and phishing emails that your business receives. Spam and phishing emails can be used to infect your computer with viruses or malware or steal your confidential information. If you receive spam or phishing emails, the best thing to do is delete them. Applying a spam filter will help reduce the chance of you or your employees opening a spam or dishonest email by accident. 3. Encrypt important information Make sure you turn on your network encryption and encrypt data when stored or sent online. Encryption converts your data into a secret code before you send it over the internet. This reduces the risk of theft, destruction or tampering. You can turn on network encryption through your router settings or by installing a virtual private network (VPN) solution on your device when using a public network. 4. Ensure you use multi-factor authentication (MFA) Multi-factor authentication (MFA) is a verification security process that requires you to provide two or more proofs of your identity before you can access your account. For example, a system will require a password and a code sent to your mobile device before access is granted. Multi-factor authentication adds an additional layer of security to make it harder for attackers to gain access to your device or online accounts. 5. Manage passphrases Use passphrases instead of passwords to protect access to your devices and networks that hold important business information. Passphrases are passwords that is a phrase, or a collection of different words. They are simple for humans to remember but difficult for machines to crack. A secure passphrase should be: long - aim for passphrases that are at least 14 characters long, or four or more random words put together complex - include capital letters, lowercase letters, numbers and special characters in your passphrase unpredictable - while a sentence can make a good passphrase, having a group of unrelated words will make a stronger passphrase unique - don't reuse the same passphrase for all of your accounts If you use the same passphrase for everything and someone gets hold of it, all your accounts could be at risk. Consider using a password manager that securely stores and creates passphrases for you. Administrative privileges To avoid a cybercriminal gaining access to your computer or network: change all default passwords to new passphrases that can’t be easily guessed restrict use of accounts with administrative privileges restrict access to accounts with administrative privileges look at disabling administrative access entirely Administrative privileges allow someone to undertake higher or more sensitive tasks than normal, such as installing programs or creating other accounts. These will be very different from standard privileges or guest user privileges. Criminals will often seek these privileges to give them greater access and control of your business. To reduce this risk, create a standard user account with a strong passphrase you can use on a daily basis. Only use accounts with administrative privileges when necessary, limit those who have access, and never read emails or use the internet when using an account with administrative privileges. Learn more about restricting administrative privileges. 6. Monitor use of computer equipment and systems Keep a record of all the computer equipment and software that your business uses. Make sure they are secure to prevent forbidden access. Remind your employees to be careful about: where and how they keep their devices the networks they connect their devices to, such as public Wi-Fi using USB sticks or portable hard drives - unknown viruses and other threats could be accidentally transferred on them from home to your business. Remove any software or equipment that you no longer need, making sure that there isn’t any sensitive information on them when thrown out. If older and unused software or equipment remain part of your business network, it is unlikely they will be updated and may be a backdoor targeted by criminals to attack your business. Unauthorised access to systems by past employees is a common security issue for businesses. Immediately remove access from people who don’t work for you anymore or if they change roles and no longer require access. 7. Put policies in place to guide your staff A cyber security policy helps your staff to understand their responsibilities and what is acceptable when they use or share: data computers and devices emails internet sites 8. Train your staff to be safe online Your staff can be the first and last line of defence against cyber threats. It’s important to make sure your staff know about the threats they can face and the role they play in keeping your business safe. Educate them about: maintaining good passwords and passphrases how to identify and avoid cyber threats what to do when they encounter a cyber threat how to report a cyber threat. 9. Protect your customers It’s vital that you keep your customers information safe. If you lose or compromise their information it will damage your business reputation, and you could face legal consequences. Make sure your business: invests in and provides a secure online environment for transactions secures any personal customer information that it stores If you take payments online, find out what your payment gateway provider can do to prevent online payment fraud. There are laws about what you can do with any personal information you collect from your customers. Be aware of the Australian Privacy Principles (APPs) and have a clear, up-to-date privacy policy. If your business is online, it’s a good idea to display your privacy policy on your website. 10. Consider cyber security insurance  Consider cyber insurance to protect your business. The cost of dealing with a cyber-attack can be much more than just repairing databases, strengthening security or replacing laptops. Cyber liability insurance cover can help your business with the costs of recovering from an attack. Like all insurance policies, it is very important your business understands what it is covered for. 11. Get updates on the latest risks Keep up with the latest scams and security risks to your business. Sign up for the Australian Cyber Security Centre's (ACSC) Partnership Program for access to up-to-date information on cyber security issues and how to deal with them. 12. Get cyber security advice Australian Cyber Security Hotline If you want to talk to someone about cyber security, the ACSC has a 24/7 Cyber Security Hotline. The hotline provides over the phone support to both prepare for and respond to cyber incidents. Learn more on the ACSC website or call 1300 CYBER1. Help for small businesses Australian small businesses can access individual support to grow their digital capabilities through Australian Small Business Advisory Services (ASBAS). The program offers small businesses low cost, high quality advice on a range of digital solutions including online security. You can also find non-government IT service providers or cyber security professionals by doing an online search. Tips to help you choose the right adviser Before you engage an adviser, it's important to be prepared and understand what your business needs are. Follow these steps to help you choose the right cyber security adviser for your business: Identify your business needs and what you would like your adviser to help you with. Our Cyber Security Assessment Tool can help you figure out what your needs are and give you a list of recommendations. Match an adviser with your business needs. Service providers can vary in the range and focus of cyber security services they provide. Use your business needs to match you with a relevant adviser. Ask questions and do your research. Cyber security experts should be able to provide references and proof that they are certified to do the job. Make sure your adviser is easy to contact. A cyber attack can happen at any time of the day so it's important your cyber adviser can respond to a cyber incident after hours. Ensure they understand your business. Some industries have specific requirements and regulations. Check that your adviser understands how your business operates and are used to dealing with businesses similar to yours. Ask your adviser what their plan is if something goes wrong. Will they work with you to develop a joint plan to activate in the event that you suffer a cyber security attack? Do they have a proven track record of getting a business through a cyber security incident? For more information visit www.business.gov.au

Use social media to market your business and connect with your customers. Learn about the different types and the pros and cons of using social media. About social media Social media is online communication that allows you to interact with your customers and share information in real time. You can use social media to: reach your customers better create online networks sell and promote your products and services. However, there is risk in using social media for your business. Tread carefully and learn both the pros and cons before you start. Benefits of social media for business Social media can help you engage with your customers and find out what people are saying about your business. You can also use social media for advertising, promotional giveaways and mobile applications. Social media can help your business to: attract customers, get customer feedback and build customer loyalty increase your market reach, including international markets do market research and reduce marketing costs increase revenue by building customer networks and advertising develop your brand exchange ideas to improve the way you do business recruit skilled staff, for example through job networking sites like LinkedIn increase traffic to your website and improve its search engine ranking keep an eye on your competitors. Disadvantages of social media Social media may not suit every business. If you launch your social media presence without planning, you could end up wasting valuable time and money. Disadvantages of social media include: needing additional resources to manage your online presence social media is immediate and needs active daily monitoring you may get unwanted or inappropriate behaviour on your social media site the risk of getting negative feedback, information leaks or hacking the risk of having false or misleading claims made on your social media (by your business or a customer). These claims can be subject to consumer law. For example, if a customer or fan posts misleading or deceptive information, particularly about competitor products or services, you might receive a fine. To avoid the risks, have a social media strategy with policies and procedures in place before you start. Types of social media Not all social media platforms will be right for your business. Save time and effort by choosing social media platforms that your target audience will use. Below is a brief guide to help you understand some of the options available. Social networking sites Job networking sites Blogs Micro-blog Video sharing sites Podcasts and vodcasts Social-news communities Private social network services Location-based services Create your social media strategy Doing the ground work before you start is critical to a successful social media presence. Develop your social media strategy to: create compelling content engage with your customers at the right time generate sales. A social media strategy describes how your business will use social media to achieve its communications aims. It also outlines the social platforms and tools you’ll use to achieve this. Follow your strategy and don't overwhelm your customers with unnecessary posts. Remain focused on reaching your specific goals and tailor your messages around these. For more information visit www.business.gov.au

As a business owner, you’re responsible for protecting your customers’ personal information – it’s the law. Find out what type of customer information is personal and how to protect it. Laws around customer information As a business owner, you may be required under the Privacy Act 1988 (Privacy Act) to protect your customers’ personal information from: theft misuse interference loss unauthorised access modification disclosure. When you no longer need your customers’ personal information you must destroy or de-identify it. This includes shredding documents or storing them in a secure area. 1. Check if your business needs to comply If your business has an annual turnover of more than $3 million, you must comply with the Privacy Act. If your business has an annual turnover of $3 million or less, you may still be required to comply with the Privacy Act depending on your business type and what you do within your business. For example, you will still be required to comply if you’re a: private sector health service provider, including complementary therapists, gyms, weight loss clinics, child care centres and private education providers business that sells or purchases personal information contractor providing services under a contract with the Australian Government credit provider/credit reporting body residential tenancy database operator. 2. Decide what information is personal Personal information is any information where you can identify (or reasonably identify) an individual. It doesn’t matter if the information is true, or what form it’s in. Personal information might include your customers’: name signature address, email, telephone number, date of birth medical records bank details photos and videos IP address opinions which can be used to identify them. 3. Find out how to protect personal information If the Privacy Act covers your business, you need to comply with the Australian Privacy Principles (APPs). These outline how you must handle, use and manage personal information. It’s a good idea to check the APPs and the APP guidelines – they’ll help you understand what your responsibilities are. Even if the Privacy Act doesn’t cover your business, it’s important to handle your customers’ personal information appropriately. 4. Prepare your privacy policy You need to have a clear and up to date privacy policy that outlines the information you collect, what you use it for and how you protect it. It's a good idea to make this available on your website. You may wish to seek specific legal advice when drafting your privacy policy or for any other privacy issues. 5. Report notifiable breaches If your business is covered by the Privacy Act, then you will need to comply with the Notifiable Data Breaches scheme. If a data breach involves personal information and is likely to cause serious harm to an individual, you need to notify both the: individual involved Office of the Australian Information Commissioner (OAIC). For more information visit www.business.gov.au

Find out the common laws your new business may need to comply with, such as registrations, contracts, marketing and employment. When you start a business, you need to understand what laws apply to your new business. Consult a legal expert or business adviser to understand which laws you will need to follow. Business registrations If you conduct a business, you may need to comply with tax obligations. These could require you to register for: Australian business number (ABN) goods and Services Tax (GST) tax file number (TFN) pay as you go (PAYG) withholding. Other registrations that are optional include: Business name – if you want to trade under a particular name, you may need to register it. Trade marks - if you want exclusive rights to a business name, you need to register a trade mark. Website domains - if you set up a website, you need to register a domain name. Fair trading Fair trading laws ensure your business operates fairly and competitively. These laws also ensure that you inform and protect your customers. To make sure your business meets fair trading regulations, you need to consider: Fair trading laws Australian Consumer Law and your business Competition and Consumer Act Australian standards Codes of Conduct. When you sell products or services, you need to understand: Australia's trade measurement laws displaying prices product labelling secure card payments warranties and refunds. Contracts When you agree to do a job in exchange for money or some other benefit, you're probably entering a commercial contract. This contract is legally enforceable regardless of whether it is a ‘handshake deal’ or written agreement. Make sure you understand the contract before signing. Privacy laws If you collect and store your customers’ personal information, you must comply with privacy laws. These laws detail how a business must handle personal information, especially as it relates to direct marketing purposes. Use the Office of the Australian Information Commissioner checklist to help you determine whether you need to comply with the Australian Privacy Principles. Employment laws You have legal obligations when you employ people. Your obligations require you to: pay your employees correct wages abide by work health and safety (WHS) regulations and codes of practice ensure you have workers’ compensation insurance for each employee not act in a way that may seriously damage an employee's reputation or cause mental distress or humiliation comply with any working with vulnerable people or children requirements. Anti-bullying laws Bullying at work occurs when a person or group of people, repeatedly behave unreasonably towards a worker and put the worker's health or safety at risk. Harassment and bullying in the workplace has legal risks. If you employ people, be aware of the steps you can take to minimise your potential liability. Unfair dismissal The Small Business Fair Dismissal Code provides small businesses with a process to follow if they need to dismiss an employee. The Code applies to your business if you have less than 15 employees. Contractors You need to comply with different legal obligations when hiring a contractor or an employee. Make sure you understand the difference between a contractor and an employee. Franchising Code of Conduct All franchise businesses must comply with the mandatory industry code, Franchising Code of Conduct. Intellectual property Your business may have intellectual property (IP) it needs to protect. Before applying for your intellectual property right, you should do a comprehensive search to make sure that it isn’t already registered. You can register IP yourself or seek advice from legal professionals. Importing and exporting You must follow certain laws and permits before you import or export products. Understand your legal requirements of importing or exporting as part of your business operations. Environmental protections Federal, state and local governments jointly administer the environmental protection laws in Australia. As a business owner, you need to understand which laws apply to you. Marketing compliance You must comply with relevant regulations when marketing your products or services. These regulations ensure that you don’t mislead your customers. These regulations include laws on: advertising signage spam pricing licencing for using music in your advertising or even playing music in your business. Terms and conditions If your business operates digitally, you may need to include your policies on your website. The most common policies on websites include: Terms and conditions Privacy policy Returns policy. Terms and conditions help establish how visitors, users and customers use your website.  As your customers may not interact with you directly before purchasing a product or service, terms and conditions may act as a contract between you and the customer. For more information visit www.business.gov.au

As we increasingly use the internet to do business, it's important to make sure you have effective cyber security in place to protect your business from cyber-attacks. Cyber security Cyber security is about protecting your technology and information from: accidental or illegal access corruption theft damage You need to protect any digital information that your business creates and stores, plus any information you collect from your customers. Providing a secure system is critical to protect your business from cybercrime  and build and maintain customer trust in your business. To be effective, you need to make cyber security a part of your daily business processes. Who could be a cyber threat Cyber criminals may be an individual or a group of people. Threats to your technology or data might come from: criminals – out for money or information, to illegally access your hardware and data, or to disrupt your business clients you do business with – to compromise your information business competitors – looking to gain an advantage over your business current or former employees – who accidentally or intentionally compromise your information Ways cyber-attacks can happen Cyber criminals look for access to information and data on your business, employees and customers. They might do this by: theft or unauthorised access of hardware, computers and mobile devices infecting computers with malware (such as viruses, ransomware, and spyware) attacking your technology or website attacking third party systems spamming you with emails containing malware gaining access to your information through your employees or customers How a cyber-attack could affect your business A cyber-attack could cause you: financial loss – from theft of money, information, disruption to business business loss – damage to reputation, damage to other companies you rely on to do business costs – getting your affected systems up and running investment loss – time notifying the relevant authorities and institutions of the incident What is at risk Your money, information, technology and reputation could be at risk. This could include the destruction, exposure or corruption of the following: customer records and personal information email records financial records business plans new business ideas marketing plans intellectual property product design patent applications employee records (which could include sensitive personal identifiable information such as their date of birth) Types of online threats Some common online threats to watch out for include: phishing – fake messages to trick you into giving out your private personal, commercial or financial details. They can even pretend to be from an organisation you trust, such as a large business or government agency. malware - malicious software most commonly used by criminals to steal your confidential information, hold your system or device to ransom or install damaging programs onto your device without your knowledge. ransomware – a type of malicious software that makes your computer or files unusable unless you pay a fee to unlock them. Online scams Online scams can pretend to be from organisations, businesses or even individuals you trust to trick you into giving the scammers your money or your personal details to can steal your identity. Some common online scams to watch out for as a business include: Coronavirus (COVID-19) scams Unfortunately, scammers are taking advantage of COVID-19 to exploit and play on the fears of businesses and consumers across Australia. It is very difficult at times to know what communication is official. Cybercriminals are using websites, emails and text messages that claim to provide official information about COVID-19, but are attempts to get your personal or business information. Scammers are impersonating a range of official Australian and international organisations such as the Department of Health and the World Health Organisation, other government authorities and legitimate businesses including: financial institutions travel agents telecommunications companies Tax time scams Tax time is a popular period for scammers to target businesses. Stay one step ahead by being aware of these scams. The Australian Taxation Office (ATO) will not email you and ask for your bank details or tax file number (TFN). Watch out for scams targeting small businesses. Read about common scamming methods  on the ATO website. If you get an email, call or SMS from the ATO that asks for personal information or offers a tax refund, report it to the ATO and Scamwatch. Invoice email scam This involves scammers pretending to be legitimate suppliers advising you about changes to payment details. You may not realise until your business receives complaints from suppliers that your payments didn’t occur. Be aware of potential scamming and have checks in place to ensure you pay the right suppliers. Before paying, ensure the supplier verifies all major invoices using contact details you already have on record. Cyber security resources for small business Need more help understanding the basics of cyber security for your business? The Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security. Their role is to help make Australia the safest place to connect online by providing advice and information about how to protect yourself and your business online. When there is a cyber security incident, the ACSC provides clear and timely advice to individuals, small to medium business, big business and critical infrastructure operators. See the Small Business Cyber Security Guide on the Australian Cyber Security Centre website. Find an Australian Small Business Advisory Services (ASBAS) provider for advice on a range of digital solutions including online security. For more information visit www.business.gov.au

Understand how your business can provide equal opportunity employment and how to create flexible working arrangements. Equal opportunity and diversity overview Diversity in the workplace means that you employ people from a wide range of backgrounds. Working with a team of diverse employees will enhance your business through different perspectives, experience and knowledge. Research shows that diversity can be good for business. It promotes: better business performance and productivity from employees more creative and innovative thinking among staff improved staff health and wellbeing lower risk of discrimination and harassment in the workplace In Australia, national and state laws cover equal employment opportunity and anti-discrimination in the workplace. As an employer, you must understand your rights and responsibilities under human rights and anti-discrimination law. It's unlawful to disadvantage employees and job seekers in any way because of their: race colour gender sexual orientation gender identity intersex status age physical or mental disability marital status family or carer’s responsibilities pregnancy breastfeeding religion political opinion national extraction (place of birth or ancestry) social origin (class, caste or socio-occupational category) industrial activities (such as belonging to a trade union) Employing Aboriginal and Torres Strait Islander peoples As an employer, you can increase your understanding of Aboriginal and Torres Strait Islander peoples' experiences. Your understanding will help you provide appropriate and respectful opportunities for job seekers from these communities. Employing CALD people Australia is a multicultural society. Almost half of the population were born overseas or have at least one parent born overseas. A culturally and linguistically diverse (CALD) workplace means having employees who: are from different countries have different cultural backgrounds can speak multiple languages are from different areas in Australia follow different religions CALD employees provide additional perspectives and experience, they can help you: understand Australia’s multicultural consumers provide better customer service by using their language and cultural skills provide access to new market segments and networks expand internationally to overseas markets CALD employees and your workplace Make sure your workplace is ready to embrace diversity. You can: develop workplace policies and training that promote cross-cultural awareness hold lunches and events that celebrate workplace diversity and encourage employees to share their cultures and experiences set up mentoring arrangements that match employees from different backgrounds, to encourage open communication find out when significant cultural and religious events and days are on, so you can anticipate leave requests and plan celebrations in the workplace Employing people with disability People with disability work in all industries, in many different roles, and bring a range of skills, qualifications, talents and experience to business. Evidence has shown that employees with disability tend to: take fewer days off, take less sick leave and stay in jobs for longer than other workers have fewer compensation incidents and accidents at work compared to other workers build strong relationships with customers boost workplace morale and enhance teamwork As an employer of people with disability, you must be aware of the special national minimum wages that could apply. Prepare your workplace If you employ or interview someone with disability, you may need to make changes to your workplace to ensure it's accessible. Most people with disability won't need changes to the workplace, so it's a good idea to chat with them first. Changes to your workplace could include: modifying the physical environment accessible car parking accessible sanitary facilities accessible room requirements in accommodation buildings making work arrangements more flexible Employer support As an employer, you can access a range of government programs to help you employ people with disability: Disabled Australian Apprentice Wage Support is an incentive paid to employers who employ an eligible Australian Apprentice with disability. Job Access can help you with free, confidential advice about employing people with disability and the financial help available to employers. Wage subsidies can help employers with paying wages and training costs in the first few months of employing a person with a disability. The Supported Wage System supports people with disability who are not able to perform jobs at the same capacity as any other employee Employee support Your employees with disability also have support available to help them adjust to their workplace: Employment Assistance Fund covers the costs of making workplace changes and buy equipment. Job Access has information for people with disability about finding work and being supported in the workplace. Disability Employment Services can help you with training, support, workplace adjustments and Auslan at work. Work Assist supports you to keep working if you’re experiencing significant challenges maintaining your job due to an injury, disability or health condition. Employing mature aged people Mature aged workers often have built up knowledge and skills during their time in the workforce, so they can help you to: look at your business operations from a different perspective improve your business processes fill any skill or knowledge gaps in your workplace provide mentoring to less experienced employees train up your employees by sharing skills There is evidence that mature aged workers can: save you money due to lower rates of absenteeism make your business more productive help you learn and adjust to new technologies in the workplace Working with new parents Employees may be entitled to unpaid parental leave when a new child is born or adopted. Australian Government Paid Parental Leave scheme Employees can also have extra entitlements, such as paid parental leave. This leave could occur under an award, agreement, company policy or law, such as the Australian Government Paid Parental Leave scheme. The Australian Government Parental Leave Pay provides eligible working parents who are the primary carer of a newborn or newly adopted child with a maximum of 18 weeks of Government-funded pay based on the national minimum wage. Working dads or partners are eligible to receive up to two weeks of Government-funded pay based on the national minimum wage, called Dad and Partner Pay. You can provide support to new parents by maintaining regular contact during parental leave. If both employee and employer agree, your employee can come to work for up to 10 paid Keeping in Touch days. These days won't affect your employees unpaid parental leave entitlements. Employing young people If you plan to hire young people under the age of 18, you will need to check with your local authority if you require a Working with Children check. The check may have a different title in your state or territory. You can contact your state or territory office responsible for the checks through the following links: ACT - Working with vulnerable people registration NSW - Working with Children Check Northern Territory - Working with children clearance Queensland - Working with Children Check (blue card) South Australia - Working with children check Tasmania - Work with vulnerable people registration Victoria - Working with Children Check Western Australia - Working with Children Bullying and harassment All employees have a right to work in a workplace free from discrimination and harassment. As an employer, you have a responsibility to ensure that your workplace meets these rights. Under Australian anti-discrimination law, an employer may be legally responsible for discrimination and harassment in the workplace. To minimise the risk of legal action as a result of this, employers can actively implement anti-discrimination policies and ensure they make staff aware of the consequences. As well as discrimination, bullying is a form of workplace harassment that employers must address. Bullying behaviour includes: unfair and excessive criticism publicly insulting victims constantly changing or setting unrealistic work targets undervaluing employees' efforts at work For more information visit www.business.gov.au

Australian businesses are being targeted by cybercriminals. The Australian Cyber Security Centre (ACSC) urges all Australians to protect themselves against one of the most significant cybercrimes – ransomware. In the ACSC Annual Cyber Threat Report 21-22, ransomware was assessed to be the most destructive cybercrime threat, which had impacted all sectors of the Australian economy. Ransomware is malicious software that makes data or computer systems unusable until the victim makes a payment, often in the form of hard-to-trace cryptocurrencies. However, victims don’t just face the financial costs associated with recovery, they also experience business downtime, potential data loss and reputational damage. What signs of ransomware should I watch out for? Cybercriminals often encrypt data after gaining illegal access to a system. This can happen in the same way as other computer viruses, for example, by opening or downloading malicious software. Avoid visiting unsafe websites, opening emails or files from unknown sources, and be cautious when clicking on links from emails or social media. Stay alert to common signs of ransomware. These signs include: being unable to open your files ransom messages requesting money logins no longer working files moving location unusual file names or extensions.  How should I protect myself from ransomware? Being cautious with your online activity isn’t the only protection against ransomware attacks. The best way to prepare yourself for a ransomware attack is to create regular backups of your data. Regular backups make it possible to restore encrypted files, which may otherwise be impossible to recover. You can also prevent ransomware with a number of simple cyber security measures, such as: Updating your devices and turning on automatic updates. Using anti-virus software and turning on ransomware protection. Securing your accounts by turning on multi-factor authentication. Setting unique passphrases. Securing your servers and minimising your external footprint. Implementing access control for your business files. What if I am attacked by ransomware? If you become a victim of ransomware, the ACSC advises to never pay a ransom. There is no guarantee you will regain access to your information, nor does it prevent stolen data from being sold or published online. Paying also increases the likelihood of you being targeted again in the future. For more information visit www.business.gov.au

Using digital tools to operate your business can increase your efficiency, reduce your costs and be more environmentally friendly. Learn about the benefits of going paperless and follow our tips to help you go digital. The benefits of going paperless Going paperless means not using paper documents in your business and using digital documents instead. Going paperless has many benefits including: Saving time and boosting your business efficiency Reducing business costs Being more environmentally friendly  Reducing human error for your business  Saving space Helping with your emergency management. How to go paperless 1. Check your businesses digital maturity Start by identifying what your business is doing well and where you can improve when it comes to digital maturity. Use our free Digital Readiness Assessment Tool to help you. It takes about 10 minutes for you to complete, and we recommend using it once a year as a digital health check for your business. 2. Use digital tools and software that will benefit your business Many digital tasks can be completed using easily accessible online software and tools. These include: Document management systems – for organising, storing and searching for digital files.  Accounting systems – for storing and accessing all your financial details. This will make tax time so much easier. With a few clicks of a button, you can produce handy reports to help you complete your tax return.  Customer relationships systems – for recording interactions between you and your prospective and existing customers. Learning management systems – for creating training courses, storing course information and delivering courses. 3. Get expert digital support If you're a small business owner and not sure how to get started, you may be eligible for support from an expert from the Digital Solutions program. The program will work with you to adopt digital tools to save you time and money, and to help grow your business. 4. Bring your staff along for the digital journey If you have employees, then the transition to go paperless will have a better chance of success if you bring your staff along for the digital journey. You can do this by:  Communicating to your staff how the new digital tools will help their work and benefit them. Involving staff in decision making about digital tools and software. Making sure your staff receive training in how to use your digital tools, before they need to use them.  Easing staff into change gradually. Remember that going paperless is a journey, and people respond better to small changes over time.  5. Learn what other businesses have done If you need a little inspiration, see how small businesses similar to yours have adopted digital technologies into their business. 6. Understand rules for digital marketing Marketing through printed materials, such as brochures, can be costly. You can save money by marketing through digital channels, such as emails, text messages and social media, but it's important that you understand the rules when sending electronic commercial messages to your customers. For more information visit www.business.gov.au

Are you thinking about hiring staff to cover the busy holiday period? Here’s 5 tips to help make your hiring process go smoothly!   1. Understand the steps to hiring an employee There are many steps to consider when hiring employees and it's important to understand your legal obligations. These include working out the correct employee payments, tax, superannuation, and record keeping. Use our checklist to step you through the hiring process.   2. Decide on the employment type Would hiring casuals or fixed term employees better suit your business to cover the upcoming busy period? Both may be suitable for your business as temporary staffing options.  Casual staff have no guarantee of regular work hours. While they offer your business greater resourcing flexibility, keep in mind that casuals are entitled to say no to shifts.  On the other hand, fixed term employees have guaranteed hours for a certain period of time. They can be more of a resourcing commitment, but may offer your business more stability.   Learn more about the different types of employees.   3. Start the hiring process early With the peak holiday period just around the corner, it’s important to begin the hiring process as soon as possible. This will allow for easier onboarding and training while business is quieter. Think about other time savers, such as: documenting key processes in a manual for new starters organising interviews so they are all held on the same day or hold group interviews sharing rosters with staff early, to double check staff availability for key dates. This will reduce the need to change rosters later.   4. Advertise your value Almost a third of employing businesses are having difficulty finding suitable staff, according to the Australian Bureau of Statistics, so it's important to let people know why your business is a great place to work. Highlight what skill opportunities, support and perks you are offering employees in your advertisement. Use social media to reach out to your networks and spread the word about your value. With staffing shortages across Australia, this will help your advertisement stand out. Follow our steps to interview and recruit new staff.   5. Create an employment contract An employment contract is an agreement between you and your employee. It can be written or verbal, but a written contract will communicate your employee’s pay and conditions clear from the start which can help protect your business in the long term. Our free Employment Contract Tool can help you build your own employment contract for an employee under Australia's Fair Work system. Create a free employment contract.   Want more? Find more information on hiring and managing employees. For more information visit www.business.gov.au

Don't take your return customers for granted. Read our tips for keeping customers happy and coming back. While most businesses have a focus on attracting new customers, it's just as important to keep your current customers coming back. Here are our tips for encouraging repeat customers. 1. Employ the right people Unpleasant experiences with employees are one of the main reasons for customers leaving a business and not returning. Good employees are the key to developing a good reputation for your business. Your employees are the face of your business and the main point of contact for customers. Having friendly, efficient and happy employees with good customer service skills will give your customers a positive experience and ensure they more likely to return. 2. Stay in touch Staying in touch with your customers through emails and reminders can help you stay on their radar. Email newsletters are a simple way of giving regular updates, like details on special offers or promotions that can remind and encourage them to visit your business. Some email tools can let you organise customers by groups to provide more personalised offers or information. For example, if you know their date of birth, you could send a birthday greeting with a special offer. There is a fine line between keeping in touch and sending spam. Make sure your communication is meaningful and serves a purpose. The information should be interesting and relevant to your customers. 3. Show your appreciation Customers who feel valued are more likely to feel loyal to your business, come back again and recommend it to others. There are many ways you can show your gratitude, from a personal phone call to a written thank you note or a special reward, such as extra product or a discount. Creating customer loyalty programs to reward frequent customers can encourage them to continue coming back in order to receive their reward. For example, every tenth coffee a customer buys is free. 4. Make it easy for customers to contact you Making your communication channels clear and easy to use is vital for establishing new customers and keeping existing customers coming back. Your communication methods should be clearly displayed on your businesses Google listing and if you have one, your website. Customers should also be able to reach you through your social media channels, through comments or direct messages. To keep customers happy, make a point of responding to social media comments, emails and voicemail messages quickly. 5. Take responsibility Your brand reputation is essential for encouraging customers to return. To keep up a good reputation, it's important to admit when you make a mistake and apologise if necessary. It’s important to respond to customer reviews or complaints quickly, so that you have the best chance at winning them back. By admitting your mistakes and attempting to fix them, customers can see that you’re willing to correct faulty processes and prevent future mistakes. It can also increase your business authenticity, which is a selling point for customers. For more information visit www.business.gov.au

Small business owners are the backbone to the Australian economy however many are experiencing significant financial hardship due to the COVID-19 pandemic and natural disaster events. The Australian Government’s Small Business Debt Helpline assists small businesses in financial distress across Australia, regardless of the cause of the hardship. The Australian Government is investing $2.1 million in the Small Business Debt Helpline delivered by Financial Counselling Australia (FCA). The Small Business Debt Helpline is a dedicated small business financial counselling service offering free, independent, and confidential phone-based support to small business owners nationally. Support is provided across a range of complex issues including: avoiding bankruptcy negotiating payment plans debt waivers grant applications insolvency. Small business owners needing extra support will be referred to the right service for them, including mental health support. The Small Business Debt Helpline replaces the Small Business Bushfire Financial Counselling Support Line. This builds on the Australian Government’s previous $3.5 million investment in 2020 to establish the Small Business Bushfire Financial Counselling Support Line delivered by FCA as part of the Government’s response to the devastating 2019-20 bushfires. All small business owners across Australia can access the Small Business Debt Helpline by calling 1800 413 828 between 9am and 5.30pm Monday to Friday AEDT. For more information visit www.business.gov.au

Buy now, pay later (BNPL) services are changing the way customers shop. Understand what BNPL is and whether it's a good fit for your business. What is buy now, pay later? Buy now, pay later (BNPL) is a payment option that allows a customer to make a purchase without paying the total price upfront. Instead, the buyer pays one instalment at the time of purchase and pays the remaining balance in interest-free instalments over a pre-set period of time. Though the customer pays the balance over a set period of time, businesses are paid the total amount at the time of purchase. It is most commonly seen in retail stores, but can be used across other business industries such as travel, vehicle repair and food and beverage services. Benefits for your business Though BNPL providers take a percentage of your profit, there are some key advantages to including BNPL as a payment option. Increased sales – customers are more likely to feel comfortable making a larger purchase when upfront payment is not daunting. BNPL services offer the ability to spread the overall cost over a period of time. BNPL customers also tend to purchase more things, as the initial cost is low. No outstanding invoices – your business gets paid in full at the time of purchase, so there is no risk of an invoice not being paid. Remain competitive – as BNPL services become more common, offering it as a payment method can help keep your business in competition with others in your industry. Things to consider before offering BNPL BNPL services can increase your revenue and attract new customers, but there are a few things to keep in mind when considering the payment type or choosing between providers. Price of your product – some BNPL providers have a minimum order amount. Compare the different options to make sure your products can be sold using the service. Payment terms for your customers – it's important to remember that BNPL services involve your customers taking out a loan with the service provider. Make sure you feel comfortable with this model before offering the service. Fees and charges – in exchange for offering customers interest free payment plans and loans, BNPL services take between 2% and 8% of the purchase price from the sale. Compare rates and choose the best platform for your business. How to offer BNPL services To offer a BNPL service to your customers, you'll need to research and select a BNPL provider that suits your business. Once you've selected a provider, you need to sign up with them as a merchant. Once your application is approved, you'll need to integrate the system into your online or instore payment platforms. For more information visit www.business.gov.au