"Cyber security" may sound like a far-off worry for big corporations or telcos, but that's far from the case. Cyber security simply means the practice of safeguarding your sensitive data from unauthorized access, theft and damage.

If you have any online accounts at all, you should know how best to protect them. That's also true if you have a small or medium business.

Nearly half of all cyber attacks target small businesses with 1,000 or fewer employees, resulting in an average cost of A$46,600 for small businesses and $62,800 for medium-sized businesses in Australia.

Even if you don't own a business, your personal savings are vulnerable, too. Last year, individuals affected by cyber crime reported an average loss of $30,700, up 17% from the previous year.

So what can you do to protect yourself? We interviewed 18 financial, legal and cyber security professionals in Australia and developed practical checklists for individuals and small-to-medium businesses. Here's what they recommend.

Cyber security checklist for individuals

1. Use strong, unique passwords

Strong passwords are a cornerstone of cyber security. You've likely heard this a lot, but it bears repeating: set up a unique password for each of your online banking and email accounts, using a combination of letters, numbers and special characters.

2. Enable multi-factor authentication

Add an extra layer of security to all your important accounts by enabling two-factor or multi-factor authentication wherever possible (you can easily find this in app settings). This means that after entering your password, you also need to enter a verification code sent to your phone, for example.

3. Be cautious with email attachments and links

Avoid clicking on links or downloading attachments from unknown or unsolicited emails or text messages. Verify the sender and stay vigilant.

4. Limit what personal info you share online

Cyber criminals often use publicly available information for social engineering attacks where they pretend to be someone you know, your employer, or even a business you've interacted with. Be mindful of any information you share on social media and other platforms.

5. Avoid public wifi for sensitive transactions

When accessing sensitive information (like banking sites), avoid using public wifi or hotspots. It's best to use your mobile data connection or, if you know how to set one up, use a virtual private network, or VPN.

6. Exercise caution when using artificial intelligence (AI) tools

Before uploading sensitive or confidential information to AI tools such as ChatGPT or Claude, think of the potential risks. Avoid using untrusted or unsecured platforms, check their policies to understand how your data might be shared, and be mindful of the types of information you share with these tools.

7. Use encryption for sensitive information

Encrypt personal files and sensitive communications to protect them from unauthorized access. For example, you can set a password for your document in Microsoft Word by selecting "Encrypt with Password" under the "Info" tab in the "File" menu. This ensures only people with the password can open or modify the file.

8. Stay informed about cyber security threats

Keep up with cyber security news and trends to know what types of attacks are becoming common. You can do this by subscribing to news articles on scams or checking websites like Scamwatch.

Cyber security checklist for small and medium businesses

Much of the advice for individuals also applies to business owners. But there are other things you should keep in mind when it's not just your personal data that's at stake.

1. Evaluate how long to keep information

Determine how long to retain information and data and assess if it's valuable for the organization. For example, an accounting firm may retain client tax records for five years, but delete older records no longer relevant to current business.

2. Remove unnecessary information and data

Remove information that no longer serves a purpose to reduce the risk of exposure during a breach. For example, retail businesses should periodically delete outdated customer email lists.

3. Keep software and systems up to date

Keep all systems, applications and devices updated. Software may contain vulnerabilities that cyber criminals can exploit, and updates are a way to patch these up and keep your systems secure.

4. Keep an eye on who can access what

Limit access to information based on roles within the organization. For example, at an accounting firm, only the relevant employees should have access to the financial records of its clients, and they should be protected with multi-factor authentication.

5. Have reliable data backup procedures

Regularly back up essential data to a secure location. Having reliable backups allows for recovery in the event of data loss or ransomware attacks.

6. Conduct regular security audits

Regularly audit systems and networks to identify vulnerabilities. For example, an accounting firm that stores sensitive client data like financial records should conduct quarterly security audits to ensure the data stays safe and nobody has gained illicit access.

7. Train employees on cyber security best practices

Employees play a significant role in cyber security. Regular training can help them recognize phishing emails, suspicious links and other tactics used by cyber criminals.

8. Create an incident response plan

Develop a response plan for cyber security incidents that outlines the steps to take in case of a cyber incident or breach. If something happens, having a plan in place will help you react quickly and efficiently.

9. Consider investing in cyber security insurance

Cyber insurance can help mitigate the financial fallout from a breach, covering aspects like data restoration, legal fees and public relations efforts.

Cyber attacks are constantly evolving, so everyone must stay vigilant about their cyber security—whether it's simply protecting the logins to your social media accounts, or ensuring the safety of your entire business.

This article is republished from THE CONVERSATION  under a Creative Commons license. Read the original article.