Content complexity Moderate This rating relates to the complexity of the advice and information provided on the page. Having an online presence is important for many businesses. With so much commerce now taking place online, websites are critical – making them a prime target for a cyber attack. Protect your website from cybercriminals with these three cyber security wins. Win #1: Use HTTPS Hypertext Transfer Protocol Secure (HTTPS) is used to send encrypted data between a web browser (e.g. Chrome, Firefox, Edge or Safari) and a website. This encryption provides security for sensitive information such as passwords and credit card details, as well as privacy of the content you visit online. HTTPS improves your website’s ranking in Google searches – a reward for being secure. To check if your website is using HTTPS, look for ‘https’ at the start of the URL: ✔ https://www.example.com ✖ http://www.example.com For websites that don’t use HTTPS, many web browsers now tell users that the website is “not secure” and will warn them not to enter any sensitive information. You can explore and set up HTTPS yourself via free and automatic options, such as Let’s Encrypt, or direct your website developer to our publication Implementing Certificates, TLS, HTTPS and Opportunistic TLS and ask them to set up HTTPS and renew certificates automatically before they expire. Win #2: Secure your website’s content management systems and plugins Ensure that your website’s content management systems and any plugins are updated regularly to address security vulnerabilities. If your website is managed by a third-party or external provider, contact them to discuss regular patching and updates. Win #3: Secure access to your website using multi-factor authentication (MFA) Ideally, your web hosting provider or content management system should offer multi-factor authentication (MFA) to increase your website’s security and protect it from unauthorised access. Enable multi-factor authentication for your website administration accounts and servers, where possible. If multi-factor authentication is not available, use a passphrase to secure website administration accounts. A passphrase uses four or more random words as your password, e.g. “crystal onion clay pretzel”. Passphrases are hard for cybercriminals to guess, but easy for you to remember. Make sure your passphrase is unique – do not reuse it elsewhere. Securing e-commerce websites Any Australian business that accepts card payments needs to comply with the Payment Card Industry Data Security Standards (PCI DSS), regardless of business size. If your website is an e-commerce website that accepts card payments, ensure your business is PCI compliant. If your e-commerce website uses a payment gateway provider to process transactions, ensure they are also PCI compliant. Meeting these cyber security standards will help you protect your data and customers’ information from breaches and theft. For more information visit business.gov.au. For more information you can view our advice on: Multi-factor authentication Creating Strong Passphrases Small Business Cyber Security Guide
