First published: 01 Jul 2020
Last updated: 24 Nov 2021

Content written for

Small & medium business
Large organisations & infrastructure


Having an online presence is important for many businesses. With so much commerce now taking place online, websites are critical – making them a prime target for a cyber attack. Protect your website from cybercriminals with these three cyber security wins.

Win #1: Use HTTPS

Hypertext Transfer Protocol Secure (HTTPS) is used to send encrypted data between a web browser (e.g. Chrome, Firefox, Edge or Safari) and a website. This encryption provides security for sensitive information such as passwords and credit card details, as well as privacy of the content you visit online.

HTTPS improves your website’s ranking in Google searches – a reward for being secure.

To check if your website is using HTTPS, look for ‘https’ at the start of the URL:

  • ✔
  • ✖

For websites that don’t use HTTPS, many web browsers now tell users that the website is “not secure” and will warn them not to enter any sensitive information.

You can explore and set up HTTPS yourself via free and automatic options, such as Let’s Encrypt, or direct your website developer to our publication Implementing Certificates, TLS, HTTPS and Opportunistic TLS and ask them to set up HTTPS and renew certificates automatically before they expire.

Win #2: Secure your website’s content management systems and plugins

Ensure that your website’s content management systems and any plugins are updated regularly to address security vulnerabilities. If your website is managed by a third-party or external provider, contact them to discuss regular patching and updates.

Win #3: Secure access to your website using multi-factor authentication (MFA)

Ideally, your web hosting provider or content management system should offer multi-factor authentication (MFA) to increase your website’s security and protect it from unauthorised access

Enable multi-factor authentication for your website administration accounts and servers, where possible.

If multi-factor authentication is not available, use a passphrase to secure website administration accounts. A passphrase uses four or more random words as your password, e.g. “crystal onion clay pretzel”. Passphrases are hard for cybercriminals to guess, but easy for you to remember. Make sure your passphrase is unique – do not reuse it elsewhere.

Securing e-commerce websites

Any Australian business that accepts card payments needs to comply with the Payment Card Industry Data Security Standards (PCI DSS), regardless of business size.

If your website is an e-commerce website that accepts card payments, ensure your business is PCI compliant.

If your e-commerce website uses a payment gateway provider to process transactions, ensure they are also PCI compliant.

Meeting these cyber security standards will help you protect your data and customers’ information from breaches and theft.

For more information visit

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it