You can search for keywords to find pages that can help you e.g. scam
Contact us
Portal login
back to main menu
Learn about who we are and what we do.
Interactive tools and advice to boost your online safety.
Advice and information about how to protect yourself online.
Common online security risks and advice on what you can do to protect yourself.
Respond to cyber threats and take steps to protect yourself from further harm.
Resources for business and government agencies on cyber security.
Displaying search results for Displaying 241 - 270 of 397 results.
IRAP consumer guide Program page
Dec 15, 2020 - An IRAP Assessor will assist you by helping you to understand and implement security controls and recommendations to protect your systems and data.
Risk management of enterprise mobility (including Bring Your Own Device) Publication
Oct 6, 2021 - This publication has been developed to provide senior business representatives with a list of enterprise mobility considerations. These include business cases, regulatory obligations and legislation, available budget and personnel resources, and risk tolerance. Additionally, risk management controls are provided for cybersecurity practitioners.
Gateway security guidance package: Gateway operations and management Publication
Jul 29, 2025 - This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s Gateway security guidance package written for audiences responsible for the operation and management of gateways.
Ten things to know about data security Publication
May 16, 2024 - This publication has been developed to assist business owners and information technology managers, particularly those unfamiliar with cybersecurity, with ten things they should know about data security.
Data breaches Threat
Aug 30, 2023 - Sometimes personal information is released to unauthorised people by accident or as the result of a security breach. For example, an email with personal information can be sent to the wrong person, or a computer system can be hacked and personal information stolen. These are known as data breaches or data spills.
Deploying AI systems securely Publication
Apr 16, 2024 - AI security is a rapidly evolving area of research. As agencies, industry, and academia discover potential weaknesses in AI technology and techniques to exploit them, organizations will need to update their AI systems to address the changing risks, in addition to applying traditional IT best practices to AI systems.
Planning for critical vulnerabilities: What the board of directors needs to know Publication
Dec 14, 2023 - This publication provides information on why it is important that the board of directors is aware of and plan for critical vulnerabilities that have the potential to cause major cybersecurity incidents.
Exchange server critical vulnerabilities Alert
Apr 15, 2021 - On 2 March 2021 Microsoft released information regarding multiple exploits being used to compromise instances of Microsoft Exchange Server. Malicious actors are exploiting these vulnerabilities to compromise Microsoft Exchange servers exposed to the internet, enabling access to email accounts and to enable further compromise of the Exchange server and associated networks.
Travelling with mobile devices Publication
Mar 26, 2024 - Learn how to keep mobile devices secure when travelling. This guidance provides advice from both an individual and organisational perspective.
Implementing SIEM and SOAR platforms: Practitioner guidance Publication
May 27, 2025 - This publication provides high-level guidance for cyber security practitioners on Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.
How to secure your devices
Nov 29, 2024 - Protect your sensitive data and accounts. Learn how to secure your devices such as your computer, mobile phone and Internet of Things devices.
2020-006 Detecting and mitigating exploitation of vulnerability in Microsoft Internet Information Services Advisory
May 22, 2020 - This advisory provides indicators of the activity the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed and details proactive advice on detecting and mitigating potential exploitation of this vulnerability in Microsoft Internet Information Services.
After you've made a purchase Guidance
Once you’ve made a purchase you still need to remain vigilant. Cybercriminals can target you even after you’ve made a purchase on a legitimate website. Learn what to look out for after you’ve bought something online.
Questions for the board of directors to ask about cyber security Publication
Dec 5, 2022 - Information on the importance of cybersecurity for the board of directors in protecting their organisation and shareholders.
2021 Top Malware Strains Advisory
Aug 5, 2022 - This joint Cybersecurity Advisory (CSA) was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC).
Advisory 2020-017: Resumption of Emotet malware campaign Advisory
Oct 30, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has observed the resumption of an ongoing and widespread campaign of malicious emails designed to spread the Emotet malware across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies.
Cybersecurity terminology Advice
Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity terminology.
Protecting Against Cyber Threats to Managed Service Providers and their Customers Advisory
May 12, 2022 - This advisory describes cybersecurity best practices for information and communications technology (ICT), focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data.
Security considerations for edge devices Publication
Feb 5, 2025 - Edge devices are an important part of many enterprise computing systems. They allow connection across various devices that aid in productivity. However, just like with all technology they are not without their vulnerabilities. Edge devices require attention and diligence to keep data safe and secure.
2021-006: ASD's ACSC Ransomware Profile - Lockbit 2.0 Advisory
Aug 5, 2021 - The LockBit ransomware restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption. LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, where the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of numerous incidents since 2020. LockBit affiliates are known to implement the ‘double extortion’ technique by uploading stolen and sensitive victim information to their dark web site ‘LockBit 2.0’, and threatening to sell and/or release this information if their ransom demands are not met.
Advisory 2021-002: Active exploitation of vulnerable Microsoft Exchange servers Advisory
Mar 26, 2021 - On 2 March 2021 Microsoft released information regarding multiple exploits being used to compromise instances of Microsoft Exchange Server. Malicious actors are exploiting these vulnerabilities to compromise Microsoft Exchange servers exposed to the internet, enabling the malicious actor to access email accounts and to enable further compromise of the Exchange server and associated networks.
Secure your email Guidance
Jul 29, 2024 - How to protect yourself when using email and reduce spam and malicious emails.
Malicious email mitigation strategies Publication
Oct 6, 2021 - Socially engineered emails containing malicious attachments and embedded links are routinely used in targeted cyber intrusions against organisations. This publication has been developed to provide mitigation strategies for the security risks posed by these malicious emails.
Personal cyber security: Advanced steps guide Guidance
Mar 23, 2023 - The third and final cyber security guide in the personal cyber security series is designed to help everyday Australians understand an advanced level of cyber security and how to take action to protect themselves from cyber threats.
Managing cryptographic keys and secrets Publication
Aug 26, 2025 - This guide has been developed to help organisational personnel in understanding the threat environment and the value of implementing secure keys and secrets management to make better informed decisions.
Guidelines for cryptography Advice
Sep 4, 2025 - This chapter of the Information security manual (ISM) provides guidance on cryptography.
2023-01: ASD's ACSC Ransomware Profile - Royal Advisory
Jan 24, 2023 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of a ransomware variant called Royal, which is being used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes to other variants such as encrypting their data and extorting a ransom to return access to the sensitive files.
Small business cloud security guides: Executive overview Publication
Dec 16, 2022 - In recognition of the increasing prevalence of cloud computing, the Australian Cyber Security Centre (ACSC) has published the Small business cloud security guides. These guides are designed to provide protection against cybersecurity incidents while remaining accessible to organisations which may not have the resources and expertise to implement a more sophisticated strategy.
PRC state-sponsored actors compromise and maintain persistent access to U.S. critical infrastructure Advisory
Feb 8, 2024 - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.
Strategies to mitigate cybersecurity incidents: Mitigation details Publication
Feb 1, 2017 - The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help cybersecurity professionals in all organisations mitigate cybersecurity incidents caused by various cyberthreats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
