How likely are you to leave your house for work in the morning with the door unlocked? Or window wide open? How skeptical are you when it comes to unidentified strangers knocking at your front door? These questions might seem like no-brainers when it comes to personal security, but are Australian businesses taking the time to ask these same questions, and arm their employees with adequate security measures in the workplace?

1. Use strong and unique passwords

As much as special characters and capital letters can increase password strength, making your password longer is often the most straightforward approach for improving security. Still, experts say using unique passwords might be even more important—if one account is compromised, the others will remain safe. An easy way to achieve both is to use a password manager like 1Password or LastPass. It’s convenient for employees, but secure enough to keep IT admins happy.

  • Tip: Most successful cyber attacks aren’t technically sophisticated; they exploit human error. Encourage employees to practice the same good password habits with personal accounts—many attacks on businesses start with a stolen personal password or username.


2. Enforce two-factor authentication

Two-factor authentication — which typically involves a mobile app—is another must. Even if your password is stolen, it will block unwanted access to your account. The problem? Only about 30 percent of people use two-factor authentication, and there’s currently myriad time-consuming issues using it across different programs, particularly email clients. 

  • Tip: Some services let you use a Universal 2nd Factor security key, a physical alternative to two-factor authentication that can also protect you against phishing attacks.

3. Push all software updates

It’s all too easy to ignore those pesky software update reminders, but keeping software updated is one of the most important safeguards for protecting company data. Everyday users don’t always understand how important bug fixes and security patches can be. Ideally, IT teams and business owners should force software updates across employee devices every few days.

  • Tip: Sometimes it helps to be as specific as possible about what a software update will do—if you explain how the update fixes a vulnerability, employees will be more likely to download it.

4. Practice good security pass behaviour and discourage tailgating

One of the easiest—and most overlooked—security targets is the office itself. Compared to cracking a two-factor authentication-protected account, slipping into the office can be surprisingly easy. The biggest offender is tailgating: namely, when an unwanted guest follows a legitimate employee through a lift or door. Your employees’ manners might tell them to hold for others, but they’re better off dropping that instinct for politeness. 

  • Tip: Make it easy for employees to get a replacement pass if necessary, so there’s no excuse for not having workplace ID.

5. Be smart with devices

At the office, encourage employees to put their computers to sleep when they’re away from their desk. On the road, use privacy screens to discourage prying eyes from reading sensitive material. Criminals, or even just curious onlookers, often act in response to opportunity. Safeguards like these will prevent them from getting any ideas in the first place.

  • Tip: Ensure that data on employee devices can be wiped remotely. This way, if a device is lost, you can still protect company data.

While each individual tip is simple, together, they can make a huge difference. If employees can establish good habits—even with no additional technical knowledge—they make the security team’s job easier in the war against cyber attacks.