Issued: 13 February 2024

Last modified: 19 March 2024

In this webinar, our Chief Technology Officer takes us through the basics of cyber security. You’ll learn more about why cyber security matters, what motivates cyber criminals, your relevant Code of Professional Conduct obligations, the types of cyber threats and tips to keep you safe, including the Essential Eight.


Webinar recording

Cyber security - back to basics webinar recording

Cyber security – Questions and answers

We have compiled some of the questions we received during our webinar.

Anit-virus software

Free anti-virus solutions can protect against known viruses, however there may be cases where you require extra security and features that a free, built-in antivirus does not provide. When deciding if you require a paid or third-party antivirus, consider your security needs, situation and budget. It’s also important to know, that a company may fund their free antivirus product by displaying ads, or by collecting and selling your data to other businesses. 

Remember, antivirus does not protect against all threats. It is most effective when paired with good security habits and practices. 


Yes, we recommend updating your devices with separate anti-virus software to offer you an additional level of protection.

Outsourcing and offshoring

If you are outsourcing or offshoring, you must take reasonable steps to ensure sufficient IT security controls are in place, for both you and the outsourced service provider.

There are a number of controls that could be employed to assist in maintaining and protecting the confidentiality, integrity and availability of data to ensure that information is not disclosed beyond the scope of your client’s consent, such as an appropriate confidentiality agreement between you and your outsourced provider, or other appropriate protocols, such as: 

  • use of a secured website and encrypted network traffic
  • security credentials
  • access controls ensuring unauthorised persons do not have access to data
  • standardised reporting
  • audit trails
  • appropriate segregation of duties
  • approval and review of data changes.

Types of attacks

Malware – short for ‘malicious software’, is software that cybercriminals use to harm your computer or network, or to gain access to your computer without you knowing.

Cybercriminals use malware for many different reasons, but common types of malwares are used to steal your confidential information, hold your computer or data to ransom or install other programs without your knowledge. 

Check out Cyber.gov.au for more information on how to protect yourself from malware.

Cyber security

Cookies are small files that websites send to your device that the sites then use to monitor you and remember certain information about you - like remembering items in a shopping cart, or your login information. These cookies typically do not store personal information and the website you're browsing needs them to operate properly. Preference cookies are also considered safe. However, if in doubt, you have a choice of not accepting them.


A virtual private network or VPN is used to secure communications between computers. A VPN protects its users by encrypting their data and masking their internet address, leaving their browsing history and location untraceable. This greater anonymity allows for greater privacy, as well as greater freedom for those who wish to access blocked or region-bound content.


While password managers help you be more secure in the digital world, they are not riskfree. Even if you adhere to password management best practices and do everything right, there is still a risk.

The same thing that makes password managers so convenient can also represents the greatest risk. If your personal device is infected with malware, then cybercriminals can steal your master password and take control of your system or device. But if you adhere to password management best practices and use full-featured password managers from reputable brands, then you decrease the odds of becoming a victim.

We would recommend using multi-factor authentication to increase the security of your password manager.


Yes, OneDrive uses encryption when communicating and storing your files. However, it is worth ensuring you're using the Australian hosted OneDrive, so you are also protected by Australian privacy and cyber laws.


When backing data or files up to an external drive, remember it should be protected like any other copy of your data. You should disconnect the drive after the backup is complete, store it in a safe place and consider encrypting your backups and protecting them with a strong, unique passphrase. 

Cloud computing

Cloud computing, at a broad level, is the provision of information technology resources as a service through a network (including storing, managing and processing data), typically over the internet, instead of using a local server or a personal computer.

Services can range from data storage to the use of software programs, with data being stored and processed by a cloud service provider. It can include applications, databases, email and file services, and entrusts remote services with a user’s data, software and computation.

See our Practice note for more information on cloud computing.

Scam awareness 

If you are contacted by someone and you’re not sure whether you’re dealing with a scammer you can:

  • contact the person or organisation directly using contact details you’ve found yourself on the organisation’s official website
  • access the organisations’ secure, authenticated portal or app (never via a link) 
  • watch out for slight variations in Caller or Sender IDs and website addresses like dots, special characters or numbers
  • do online research of people and organisations who you’ve only dealt with online before paying any money – you can search the name online together with the word ‘scam’ to see if anything comes up.


You should delete it immediately to prevent yourself from accidentally opening the message in the future. Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms or spyware. Never click links that appear in the message.

You can Report a scam to the National Anti-Scam Centre.  

Multi-factor authentication

Multi-factor authentication (MFA) provides a way of verifying that you’re really the person you’re claiming to be when you log into your online accounts. MFA is defined as ‘a method of authentication that uses 2 or more authentication factors to authenticate a single claimant to a single authentication verifier’.

Authentication factors must come from 2 or more of the following:

  • Something you know, such as a memorised secret. For example (i.e. a personal identification number, password or passphrase).
  • Something you have, such as a security key, smart card, software certificate, physical one-time password token, smartphone.
  • Something you are, such as a fingerprint pattern or their facial geometry.

Every time you login to our portal, you will be taken through the MFA process.