✔︎

Cookie Preferences

Required for basic website functionality.

Help us understand how visitors use our website.

Net IT Australia

Secure, modern web solutions for Australian Small Business.

phone  +61 494 608 507
mail  enquiries@netit.com.au

Safety & Security

Net IT Australia prioritises the safety and security of our clients' websites and web applications. We implement robust security measures to protect against cyber threats, data breaches, and other vulnerabilities. Our approach includes regular security audits, vulnerability assessments, and the use of industry-standard encryption protocols to safeguard sensitive information.


We also provide guidance on best practices for maintaining a secure online presence, including regular software updates, and employee training on cybersecurity awareness. By proactively addressing potential security risks, Net IT Australia helps ensure that our clients' digital assets remain safe and secure in an ever-evolving threat landscape.


🚫 Common mistakes to avoid

⚠️ Reusing passwords
⚠️ Ignoring updates
⚠️ Trusting caller ID or email names
⚠️ Clicking links without thinking
⚠️ Oversharing on social media
⚠️ Assuming “it won’t happen to me”

If you only do five things, make them:

1️⃣ Use a password manager ✔︎
2️⃣ Enable 2FA everywhere ✔︎
3️⃣ Keep devices updated ✔︎
4️⃣ Be sceptical of emails/links ✔︎
5️⃣ Don’t reuse passwords ✔︎

Shallow dive:

🔐 Core principles (everything else builds on this)

  1. Assume anything online can be exposed (data, messages, photos)
  2. Minimise what you share (data, permissions, accounts)
  3. Prefer secure defaults over convenience
  4. Verify before trusting (links, people, requests)

🔑 Account security

  1. Use a unique password for every account
  2. Use a password manager like Bitwarden or 1Password
  3. Enable 2FA/MFA everywhere possible
    1. Prefer authenticator apps like Google Authenticator or Authy
    2. Avoid SMS where possible (SIM swap risk)
  4. Store backup codes securely (offline if possible)
  5. Use a strong master password (long passphrase)
  6. Don’t reuse old passwords
  7. Log out of shared/public devices

📧 Email safety (critical—email is your “master key”)

  1. Treat unexpected emails as suspicious
  2. Check sender address carefully, not just display name
  3. Don’t click links directly—hover and inspect first
  4. Avoid downloading unknown attachments
  5. Be cautious of:
    1. Urgency (“act now”)
    2. Authority impersonation (banks, government)
    3. Unexpected invoices or login alerts
  6. Use a separate email address for:
    1. Important accounts (banking, recovery)
    2. General signups/newsletters
  7. Enable email account 2FA (non-negotiable)
  8. Regularly review account recovery options

🌐 Browsing safety

  1. Use a modern, updated browser (e.g. Edge, Chrome, Firefox)
  2. Look for HTTPS (🔒) on websites, but don’t blindly trust it
  3. Avoid suspicious or pirated websites
  4. Don’t install random browser extensions
  5. Keep browser updated (security patches matter)
  6. Use an ad/tracker blocker if you understand it
  7. Be cautious with downloads—verify source
  8. Avoid entering sensitive info on unfamiliar sites

📱 Device security (phone & computer)

  1. Keep OS updated (security patches matter)
  2. Use device lock:
    1. PIN (not simple)
    2. Biometrics (fingerprint/face)
  3. Enable full disk encryption (usually default now)
  4. Install apps only from official stores:
    1. Google Play Store
    2. Apple App Store
  5. Review app permissions (camera, images, microphone, location)
  6. Remove unused apps
  7. Enable “find my device” features
  8. Don’t root/jailbreak unless you understand risks

🔒 Network safety

  1. Avoid sensitive activity on public Wi-Fi
  2. If necessary:
    1. Use a trusted VPN (optional, not magic)
  3. Secure your home network:
    1. Change default router password
    2. Use WPA2/WPA3 encryption
    3. Update router firmware
  • Disable auto-connect to open networks
  • 👥 Social media safety

    1. Lock down privacy settings (review regularly)
    2. Don’t overshare:
      1. Location (real-time)
      2. Travel plans
      3. Personal identifiers
    1. Be cautious accepting friend/follow requests
    2. Watch for impersonation accounts
    3. Don’t engage with obvious scams or bait
    4. Assume anything posted can become public
    5. Separate personal and professional identities if needed

    🎣 Phishing & scams (biggest real-world threat)

    1. Phishing is the most common attack vector—be vigilant
    2. Scams can come via email, SMS, social media, or phone
    3. Attackers impersonate trusted entities (banks, government)
    4. They create a sense of urgency to trick you into acting
    5. Never share:
      1. Passwords
      2. 2FA codes
      3. Banking details via unsolicited contact
    6. Verify requests independently (call official number)
    7. Be wary of:
      1. Unexpected messages from “friends”
      2. Offers that seem too good to be true
      3. Requests for money or help
      4. “Too good to be true” offers
      5. Investment schemes
      6. Romance scams
    8. Government and banks don’t ask for passwords
    9. Check URLs carefully (lookalike domains)

    💾 Data protection & backups

    1. Regularly back up important data (photos, documents)
    2. Use multiple backup methods:
      1. External drive (offline)
      2. Cloud backup (optional, understand risks)
    3. Test backups periodically to ensure they work
    4. Encrypt sensitive files if needed
    5. Avoid storing sensitive info in plain text

    🔄 Backup strategies

    1. Back up important data regularly
    2. Use external drives for offline backups
    3. Consider cloud backup options (with understanding of associated risks)
    4. Test backups periodically to ensure they are functional
    5. Encrypt sensitive files before backing them up
    6. Avoid storing sensitive information in plain text

    🧠 Behavioural habits (often overlooked)

    1. Take a second before clicking/reacting
    2. Don’t act under pressure from messages
    3. Verify identity through a second channel
    4. Be sceptical, not paranoid
    5. Keep learning—threats evolve

    ⚠️ Advanced (optional but valuable)

    1. Use hardware security keys (e.g. YubiKey)
    2. Use separate user accounts (admin vs daily use)
    3. Monitor for data breaches (e.g. Have I Been Pwned)
    4. Use email aliases for signups
    5. Consider compartmentalising identities