Australians are increasingly targeted by cybercriminals. The Australian Cyber Security Centre reports that cybercrime costs Australian businesses and individuals billions of dollars annually, with laptop users particularly vulnerable due to portable devices connecting to various networks. This guide provides practical, actionable security measures that protect your data without requiring technical expertise.
Physical Security Fundamentals
Before discussing software protections, remember that physical access to your laptop bypasses most digital safeguards. Treat your laptop like you would your wallet—never leave it unattended in public spaces, cafes, or shared offices.
Enable Full Disk Encryption
If your laptop is stolen, encryption prevents thieves from accessing your data. Windows users should enable BitLocker (available in Windows Pro editions), while Mac users should activate FileVault. Both are free, built-in, and work transparently in the background.
- Windows: Settings > Privacy & Security > Device encryption (or search for BitLocker)
- macOS: System Settings > Privacy & Security > FileVault
Set Up a Strong Login Password
Your login password is your first line of defence. Use a passphrase of at least 12 characters—something like "correct-horse-battery-staple" is both memorable and secure. Avoid birthdays, pet names, or anything easily guessable from your social media.
A stolen laptop with encryption enabled and a strong password is just expensive hardware to a thief. Without these protections, it's a gateway to your entire digital life.
Configure Automatic Locking
Set your laptop to lock automatically after a short period of inactivity—one to two minutes is ideal for shared environments. This protects you when you step away briefly without remembering to lock manually.
Software Security Essentials
Modern operating systems include robust security features, but they only work if properly configured and maintained.
Keep Your System Updated
Security updates patch vulnerabilities that attackers actively exploit. Enable automatic updates and install them promptly when available. Yes, restarts are inconvenient, but they're far less disruptive than recovering from a ransomware attack.
Use Built-In Antivirus Protection
Windows Defender (now called Microsoft Defender) provides excellent protection and comes free with Windows. Mac users benefit from XProtect and Gatekeeper. Third-party antivirus programs are optional—the built-in tools are sufficient for most users and don't slow your system like some third-party alternatives.
Be Selective with Software Installation
Only install software from trusted sources—the Microsoft Store, Mac App Store, or official developer websites. Be especially cautious with "free" versions of paid software, browser toolbars, and programs bundled with other installations. These are common malware delivery mechanisms.
Australians are frequently targeted by fake tech support scams. Microsoft, Apple, and Telstra will never call you unsolicited about computer problems. If someone claims your computer is infected and asks for remote access, hang up immediately—it's a scam.
Network Security Practices
Your laptop is most vulnerable when connected to networks you don't control.
Use a VPN on Public Wi-Fi
Public Wi-Fi networks at cafes, airports, and hotels are convenient but insecure. Other users on the same network can potentially intercept your traffic. A Virtual Private Network (VPN) encrypts your connection, protecting you even on compromised networks. Reputable options include NordVPN, ExpressVPN, and Surfshark.
Verify Network Names Before Connecting
Attackers create fake networks with names similar to legitimate ones (like "Starbucks_Free" next to the real "Starbucks"). Confirm the correct network name with staff before connecting, and forget the network after use to prevent automatic reconnection.
Enable Your Firewall
Both Windows and macOS include built-in firewalls that block unauthorised incoming connections. Verify yours is active:
- Windows: Settings > Privacy & Security > Windows Security > Firewall & network protection
- macOS: System Settings > Network > Firewall
Password and Account Security
Your accounts are only as secure as your passwords and how you manage them.
Use a Password Manager
Reusing passwords is dangerous—when one service is breached, attackers try those credentials everywhere else. A password manager generates and stores unique, complex passwords for every account. Popular options include 1Password, Bitwarden (free), and the built-in managers in Chrome and Safari.
Enable Two-Factor Authentication
Two-factor authentication (2FA) adds a second verification step—usually a code from an app or SMS—making account takeover dramatically harder. Enable it on all important accounts: email, banking, social media, and cloud storage. Authenticator apps like Microsoft Authenticator or Google Authenticator are more secure than SMS.
Secure Your Email Account Especially
Your email account is the master key to your digital life. Password resets for most services go through email, so if attackers control your email, they can access everything else. Use a unique, strong password and always enable 2FA on your primary email.
Check if your email has been exposed in known data breaches using haveibeenpwned.com. If it has, change passwords for any accounts using that email address immediately.
Data Backup and Recovery
Security isn't just about preventing attacks—it's also about recovering when things go wrong.
Implement the 3-2-1 Backup Rule
Keep three copies of important data, on two different types of storage, with one copy off-site. Practically, this might mean: your laptop (1), an external hard drive at home (2), and cloud backup like OneDrive, iCloud, or Backblaze (3 and off-site).
Test Your Backups
Backups that don't work are worse than no backups—they provide false confidence. Periodically verify you can actually restore files from your backups. This simple test has saved countless people from devastating data loss.
Recognising and Avoiding Scams
The most sophisticated security software can't protect you from willingly giving information to scammers. Learn to recognise common tactics:
Phishing Emails
These impersonate legitimate organisations to steal credentials or install malware. Warning signs include:
- Urgent language demanding immediate action
- Generic greetings ("Dear Customer" instead of your name)
- Links that don't match the supposed sender (hover over links to preview destinations)
- Requests for passwords, tax file numbers, or banking details
- Attachments you weren't expecting
When in Doubt, Verify Independently
If you receive a suspicious message claiming to be from your bank, the ATO, or any other organisation, don't click links in the email. Instead, navigate directly to their website by typing the address yourself, or call them using a number from their official website—not a number provided in the suspicious message.
Security isn't about achieving perfect protection—that's impossible. It's about making yourself a harder target than most. Attackers generally pursue easy victims. By implementing these practices, you move from the easy category to one that requires too much effort for most criminals to bother with.