Regularly back up your data and store external backups securely away from your main workplace, ideally encrypted and locked. This reduces the risk of data loss from events like break-ins, fires, or floods. Verify backups to ensure they work and keep them disconnected from live data to protect against malicious activity.

Use strong, hard-to-guess passwords for all devices and accounts, we suggest you follow the NCSC's advice to use three random words. Enable multi-factor authentication where possible for added security, requiring two forms of identification, like a password and a one-time code, to ensure only authorised access.

Cyber criminals may contact you via email, text, phone, or social media, often posing as trusted individuals or organisations. While older scams were easier to spot due to poor spelling, unusual email addresses, or odd design, modern scams are more sophisticated, sometimes even deceiving experts.

One emerging tactic involves using QR codes in phishing emails to redirect users to scam websites. While QR codes are generally safe in familiar settings like restaurants, be cautious when scanning those from emails.

If you’re uncertain about a message, avoid using contact details provided within it. Instead, visit the official website for accurate information. Remember, legitimate organisations, like banks, will never request personal or account details via email or phone. If suspicious, hang up and contact the organisation directly using official contact details found on their website or account statements.

Ensure that devices used by you and your employees for remote work are secure. Anti-virus software can protect against malware from phishing attacks. Organisations should assess security risks and implement measures to prevent data breaches. Provide staff with guidance on securing devices by updating software, using strong passwords, and avoiding insecure storage like USB sticks. Minimise the storage of personal data on devices and ensure employees know how and when to report potential data breaches internally.

Implement access controls to ensure employees can only access information relevant to their roles, such as limiting personal data access to HR or payroll staff. Suspend system access for employees who leave the company or are absent for extended periods.

Before disposing of devices, ensure all personal data is completely removed. Use deletion software or hire specialists to securely wipe or destroy data. Simply deleting files is insufficient; instead, employ professional data destruction services that use secure software or physically destroy hard drives to make data irrecoverable.

Deleting unnecessary data frees up storage space and reduces the risk of exposing personal information in a cyber-attack or data breach.

When sharing your screen in virtual meetings, close unnecessary tabs and documents, and disable notifications to avoid exposing sensitive information. Always lock your screen when stepping away to prevent unauthorised access. If leaving your device for an extended period, store it securely and out of sight. In public spaces, such as trains or shared workspaces, consider using a privacy screen to protect your display from being seen by others.

For further information about Cyber Security, check out the National Cyber Security Centre:

https://www.ncsc.gov.uk/