Cyber security guidance
Practical advice to help protect accounts, devices, websites, networks and digital services.
For individuals
Use a password manager, turn on multi-factor authentication, update devices, and pause before clicking links in emails, text messages or ads. Most personal cyber attacks start with pressure: a fake delivery, a prize, a banking warning, a support call or a request to move money quickly.
For small and medium businesses
Start with email security, cloud account controls, staff training, secure payment workflows and tested backups. Keep a written incident contact list so your team knows who can disconnect devices, call vendors, contact banks and communicate with customers.
For large organizations and infrastructure
Map critical services, identify crown-jewel systems, test recovery times, monitor exposed assets and review supplier access. Segment networks where possible and ensure privileged accounts are protected with strong authentication and logging.
For public and democratic institutions
Protect public-facing services with secure configuration, vulnerability management, accessibility-friendly incident communication and clear escalation routes. Teams should rehearse cyber incidents before high-traffic periods and important public events.
For education and research
Schools, colleges and research teams should protect student data, research files and staff accounts. Provide short, repeatable awareness lessons and make it easy for users to report suspicious messages without fear.
Basic cyber safety checklist
| Area | Recommended action |
|---|---|
| Accounts | Use MFA and unique passwords for every important account. |
| Devices | Install updates and remove apps that are no longer needed. |
| Data | Keep offline or cloud backups and test recovery. |
| People | Train staff to identify phishing, scams and urgent payment fraud. |
| Response | Create a simple contact list and incident decision process. |