Govern

July 18 2025

Review access logs regularly.

Regularly reviewing access logs is crucial for identifying any unauthorized activities or security breaches. By monitoring these logs, you can detect unusual patterns or suspicious behaviour early, allowing for prompt action to mitigate potential risks and protect your systems and data.

Why you should.
Why Reviewing Access Logs Deserves a Spot in Your Cyber Routine
Early Detection = Less Damage
Unusual login times, location mismatches, or repeated failed attempts can be red flags for intrusions. Catching them early limits fallout.
Tracks Insider Access
It’s not just about outside threats, access logs can reveal if employees are reaching systems or data outside their role scope.
Establishes Normal vs. Abnormal Behaviour
Reviewing logs over time helps you define a “normal” access pattern, so anomalies pop out like sore thumbs.
Verifies Multi-Factor Success
Logs show whether two-factor or biometric authentication is working properly, and if users are bypassing it.
Useful in Incident Response
In the event of a breach, detailed logs help reconstruct events quickly, identifying what was accessed and how.
Supports Compliance & Auditing
GDPR, ISO, NIST, most frameworks require proof of monitoring. Logs are your evidence of proactive diligence.
Locates Access Points & Origins
Knowing which device or IP was used can help isolate compromised endpoints and prevent further spread.
Reinforces a Security Mindset
Regular log review keeps you close to your system’s heartbeat, building awareness and intuition around risk.

July 17 2025

Avoid suspicious downloads.

SJ CyberAware All, Daily Tips, Govern, Protect

Avoiding suspicious downloads is essential for maintaining your device’s security. Only download software and files from trusted sources, and be cautious of unsolicited links or attachments in emails and messages. This practice helps prevent malware and other malicious software from compromising your system and personal information.

Careful now!
Why You Should Avoid Suspicious Downloads Like Your Digital Life Depends on It
Malware Lurks in the Unknown
Suspicious downloads often carry hidden payloads, ransomware, keyloggers, spyware. One click could infect your system instantly.
Social Engineering Tricks You
Cybercriminals craft convincing emails and messages that tempt you to click, posing as colleagues, brands, or helpful tools.
Attachments Aren’t Always Harmless
PDFs, Word docs, even images can carry malicious code. If you weren’t expecting it, think twice before opening.
Fake Sites, Real Damage
Downloading from sketchy websites increases your odds of installing compromised or pirated software laced with threats.
Trusted Sources Only
Stick to official app stores, vendor websites, or verified platforms. If it’s not legit, it’s not worth it.
Anti-Virus Isn’t Foolproof
While security software helps, it’s not a magic shield. Prevention, not just detection, is the real power play.
One Click Can Cost More Than You Think
From data leaks to financial loss, one wrong download can spiral into major consequences for individuals and businesses.
Good Habits Spread Fast
When one person avoids the trap, they can warn others too. Cyber awareness multiplies through shared vigilance.

July 11 2025

Test your incident response plan regularly.

SJ CyberAware All, Daily Tips, Govern, Protect, Respond

Regularly testing your incident response plan ensures its effectiveness and readiness. Conducting simulations and drills helps identify weaknesses, improve coordination, and ensure everyone knows their roles during an actual incident. This practice keeps the plan up to date and prepares your organization to respond promptly to security incidents.

Why you should.
Why You Must Regularly Test Your Incident Response Plan
Identify Weaknesses Before Attackers Do
Testing uncovers gaps in procedures, technology, or communication that could be missed until it’s too late.
Clarify Roles and Responsibilities
Simulations ensure every team member understands what to do, when to do it, and who to notify during a real incident.
Improve Response Time
Practice builds confidence and coordination, helping teams act faster and more decisively when under pressure.
Strengthen Communication Channels
Drills test internal and external communication flows, including with third parties, customers, or regulators.
Ensure Tools and Systems Work Together
Test integrations between security tools, backup systems, monitoring platforms, and alerting mechanisms.
Promote a Security-First Culture
Regular drills keep cyber threats front-of-mind and reinforce the importance of resilience across the business.
Meet Compliance and Insurance Requirements
Many frameworks (e.g. ISO 27001, Cyber Essentials, NIST) and cyber insurers require proof of regular testing as part of due diligence.
Keep the Plan Current
As the business evolves, new staff, new tech, new threats—the plan must evolve too. Testing forces you to update.

July 10 2025

Protect against insider threats.

SJ CyberAware All, Daily Tips, Govern, Protect

To protect against insider threats, monitor employee behavior, restrict access to sensitive data based on roles, conduct regular audits, provide ongoing training, use Data Loss Prevention (DLP) tools, establish anonymous reporting channels, and have an incident response plan. These measures help mitigate the risks posed by individuals within the organization.

How to Mitigate Insider Threat
Insider threats remain one of the most overlooked risks in cyber resilience. Whether intentional or accidental, actions from within the organization can cause significant damage. The recommendations below provide practical steps to help SMBs and senior leaders reduce the risk and impact of insider threats.
Top Recommendations to Protect Against Insider Threats
Monitor, Without Micromanaging
Use User Behavior Analytics (UBA) or activity logs to spot anomalies like unusual login times, large file downloads, or access to restricted data. Focus on patterns, not paranoia.
Restrict Access by Role (Least Privilege)
Employees should only access the data and systems they need to do their jobs. No more “everyone’s an admin” setups,reduce that attack surface.
Regular Access & Activity Audits
Run quarterly audits to review user permissions and detect unauthorized access. Remove stale accounts and check for privilege creep.
Ongoing Cyber Awareness Training
Train staff to recognize social engineering, spear phishing, and signs of malicious insiders. Real-world stories work better than dry slides.
Deploy Data Loss Prevention (DLP) Tools
DLP tools monitor for risky actions like sending sensitive files to personal email or uploading data to cloud storage. Set alerts, not just blocks.
Enable Anonymous Reporting Channels
Employees are more likely to report suspicious behaviour if they can do it confidentially. Offer email hotlines, forms, or secure messaging options.
Have an Insider Threat Response Plan
Just like any incident response plan, this should outline how you’ll investigate, contain, and respond to insider incidents, including legal and HR steps.
Build a Culture of Trust with Accountability
Insider threats thrive in toxic environments. Promote psychological safety, but make it clear that accountability and transparency are non-negotiable.

July 9 2025

Report any security anomalies.

SJ CyberAware All, Daily Tips, Govern, Protect, Respond

Reporting security anomalies quickly is essential. If you notice any unusual system behaviour, unauthorized access, or potential security breaches, report it to your IT department or security team immediately. Early reporting allows for quick investigation and mitigation, minimizing risk and protecting your organization. Staying vigilant and proactive in reporting helps maintain a secure digital environment.

Reasons for reporting
Tips for Reporting Security Anomalies Quickly

Don’t Delay, Report Right Away
If something feels off, trust your gut. Unusual pop-ups, slow systems, login issues, or files behaving strangely could be signs of compromise.

Know the Channels
Make sure everyone knows who to report to, IT helpdesk, security team, or a designated contact. Display this info clearly on intranet pages, posters, or desktops.

Be Specific in Your Report
Include what happened, when, what device you were on, and any error messages. Screenshots help, but don’t delay reporting while trying to collect perfect info.

Avoid DIY Fixes
Don’t try to troubleshoot suspicious activity yourself, disconnect from the network if needed, then report. You might preserve vital evidence.

No Shame in Reporting
Whether it’s a dodgy link you clicked, a strange email you opened, or a potential phishing attempt, report it, not regret it. Quick action limits damage.

Stay Vigilant, Not Paranoid
Being alert doesn’t mean being anxious. Regular reminders, short cyber drills, and “what if” examples help keep awareness high without fear-mongering.

Create a No-Blame Culture
Reinforce that reporting is helpful, not harmful. Fear of getting into trouble delays reporting and gives threats more time to spread.

Track & Celebrate Reporting Wins
Share anonymous “caught-it-in-time” stories in internal newsletters or dashboards to show the value of prompt reporting.
Reporting security anomalies quickly is essential. If you notice any unusual system behaviour, unauthorized access, or potential security breaches, report it to your IT department or security team immediately. Early reporting allows for quick investigation and mitigation, minimizing risk and protecting your organization. Staying vigilant and proactive in reporting helps maintain a secure digital environment.

July 8 2025

Use unique passwords for all accounts.

SJ CyberAware All, Daily Tips, Govern, Protect

Using unique passwords for all accounts enhances security. It ensures one compromised account doesn’t endanger others. Create complex passwords with a mix of letters, numbers, and special characters, aiming for at least 12 characters. A password manager helps store and generate strong, unique passwords. Avoid easily guessable phrases.

Password Top Tips

Here’s a breakdown of top tips you can use to communicate why and how to use strong, unique passwords effectively:
Top Tips for Using Strong, Unique Passwords
1. Never Reuse Passwords
Why: If one site is breached, attackers try the same password elsewhere, called credential stuffing.
Tip: Treat every account like a unique lock, each needs its own key.
2. Use a Password Manager
Why: Humans can’t remember dozens of complex passwords, but password managers can.
Tip: Use trusted apps like 1Password, Bitwarden, or Dashlane to store and generate strong passwords. One strong master password unlocks them all.
3. Aim for 12+ Characters
Why: Short passwords are easily cracked using brute-force or dictionary attacks.
Tip: Go long! Use passphrases like Correct-Horse-Battery-Staple!47 easy to remember, hard to guess.
4. Mix It Up
Why: Predictable patterns = easy to crack.
Tip: Combine uppercase, lowercase, numbers, and symbols. But avoid obvious swaps like P@ssw0rd!.
5. Avoid Personal Info
Why: Hackers can easily find pet names, birthdays, or football teams on social media.
Avoid: Liverpool1969! or Fluffy1234
Instead: Go for randomness or quirky phrases like Banana!DrumSk8%Clouds
6. Watch for Phishing
Why: Even strong passwords can be stolen if you hand them over.
Tip: Never enter passwords on links from emails or texts. Use bookmarks or type the address manually.
7. Enable Multi-Factor Authentication (MFA)
Why: If your password is compromised, MFA can still block access.
Tip: Always enable 2FA using an authenticator app (not SMS, if possible).
8. Update When Breached
Why: If a service is hacked, your password could be exposed.
Tip: Use HaveIBeenPwned.com to check if your email/password has been part of a known data breach.
9. Don’t Share Passwords
Why: Shared access = shared risk.
Tip: If someone else needs access, use delegated roles, shared vaults (in password managers), or temporary tokens, never your own login.
10. Set a Reminder to Review
Why: Over time, things change, staff leave, tools get retired.
Tip: Every 6–12 months, review your password manager to clean up old accounts and update weak passwords.

create-a-highly-detailed-high-resolution-image-that-captures-a-small

July 7 2025

Conduct regular risk assessments.

SJ CyberAware All, Daily Tips, Govern, Protect

Regular risk assessments help identify security vulnerabilities and mitigate risks. By evaluating systems, processes, and infrastructure, you can detect weaknesses, prioritize measures to strengthen security, and protect your organization from potential threats.

The Reasons

The top controls and reasons why you’d carry out regular risk assessments, especially from a cyber resilience perspective for SMBs.
Top Controls Justifying Regular Risk Assessments
1. Identify and Prioritise Vulnerabilities
Control: Vulnerability Management (CIS Control 7 / ISO 27001 A.12.6.1)
Why: Helps spot outdated systems, poor configurations, or known software vulnerabilities. Regular risk assessments give visibility into where your biggest risks are before attackers find them.
2. Keep Up with Evolving Threats
Control: Threat Intelligence (NIST CSF ID.RA-2 / ISO 27001 A.5.7)
Why: The threat landscape shifts rapidly. Regular assessments make sure your security posture evolves too , detecting new gaps created by changing technologies or threats (e.g., AI-driven phishing, ransomware variants).
3. Support Decision Making & Prioritisation
Control: Risk-Based Approach (ISO 27001 Clause 6.1.2 / NIST CSF ID.RA-4)
Why: You can’t fix everything. Risk assessments allow leadership to prioritise mitigation efforts and budget based on actual risk — not guesswork.
4. Meet Legal, Regulatory & Insurance Requirements
Control: Compliance Monitoring (ISO 27001 A.18.1.1 / GDPR Art. 32)
Why: Demonstrates due diligence. Regular assessments support compliance with regulations (e.g., GDPR, PCI-DSS), and are often a condition for getting or keeping cyber insurance.
5. Improve Incident Preparedness
Control: Business Continuity & Incident Response (ISO 27001 A.17 / NIST CSF DE)
Why: Identifying weak spots ahead of time helps you plan responses. This includes strengthening backups, improving detection, and testing disaster recovery plans before an actual incident hits.
6. Reduce Human Error Risk
Control: Security Awareness Training (CIS Control 14 / ISO 27001 A.7.2.2)
Why: Risk assessments often highlight user-related vulnerabilities like poor password habits, social engineering risks, or admin privilege misuse, helping you tailor your training accordingly.
7. Maintain Asset Visibility
Control: Asset Management (CIS Control 1 & 2 / ISO 27001 A.8)
Why: You can’t protect what you don’t know about. Risk assessments ensure you’re aware of shadow IT, old hardware, third-party tools, or unmonitored cloud services.
8. Support a Culture of Continuous Improvement
Control: Continuous Monitoring (NIST CSF PR.PT-1 / ISO 27001 A.10.1)
Why: Risk assessments encourage ongoing vigilance rather than a one-and-done mindset. It embeds security into regular business decision-making.

July 3 2025

Regularly review network security.

SJ CyberAware All, Daily Tips, Govern, Protect

Regularly reviewing network security is essential for identifying vulnerabilities and ensuring that your defences are up to date. This involves conducting routine assessments of your network infrastructure, monitoring for unusual activity, and ensuring that security patches and updates are applied promptly.

Best Practice.

Top Tips for Reviewing Network Security
A proactive approach to identifying weaknesses, tightening controls, and boosting resilience.
1. Map Your Network Assets
Start with a full inventory of all connected devices—servers, endpoints, mobile devices, IoT, cloud services, and third-party integrations. You can’t protect what you don’t know exists.
2. Review Network Segmentation
Ensure your network is logically segmented. Critical systems (e.g., finance, OT, backups) should be isolated from general user traffic and guest access. Segmentation limits lateral movement during an incident.
3. Audit Firewall Rules and Perimeter Defences
Check for overly permissive rules, outdated configurations, and unused ports. Validate that intrusion detection/prevention systems (IDS/IPS) are active, updated, and generating actionable alerts.
4. Evaluate Access Controls
Review user roles, group memberships, and admin privileges. Apply the principle of least privilege and remove dormant or unnecessary accounts—especially shared or generic logins.
5. Assess Patch and Vulnerability Management
Confirm that all systems are regularly patched and that vulnerability scans are conducted and reviewed. Pay attention to high-risk systems and ensure remediation timelines are tracked.
6. Verify Logging and Monitoring
Ensure critical systems are generating logs and that logs are being collected, stored securely, and reviewed—either manually or via a SIEM. Look for blind spots in coverage.
7. Test Remote Access Security
Review VPN configurations, MFA enforcement, and endpoint protection for remote users. Ensure remote access is limited, encrypted, and monitored.
8. Check Encryption Standards
Verify that data in transit is encrypted using current protocols (e.g., TLS 1.2+). Internal traffic between sensitive systems should also be encrypted where feasible.
9. Review Backup and Recovery Processes
Ensure backups are recent, complete, encrypted, and tested regularly. Confirm that backup systems are segmented from the main network to prevent ransomware impact.
10. Evaluate Incident Response Readiness
Review your incident response plan, escalation paths, and contact lists. Conduct tabletop exercises to validate readiness and identify gaps in coordination or tooling.

June 22 2025

Report lost or stolen devices promptly.

SJ CyberAware All, Daily Tips, Govern, Respond

Reporting lost or stolen devices promptly is crucial for minimizing the risk of data breaches and unauthorized access. Notify your IT department or service provider immediately to initiate security protocols, such as remote wiping, locking the device, and tracking. Prompt action can help protect your sensitive information and prevent potential misuse.

The Reasons
Acting fast when a device is lost or stolen can make all the difference.
Notify the right people immediately – Contact your IT department, service provider, or relevant authorities so they can initiate security measures.
Attempt remote actions – Many devices allow remote wiping or locking. If available, use this feature to protect sensitive data.
Change important passwords – If the device contained saved logins, update your passwords, especially for financial accounts, email, and work-related systems.
Monitor account activity – Keep an eye on bank transactions and logins for suspicious activity. If you spot anything unusual, report it straight away.
Enable tracking (if possible) – Services like Find My iPhone or Google’s Find My Device might help locate lost devices.
Alert mobile carriers – If it’s a phone, inform your provider to disable the SIM card and prevent unauthorized calls or messages.
A swift response can prevent headaches down the line.

June 16 2025

Implement role-based access.

SJ CyberAware All, Daily Tips, Govern, Protect

Role-based access is a crucial strategy to enhance security and manage permissions effectively. It involves granting access to resources and information based on a user’s role within the organization. This ensures that individuals have only the permissions necessary to perform their specific job functions. By doing so, you can reduce the risk of unauthorized access and data breaches.

Additional Information
Role-based access is a smart way to keep security tight while ensuring employees have the right level of access for their work.
Define clear roles and permissions – Make sure each role has appropriate access levels based on job responsibilities.
Follow the principle of least privilege – Grant users only the minimum access needed to perform their tasks, reducing exposure to sensitive data.
Regularly review and update roles – As teams and responsibilities change, adjust access permissions to keep security aligned with business needs.
Implement strong authentication methods – Use multi-factor authentication (MFA) to prevent unauthorized access, even if credentials are compromised.
Monitor and log access activity – Keep track of who is accessing what to detect unusual behaviour and potential security threats.
Automate access management – Use tools to streamline access provisioning and deprovisioning when employees join or leave.
Educate employees on security risks – Ensure staff understand why role-based access matters and how to handle sensitive information responsibly.
By maintaining a structured approach, businesses can minimize security risks while keeping workflows efficient.