Respond

August 24 2025

Maintain good cybersecurity practices.

SJ CyberAware All, Daily Tips, Govern, Protect, Respond

Cybersecurity isn’t a one-time fix, it’s a daily habit. Keep software patched, use strong passwords, enable MFA, and back up data regularly. Train staff to spot phishing and report suspicious activity. Document policies and revisit them often. Good practices aren’t just technical, they’re cultural. When security becomes part of how your team thinks, clicks, and communicates, you build resilience that lasts longer than any tool or firewall.

Good Practices
Cybersecurity: A Daily Habit, Not a One-Time Fix
Cybersecurity isn’t a one-time fix, it’s a daily discipline woven into how your team works. Just like locking the office door every night, digital safety needs to become second nature. By combining technical safeguards with cultural awareness, you can build resilience that lasts longer than any tool or firewall.
Top Tips for Everyday Cybersecurity:
Keep Software Patched
Enable automatic updates where possible.
Regularly check for firmware updates on routers, firewalls, and IoT devices.
Use Strong, Unique Passwords
Adopt a password manager to reduce reuse and weak choices.
Encourage passphrases (e.g., “Purple!Chair_Dragon#42”) over short, complex codes.
Enable Multi-Factor Authentication (MFA)
Prioritize MFA for critical systems: email, banking, cloud storage.
Avoid SMS-only codes, use authenticator apps or hardware tokens where possible.
Back Up Data Regularly
Follow the 3-2-1 rule: 3 copies, 2 formats, 1 off-site.
Test your backups quarterly to ensure you can restore them.
Train Staff Continuously
Run phishing simulations and quick refreshers, not just annual courses.
Encourage a “no blame” culture so employees report suspicious emails without fear.
Document and Revisit Policies
Review access rights, bring-your-own-device (BYOD) rules, and incident procedures.
Update policies at least annually, or after a major change in tools or staff.
Make Security Cultural
Celebrate staff who spot and report threats.
Use posters, team chats, or short videos to keep awareness alive.
Stay Alert to New Threats
Follow trusted sources like the NCSC or CISA for alerts.
Run tabletop exercises to rehearse response to incidents.
Remember: Security isn’t just what you install, it’s what you practice. When your team treats cybersecurity like brushing their teeth, simple, daily, non-negotiable, you create resilience that outlasts the latest attack trend.

July 27 2025

Encourage the reporting of security concerns.

SJ CyberAware All, Daily Tips, Detect, Protect, Respond

Encouraging the reporting of security concerns helps maintain a secure environment by addressing potential threats promptly. Create a culture where employees feel comfortable reporting suspicious activities or vulnerabilities without fear of repercussions. Provide clear channels for reporting, ensuring all concerns are taken seriously and investigated thoroughly. This practice helps identify and mitigate risks early, fostering a safer and more secure organization.

I recently wrote a an article called “Put Your Hand Up!”, go have a read.

No drop down tip or additional information, just read the article.

July 11 2025

Test your incident response plan regularly.

SJ CyberAware All, Daily Tips, Govern, Protect, Respond

Regularly testing your incident response plan ensures its effectiveness and readiness. Conducting simulations and drills helps identify weaknesses, improve coordination, and ensure everyone knows their roles during an actual incident. This practice keeps the plan up to date and prepares your organization to respond promptly to security incidents.

Why you should.
Why You Must Regularly Test Your Incident Response Plan
Identify Weaknesses Before Attackers Do
Testing uncovers gaps in procedures, technology, or communication that could be missed until it’s too late.
Clarify Roles and Responsibilities
Simulations ensure every team member understands what to do, when to do it, and who to notify during a real incident.
Improve Response Time
Practice builds confidence and coordination, helping teams act faster and more decisively when under pressure.
Strengthen Communication Channels
Drills test internal and external communication flows, including with third parties, customers, or regulators.
Ensure Tools and Systems Work Together
Test integrations between security tools, backup systems, monitoring platforms, and alerting mechanisms.
Promote a Security-First Culture
Regular drills keep cyber threats front-of-mind and reinforce the importance of resilience across the business.
Meet Compliance and Insurance Requirements
Many frameworks (e.g. ISO 27001, Cyber Essentials, NIST) and cyber insurers require proof of regular testing as part of due diligence.
Keep the Plan Current
As the business evolves, new staff, new tech, new threats—the plan must evolve too. Testing forces you to update.

July 9 2025

Report any security anomalies.

SJ CyberAware All, Daily Tips, Govern, Protect, Respond

Reporting security anomalies quickly is essential. If you notice any unusual system behaviour, unauthorized access, or potential security breaches, report it to your IT department or security team immediately. Early reporting allows for quick investigation and mitigation, minimizing risk and protecting your organization. Staying vigilant and proactive in reporting helps maintain a secure digital environment.

Reasons for reporting
Tips for Reporting Security Anomalies Quickly

Don’t Delay, Report Right Away
If something feels off, trust your gut. Unusual pop-ups, slow systems, login issues, or files behaving strangely could be signs of compromise.

Know the Channels
Make sure everyone knows who to report to, IT helpdesk, security team, or a designated contact. Display this info clearly on intranet pages, posters, or desktops.

Be Specific in Your Report
Include what happened, when, what device you were on, and any error messages. Screenshots help, but don’t delay reporting while trying to collect perfect info.

Avoid DIY Fixes
Don’t try to troubleshoot suspicious activity yourself, disconnect from the network if needed, then report. You might preserve vital evidence.

No Shame in Reporting
Whether it’s a dodgy link you clicked, a strange email you opened, or a potential phishing attempt, report it, not regret it. Quick action limits damage.

Stay Vigilant, Not Paranoid
Being alert doesn’t mean being anxious. Regular reminders, short cyber drills, and “what if” examples help keep awareness high without fear-mongering.

Create a No-Blame Culture
Reinforce that reporting is helpful, not harmful. Fear of getting into trouble delays reporting and gives threats more time to spread.

Track & Celebrate Reporting Wins
Share anonymous “caught-it-in-time” stories in internal newsletters or dashboards to show the value of prompt reporting.
Reporting security anomalies quickly is essential. If you notice any unusual system behaviour, unauthorized access, or potential security breaches, report it to your IT department or security team immediately. Early reporting allows for quick investigation and mitigation, minimizing risk and protecting your organization. Staying vigilant and proactive in reporting helps maintain a secure digital environment.

June 22 2025

Report lost or stolen devices promptly.

SJ CyberAware All, Daily Tips, Govern, Respond

Reporting lost or stolen devices promptly is crucial for minimizing the risk of data breaches and unauthorized access. Notify your IT department or service provider immediately to initiate security protocols, such as remote wiping, locking the device, and tracking. Prompt action can help protect your sensitive information and prevent potential misuse.

The Reasons
Acting fast when a device is lost or stolen can make all the difference.
Notify the right people immediately – Contact your IT department, service provider, or relevant authorities so they can initiate security measures.
Attempt remote actions – Many devices allow remote wiping or locking. If available, use this feature to protect sensitive data.
Change important passwords – If the device contained saved logins, update your passwords, especially for financial accounts, email, and work-related systems.
Monitor account activity – Keep an eye on bank transactions and logins for suspicious activity. If you spot anything unusual, report it straight away.
Enable tracking (if possible) – Services like Find My iPhone or Google’s Find My Device might help locate lost devices.
Alert mobile carriers – If it’s a phone, inform your provider to disable the SIM card and prevent unauthorized calls or messages.
A swift response can prevent headaches down the line.