top of page

What should be on your Cyber Security Checklist?

We all know that the last two years have brought major challenges for everyone across the UK, and businesses have faced many challenges from a digital perspective.

So what are we all doing to prepare for the digital pandemic? Hackers have stepped up their efforts and taken advantage of the gaps in the new remote work environments in the last two years.

As we're all working from home more, we should also step up our security to combat the increased attacks. Governments, businesses, organizations and individuals all paid a heavy price from breaches and from ransomware attacks. We all need to improve our cybersecurity preparedness.

So just what should we prepare ourselves? What should employees, SMEs and businesses look to work on?

1. Review your old Passwords

Even those educated in cybersecurity still have old passwords and accounts that need updating. This means that we should all review our passwords and attempt to change those which are most at-risk.

These are the passwords that are short, easily guessed or using a word or number unique to us. Such as; Date of Birth, Pet name, Maiden Name, Address etc.

Although this can be time-consuming and needs preparation, it will give you improved peace of mind.

How do I find old passwords?

If you are using a password manager in your internet browser (Chrome, Safari, etc) then most of the work is done for you.

Go to your browser’s settings and review all of your passwords. Some browsers such as Safari do the password review for you and flag a warning next to a weak or repeated password.

Make sure you review them all and change those at risk.

  • Safari > Preferences > Passwords

  • Chrome >Settings > Passwords

💡Top Tip - Make your life easier by using a password manager, this will help store all your account passwords. With a password manager, you can protect every single one of your online accounts with a strong password. Try out Last Pass or 1Password.

2. Setup Two-Factor Authentication

Two-factor authentication (often shortened to 2FA) provides a way of 'double-checking' that you really are the person you are claiming to be when you're using online services, such as banking, email or social media. This could be a code that's sent to you by text message, or that's created by an app.

Why should I use 2FA?

Passwords can be stolen by cybercriminals, potentially giving them access to your online accounts. However, accounts that have been set up to use 2FA will require an extra check, so even if a criminal knows your password, they won't be able to access your accounts.

How do I set up 2FA?

Some online services will already have 2FA switched on. However, most don't, so you will need to switch it on yourself to give extra protection to your other online accounts, such as email, social media and cloud storage. If available, the option to switch on 2FA is usually found in the security settings of your account (where it may also be called 'two-step verification').

3. Security Awareness Training

The most effective way to secure yourself in the digital world is to educate yourself and your staff through Security Awareness Training.

This doesn't have to be in-depth technical knowledge of how a cyber attack works. A simple overview of attack trends and general awareness will give you defensive measures - remember lack of knowledge is the attacker’s advantage.

For example, if you learn how Phishing works and what are the objectives of a Phishing attack then you automatically have an extra defensive measure built-in within your organisation.

Our training is focused on those with little or no cybersecurity or technical knowledge and is delivered in small, succinct modules using real-world examples.

Awareness training is tailored to each company to provide the right level of skills and context for your business. The trainers are highly knowledgeable, personable and friendly and pride themselves on providing the right environment for your people to feel comfortable and to ask questions.

4. Review your Privacy Settings

This is very important to avoid exposing unnecessary information about you or your company. Revisit your devices and social media account privacy settings and make sure these settings are in line with your company’s security & device policies.

Privacy settings for Devices:

If you've just bought a new device, or haven't looked at your security settings for a while, you should take some time to make sure you're protected against the latest threats. Fortunately, most manufacturers provide easy-to-use guidance on how to secure your devices.

Privacy settings for Social Media:

5. Stay secure when Working from Home

Working from home can be daunting for people who haven't done it before, especially if it's a sudden decision. There are also practical considerations; staff who are used to sharing an office space will now be remote. Think about whether you need new services, or to just extend existing ones, so that teams can continue to collaborate.

For example, you may want to consider services that provide chat rooms, video teleconferencing (VTC) and document sharing.

This NCSC guidance has been created to help you make sure you're organisation is prepared we're all getting used to home working.

This NCSC guidance also helps you;

  • To spot the increased numbers of coronavirus (COVID-19) scam emails

  • Setting up new accounts and accesses

  • Preparing your staff for home working

  • Controlling access to corporate systems

  • Helping staff to look after devices

  • Removable media

  • Using personal rather than work devices

💡Top Tip - Remember, under times of stress, we're not always in an ideal position to learn new technologies. Check how staff are coping; not just in terms of how to use new technologies, but also how they are adapting to having to work in new ways.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page