Cyber Security
Cyber Security Best Practices
- Use Strong Passwords
Create a password with 12 or more characters, mixing uppercase/lower letter, numbers, and symbols. Avoid personal information or dictionary words. Instead use a long, memorable “passphrase” of random words. Example, “HouseGreenCheetah28!”. This password should be unique. Never reuse the same password across different sites. - Implement Multi-Factor Authentication
Enhances security by requiring two or more independent factors for access:
- password and pin
- plus Fingerprints or Face scan or One-Time Passcode sent to your phone or email.
- Software Updates
Keeping software updated is critical for security, as updates patch vulnerabilities that hackers use to steal data or install malware. Enable automatic updates for operating systems, apps, and browsers, and install prompted updates immediately to protect your devices. Use only official sources for updates to avoid fake, malicious software. - Be Aware of Social Engineering Attacks
Social engineering attacks manipulate human emotions such as fear, urgency, or curiosity, to steal sensitive information or bypass security, often relying on phishing, baiting, or impersonation. Protect yourself by verifying unexpected requests via official channels, never clicking suspicious links, and questioning urgent demands for data. BRBR Key Indicators of Social Engineering Attacks- Urgency and Pressure: Messages, calls, or emails demanding immediate action (e.g., “account suspended,” “wire money now”).
- Fear and Threats: Intimidation tactics, such as threatening legal action or loss of access, to bypass critical thinking.
- Too Good to Be True: Offers for free gifts, exclusive deals, or prizes that require personal information.
- Unusual Requests: Strange, unexpected requests from known contacts, colleagues, or authorities.
- Impersonation: Attackers pretending to be IT staff, senior management, or trusted vendors.
- Back up data
By following the 3-2-1-1-0 rule: The 3-2-1-1-0 backup rule is a robust data protection strategy designed to prevent data loss from ransomware and hardware failure. It requires:
- 3 Copies of Data: Maintain your primary data and two backups (3 total) to ensure recovery if one or two copies are lost.
- 2 Different Media: Store backups on at least two different types of storage (e.g., local hard drive and cloud) to avoid simultaneous failure.
- 1 Off-site Copy: Keep at least one backup in a separate physical location, such as a cloud repository or a different building, to protect against localized disasters.
- 1 Offline / Immutable Copy: Maintain an “air-gapped” (offline) or immutable copy that is disconnected from the network, making it immune to ransomware attacks that seek to destroy backups.
- 0 Errors: Regularly test backups and use automated monitoring to ensure they are complete and error-free, ensuring a 0% failure rate during restoration.
- Use a Firewall
A firewall is essential for network security, acting as a barrier that filters incoming and outgoing traffic based on security rules to block unauthorized access, malware, and cyber attacks. It should be enabled on all devices, including Windows/Mac computers, and within home routers to protect against malicious traffic, especially on public, unsecured Wi-Fi. - Encrypting your data
Encrypting your data makes it unreadable without a secret key, protecting sensitive information on devices, in transit, or in storage. Use built-in tools like BitLocker (Windows), FileVault (Mac), or mobile “Encrypt Phone” settings, alongside 256-bit encryption for files. Always use strong, unique passwords to secure your keys. - Educating employees
This involves creating a structured, ongoing learning culture that blends formal training, on-the-job experience, and personal development to boost productivity, engagement, and retention. Key methods include eLearning, workshops, mentoring, and career mapping, tailored to specific roles and organizational goals. - Implementing cybersecurity frameworks
Like NIST CSF 2.0, Cyber Essentials Plus, CAF 4.0 or ISO 27001 involves a structured, risk-based approach to identify, protect, detect, respond to, and recover from threats. Key steps include defining scope, auditing current assets, performing gap analysis, implementing tailored controls (e.g. access, training), and conducting continuous monitoring. - Continuous Learning
Continuous learning in cybersecurity is essential to combat rapidly evolving threats, requiring professionals to constantly update skills in AI, cloud security, and risk management. It involves moving beyond one-off training to a culture of curiosity, using methods like simulations, certifications, and "in-the-flow-of-work" learning to stay ahead of attackers.
For further information please see the National Cyber Security Centre website Cyber security advice for you and your family - NCSC.GOV.UK
Home
- News Area
- About Us
- Benefits
- Building Control
- Business
- Community and Living
- Council and Democracy
- Council Tax
- Elections
- Emergency Planning
- Environment
- Environmental Health
- Housing
- Land Charges
- Leisure and Culture
- Planning and Growth
- Recycling and Waste
- Rushcliffe Oaks Crematorium
- Streetwise
- Transport and Streets
- Tell us
- Pay
- Apply
- View
- Disclaimer
- Rushcliffe Borough Council Privacy Notice
- Public Register Privacy Notice
- Tell Us links
- A list of services you can pay for online
- A list of services you can apply for online
- A list of services you can view
- Accessibility Statement
- Copyright 2023
- Lost Dog Report
- E Billing
- Sitemap
- Page not found
- People & Skills Privacy Statement
- Public Inquiries
- Public Inquiries
- Cyber Security