October 10. Understanding Your Cyber Posture
Before you can effectively improve your cyber security, you must first understand where you are - Understand Your Cyber Posture. It involves a thorough evaluation of your existing security measures, identifying vulnerabilities, and understanding the risks you face. You can't protect what you don't know you have or what weaknesses you might have hidden
For Individuals:
-
Inventory Your Digital Footprint: List all your online accounts (email, social media, banking, shopping, cloud storage). Are there old ones you no longer use? Delete them.
-
Password Health Check: Review the strength and uniqueness of your passwords across these accounts. Use a password manager's audit feature if available. Configure MFA where you can.
-
Privacy Setting Review: Check the privacy settings on your most used apps and social media platforms. Are you sharing more than you intend?
-
Device Security: Are your computers and phones password-protected? Do they have up-to-date antivirus software? Are they set to receive automatic updates? Could you set up biometric password control?
-
Backup Status: When was your last backup of critical personal files? Is it stored securely?
-
Awareness Level: How confident are you in spotting a phishing email? Do you know what to do if you suspect a scam?
For Organisations:
-
Asset Discovery: Identify all hardware (servers, workstations, mobile devices, IoT devices) and software (operating systems, applications, databases) in your environment. If you are a school or college, you should do this as part of the DfE Digital Standards. All organisations should have loan agreements with any staff that use the organisation's equipment as an agreement of how they will treat the device, but also as part of asset discovery, so you can track who has what device.
-
Vulnerability Assessments: Conduct regular scans to identify known security weaknesses in your systems, applications, and network infrastructure.
-
Penetration Testing: Simulate real-world attacks to identify exploitable vulnerabilities and evaluate the effectiveness of your security controls.
-
Risk Analysis: Understand the potential impact and likelihood of various cyber threats to your specific assets and operations.
-
Compliance Audit: Assess adherence to relevant industry regulations and data protection laws.
-
Policy and Procedure Review: Evaluate whether your existing security policies are comprehensive, up-to-date, and effectively implemented. Consider having an Acceptable Use Policy - DPE customers can download a template policy through our Knowledge Bank portal.
-
Employee Assessment: Gauge employee awareness levels through surveys or simulated phishing campaigns.
An honest and comprehensive assessment provides a clear baseline, highlighting your strengths and, more importantly, pinpointing areas that need immediate attention and guiding your subsequent cyber security investments and efforts. It's the essential first step on your journey to enhanced digital resilience.
💡Today's Cyber Tip: Reduce your digital footprint.
Today, take 15 minutes to conduct a "digital spring clean." Log into an old online account you no longer use (email, social media, shopping) and either secure it with a new strong password and MFA, or better yet, permanently delete it. Reducing your digital 👣 footprint reduces your attack surface!
Simple Cyber Checklist:
Organisations can use our simple checklist to determine where you are with cyber security - you'll need to be a customer to view this, but here's a sample question:
(Access to the checklist will be via our Knowledge Bank portal, contact us on
{module title="Checklist: Cyber Security"}
DPE Knowledge Bank Guidance and Support:
For schools and colleges, six of the DfE Digital Standards are now mandatory. We have a DfE Digital Standards Tracker tool help you track your cyber resilience and your progress:
Review our Cyber Security Best Practice Area for micro learning, support, guidance and policies:
Why not have a look at our 'specialist' trainer Harry the Hacker :
