October 6: Cyber Action Plan and A Roadmap to Resilience
Creating a cyber action plan will help you navigate the digital world safely. A well thought out plan can help you with a structured approach to improving your security posture, help identify weaknesses and ensure a rapid response when an incident occurs. It can move you from reactive panic to proactive preparedness.
For Individuals, your cyber action plan might include:
-
Regular Password Audits: Schedule a monthly or quarterly review of your most important account passwords to ensure they remain strong and unique. Add multi factor authentication, especially to your key accounts like email.
-
Backup Schedule: Define how often you will back up critical files and where you will store them (e.g., weekly to an external hard drive, daily to cloud storage).
-
Privacy Check-ins: Set a reminder to review privacy settings on social media and other online accounts every few months.
-
Software Update Routine: Establish a habit of checking for and installing software updates on all your devices, including your phone.
-
Emergency Contact List: Keep an up-to-date list of who to contact (banks, IT support, authorities) in case of a cyber incident. Remember that your bank won't phone you and ask you for security details.
-
Learning Goal: Commit to learning about one new cybersecurity topic each month.
For Organisations, a comprehensive cyber action plan (often called an Incident Response Plan or Cybersecurity Framework) would involve:
-
Risk Assessment: Regularly identifying and evaluating potential threats and vulnerabilities to your systems and data.
-
Policy Development: Creating and maintaining clear cybersecurity policies and procedures for employees. Data Protection Education customers have access to several templates, such as a Social Media Policy, Acceptable Use Policy.
-
Employee Training Program: Implementing ongoing, engaging security awareness training. The DfE Digital Standards require all staff and students to have cyber security training annually.
-
Technical Controls Implementation: Planning for the deployment and maintenance of firewalls, anti-malware, MFA, and encryption. Although the IT department should configure and set this up, the governing body and highest level of management should ensure that it happens as part of their digital strategy.
-
Backup and Recovery Strategy: Defining robust backup procedures and tested recovery plans. The back up should be regularly tested. Remember not everything needs to be backed up!
-
Incident Response Procedures: Clearly outlining steps for detecting, containing, eradicating, and recovering from cyberattacks.
-
Regular Testing: Conducting penetration testing, vulnerability scans, and tabletop exercises to test your defences and response capabilities. The Cyber Resilience Centres can provide affordable pen testing and scanning for schools and colleges.
A cyber action plan isn't a one-time project; it's an ongoing process of assessment, improvement, and adaptation to the evolving threat landscape. Don't wait for a breach to happen; plan for protection now.
NCSC Free Cyber Action Plan
💡Today's Cyber Tip: Schedule a "Cyber Security Hour"!
Block out an hour in your calendar once a month (e.g., the first Sunday of every month) specifically for cybersecurity tasks: checking updates, backing up files, reviewing privacy settings, or changing a password. Make it a regular habit!
DPE Knowledge Bank Guidance and Support:
For schools and colleges, six of the DfE Digital Standards are now mandatory. We have a DfE Digital Standards Tracker tool help you track your cyber resilience and your progress:
Review our Cyber Security Best Practice Area for micro learning, support, guidance and policies:
Why not have a look at our 'specialist' trainer Harry the Hacker :
