Skip to main contentSkip to navigation within this section

Key practices for strengthening IT and device security Checklist for everyone in your organisation

On this page

There are four key areas to secure: Wi-Fi, passwords, devices and accounts.

  • Your Wi-Fi network is a potential access point for malware and virus attacks. To help keep your organisations Wi-Fi network safe:
    • Make sure your Wi-Fi network names do not reveal information about your location or your network equipment.
    • Set up a password to protect your Wi-Fi, so people outside your organisation cannot access it.
    • Create a guest Wi-Fi network with a password protected connection and separate from your organisation’s main network, to prevent potential malware or viruses from guests’ devices from affecting the main network.
    • Change the default administrator name and password of your router, to make it harder to access.
    • Check your router for firmware updates as they will help keep your security settings up to date. Schedule automatic updates (if available). Create a schedule or reminder to restart your router every month.
    • Enable a firewall on your router to help stop malware or virus attacks.
    •

  • Weak passwords can increase your risk of malware and virus attacks.
    • A strong password is long (at least 16 characters), has multiple characters and symbols in it, and is not reused across multiple accounts.
    • If your passwords are not already long and strong, update them.
    • You should start with your most important accounts as a priority, but make sure you update all passwords as soon as you can.
    • Change your password if you have any suspicion your devices or accounts have been compromised.
    • Install a multi-factor authentication (MFA) to add another layer of protection to account and device access.
    • Check that all your accounts that support MFA are configured to use MFA.
    • Consider installing and using a password manager and make sure your password manager has your updated passwords.
    •

  • Your electronic devices (phone, tablets and laptops) can be vulnerable to online cyber security threats. To help keep your devices safe:
    • Turn on a PIN or password for all your devices. See secure your passwords.
    • Enable auto-updates on your devices (phone, tablets, laptops and PCs).
    • Run a full scan of your anti-malware/anti-virus software. Schedule re-occurring weekly updates and full weekly anti-malware scans.
    • Review your mobile application privacy and security settings to make sure these are active and up to date.
    • Turn off your mobile devices daily as this can reduce malware or virus attacks which rely on repeated attempts.
    • Consider using a virtual private network (VPN) service as it hides your Internet Protocol (IP) address and encrypting data, as well as protecting against malware or virus attacks.
    • Make sure passwords on your devices are strong.
    • Apple iOS users - Turn on Lockdown Mode for extra protection.
    • Android users - Ensure you are using Google Play Protect.
    • Consider using a power bank when away from home, or a USB data blocker at public charging stations, to reduce the risk of malware being transferred to your device.
    •

  • Use good security practices to help keep your accounts secure and check they haven’t been compromised.
    • Check to see if any of your accounts have been compromised using the Have I Been Pwned website.
    • Review all your accounts and configure privacy and security restrictions to ensure only the appropriate people have access.
    • Create a full list of all your online accounts so you can keep track and record when each one was last reviewed or updated.
    • Enable multi-factor authentication (MFA) to add another layer of protection to accounts.
    •

More information

This content is based on information from National Cyber Security Centre’s Cyber Resilience Guidance.

More information about staying safe online can be found on the Ministry for Ethnic Communities and the Own Your Online websites.

Last modified: