Sign in Subscribe
Cybersecurity

Six practical cyber security steps in 2025

Six practical cyber security steps in 2025 you can take to improve your digital privacy!

Jonathan Evans

5 min read
A picture of two people using tablets to communicate securely while hackers watch over them
End to end encryption - AI generated graphic

In this article we will be covering six practical cyber security steps you can take to improve your digital privacy. All of the recommendations can be implemented free of charge. This article was written in January 2025 so please keep up to date with technology as it advances.

EFF logo

This article is based on two great resources available on the internet. The first is the Electronic Frontier Foundation (EFF) a not-for-profit digital rights group and their Surveillance Self-Defense: Seven Steps to Digital Security.

The seven EFF steps are:

  1. Knowledge is power
  2. The weakest link
  3. Simpler is safer and easier
  4. More expensive doesn’t mean more secure
  5. It’s Ok to trust someone (but always know who you’re trusting)
  6. There is no perfect security plan
  7. What’s secure today may not be secure tomorrow

It’s worth reading what the EFF has said on each of these topics but we would like to highlight three that really stand out: knowledge is power, the weakest link and there’s no perfect security plan.

1: Knowledge is power

A book with a padlock on it exploding in a bright light
Knowledge is power - AI generated graphic

It’s important to think about and understand what you are protecting and why. Once you have this information you can think about the threats to what you are protecting and the consequences of compromise. This means knowing your information sources (that you want to protect), where and how your information is stored and the systems processing that information. Collect this information in a spreadsheet and start the journey.

A tug of war with a chain and one of the links is breaking
The weakest link - AI generated graphic

When thinking about your information, it’s storage and processing you need to think about the controls protecting that information. This should highlight areas of weakness where appropriate controls are missing or are weak.

A good place to start is thinking about how the information is stored (is it encrypted), are all your devices fully patched, do you use any old devices with weak or poor security. Once you are aware of the weaknesses you can take action or at least be aware of the real risk you are taking.

As an example some people have password safes with complex passwords and very good security. But they have forgotten that some time ago they used their mobile phone and took a photo of passwords or recovery phrases. This means the photographs may be the weakest link but because we think of photos as being different to information we may not perceive the risk they present. It might be time to review your photos and purge any passwords. While you’re at it, maybe, you should check Evernote (or OneNote) too if you use it!

3: There’s no perfect security plan

An example plan being observed by a hacker
No perfect security plan - AI generated graphic

It’s great having a plan and applying stronger controls to protect your privacy but there will be times when your privacy is violated. For example you could have a really great password that is super strong but you’ve used it on a site with poor security and they have been breached. Not through any fault of yours, your super strong password has now been compromised. When this happens it’s good to have a plan. It could be to change your password, close account and re-open it with a new email address, reset your phone, rebuild your computer, this list is endless in terms of what you ‘could do’. Think about this now and write it down before you actually need it!

You can easily see if your password has been compromised by visiting haveibeenpwned. This site is hosted by Troy Hunt, a well known security researcher, who collects and makes available details of compromised emails and associated information including passwords. He takes great care sharing in a responsible manner.

CISA logo

The second article is from Cybersecurity & Infrastructure Security Agency (CISA) they are the national coordinator for critical infrastructure security and resilience in the US. The CISA article is on the subject of mobile communications best practice. guidance-mobile-communications-best-practices.pdf

The CISA guide covers

  1. General recommendations
  2. Iphone-specific recommendations
  3. Android-specific recommendations

This guide is great and contains a wealth of information that is relatively easy to action and we would like to highlight three that stand out: Use only end-to-end encrypted communications, use a password manager and protect your domain name system queries.

4: End-to-end encrypted communications

A picture of two people using tablets to communicate securely while hackers watch over them
End to end encryption - AI generated graphic

This is very interesting to see in this list coming from a federal agency. In recent months a number of telecommunications companies in the US have been compromised by a nation state actor. This recommendation from CISA to use end-to-end encrypted apps similar to Signal effectively prevents telecommunication companies from being able to read this information but most importantly protects it from nation state actors (including the US government).

5: Use a password manager

A manager siting at a desk with a password vault in his office
Password manager - AI generated graphic

If you are reading this article it is likely that you have a password manager - they are very popular. We can’t stress enough how important this is to have one.  The CISA guide provides some suggestions on which to consider. In the event of an incident it is likely the password manager will be a critical resource to help you change your passwords, ensure they are unique and securely stored! The master password used for your password safe must not be used for any other service!

6: Protect your Domain Name System (DNS)

An IT manager siting at a desk with a laptop selecting a DNS provider
DNS Providers - AI generated graphic

Most personal and home technology these days will default to using the Wi-Fi router for DNS queries. This means by default you are trusting your broadband provider or that of the wi-fi you connect to when travelling. Your DNS queries reveal what sites you connect to and perhaps the content. This information over time is invaluable to an attacker and may make you susceptible to specially crafted attacks. If you don’t want to accept this default you can define the DNS provider you choose to trust and keep your communications more private.

Some DNS service providers such as Cloudflare can also prevent access to adult material and sites distributing malware or sites know to be malicious. This is done by not providing the answer to DNS queries. It’s an additional level of malware protection. This is the kind of cyber security control that 'saves the day' when you click that malicious link in the phishing email and it simply fails to detonate!

Conclusion

In this 'Six practical cyber security steps in 2025' article we hope you have found something useful and identified at least one thing you can do today to improve your digital privacy!

About IT Security Locksmith

IT Security Locksmith specialises in board level training and consultancy.

To find out more about our capabilities please click here.

Our services page showcases the types of services we offer.

Click here to contact us for a no obligation initial consultation.

Sign up for more like this.

Enter your email
Subscribe