1. Consider the different types of information that you hold and seek to better understand both their value to your work and the harms to you and others that could result from an attacker accessing them. Put in place additional measures to protect those assets representing the greatest value or potential harms.
2. If it has to be shared, communicate sensitive information with co-workers face-to-face or using communication tools that allow end-to-end encryption and disappearing messages.
3. Ensure that any computer or mobile device that you use:
a. Cannot be physically accessed by unauthorised persons.
b. Requires a password or passcode to unlock.
c. Is running the latest available versions of the operating system and all installed apps/software.
d. Has full disk encryption enabled, if legal in your country.
e. Has antivirus software and a firewall installed, updated and configured correctly.
f. Is not rooted or jailbroken and does not have any pirated software installed on it.
g. Is shut down and powered off as frequently as possible, rather than just put into sleep or hibernate state.
4. Ensure that any online service that you use:
a. Requires a complex, unique password to access.
b. Has two-factor authentication (2FA/2SV) enabled, if available.
5. Use a privacy-focussed VPN if accessing the internet through a public or untrusted network.
6. Securely delete sensitive information in all its forms and variations as soon as it is no longer needed, and ensure that it is not recoverable.