HD Cyber Defence logo HD Cyber Defence Real-time monitoring and practical cyber guidance
Guides

Practical cyber security guides for people, teams, and smaller organisations

These guides are written to be useful, readable, and defensive. They avoid unsafe detail and focus on practical steps that improve security habits, awareness, monitoring, and incident readiness.

Personal and household security

Start with the controls that reduce everyday compromise risk

Personal security

How to improve personal account security

Focus first on unique passwords, MFA, login alerting, recovery details, and device hygiene.

Practical guidance
  • Use a password manager and stop reusing passwords across services.
  • Turn on MFA for email, banking, social media, and cloud storage.
  • Review recovery email addresses, phone numbers, and recent sessions.
  • Keep browsers, phones, and laptops updated.
Authentication

How to enable MFA

MFA is one of the highest-value controls for reducing password-only compromise.

Practical guidance
  • Start with email, Microsoft 365, Google, banking, VPN, and admin accounts.
  • Prefer stronger app-based or phishing-resistant methods where available.
  • Store backup codes safely and do not share them.
  • Remove old devices or unused MFA methods from the account settings page.
Phishing

How to recognise phishing emails

Look for urgency, unusual requests, fake login pages, payment pressure, and subtle mismatches in sender details.

Practical guidance
  • Pause when a message pushes urgency, secrecy, or fear.
  • Hover over links before opening them, or go to the site directly instead.
  • Verify unusual requests using a separate channel.
  • Be cautious even if the wording looks polished. AI makes scams more convincing.
AI scam awareness

How to recognise AI-generated phishing

AI can make scams look polished, personalised, and less obvious. Treat unusual requests as a process problem, not a writing-quality test.

Practical guidance
  • Watch for urgency, unusual payment pressure, new login links, and requests to bypass normal process.
  • Verify sensitive requests through a separate trusted channel.
  • Report suspicious messages even when the wording looks professional.
  • Train teams with examples that include polished, believable scam language.
Response

How to respond if your account is hacked

Move quickly, but keep your actions organised so you do not lose important evidence or miss follow-up accounts.

Practical guidance
  • Reset the password from a clean device if possible.
  • Revoke suspicious sessions, tokens, and connected apps.
  • Enable MFA immediately if it was not already in place.
  • Review related services such as email, cloud storage, and social accounts.
Safe browsing

How to check suspicious links safely

Do not click out of curiosity. Use safer verification habits instead.

Practical guidance
  • Read the visible text and the real destination carefully.
  • Open the legitimate site manually in your browser rather than using the link.
  • Do not enter credentials into a page you reached through an unexpected message.
  • If in doubt, confirm with the sender through a trusted channel.
AI scam awareness

How to protect against AI voice scams

Voice cloning and polished scripts make verification routines more important, not less.

Practical guidance
  • Treat urgent payment or access requests as suspicious until verified.
  • Use a known call-back number or a separate channel to confirm identity.
  • Set internal approval steps for sensitive requests.
  • Warn family members and executives that familiar voices are no longer enough.
Business and readiness

Build practical resilience before the pressure arrives

Incident readiness

How to build a basic incident response plan

Keep the plan short, realistic, and clear on who does what in the first few hours.

Practical guidance
  • List critical contacts, internal owners, and external support providers.
  • Define what counts as a serious incident and who can declare one.
  • Include evidence handling, containment approval, and communications basics.
  • Test the plan with a simple exercise, then improve it.
Home cyber hygiene

How to improve cyber hygiene at home

Home networks and devices still deserve patching, MFA, backups, and safer browsing habits.

Practical guidance
  • Update the router, laptops, phones, TVs, and smart devices.
  • Change default passwords and review unnecessary remote access features.
  • Use MFA on email and cloud accounts used by the household.
  • Back up important family photos and documents separately.
Small business

How small businesses can start with cyber security

Start with a few high-impact basics rather than trying to buy every tool at once.

Practical guidance
  • Protect email, admin accounts, remote access, and business-critical systems first.
  • Patch promptly and remove unsupported or unused services.
  • Use MFA, backups, and least privilege as standard practice.
  • Train staff to verify unusual requests, invoices, and login prompts.
Essential Eight

How to understand the ACSC Essential Eight

The Essential Eight is a practical way to think about prevention, identity, patching, and recovery maturity.

Practical guidance
  • Use it to discuss maturity, not just compliance.
  • Prioritise the controls that reduce your most likely and most damaging risks.
  • Track exceptions and known gaps, especially around admin privilege, MFA, and patching.
  • Use the Cyber Castle simulator on this site as a conversation starter.
Dark web exposure

How to respond to dark web exposure concerns

Leaked credentials or brand mentions should be treated as signals to validate, triage, and reduce exposure, not as a reason to panic.

Practical guidance
  • Confirm whether the exposed account, domain, or brand reference is genuine.
  • Reset affected passwords and revoke suspicious sessions.
  • Check whether the same password was reused elsewhere.
  • Use the finding to improve MFA, monitoring, and staff awareness.
Vulnerability scanning

How to use vulnerability scanning safely

Scanning is most useful when it is authorised, scoped, prioritised, and followed by practical remediation.

Practical guidance
  • Only scan systems you own or are explicitly authorised to assess.
  • Start with internet-facing systems, browsers, VPN, email, and business-critical services.
  • Prioritise known exploited vulnerabilities and exposed management interfaces.
  • Track remediation owners, due dates, and accepted exceptions.
Local AI and agent safety

Use local AI agents carefully and defensively

The guides below stay intentionally high-level. They are about safer use of local tools, not offensive or production-risky behaviour.

Safety warnings for local AI agents and tool-enabled workflows

  • Use local workspace permissions carefully.
  • Do not expose private keys, API secrets, or sensitive production data.
  • Do not connect tools to production systems without approval.
  • Keep gateways and local services bound to localhost where possible.
  • Review tool permissions before enabling automation.
Local AI tools

How to trial local AI agent tools safely

Use a test workspace first, keep permissions narrow, and review what the tool can access before enabling anything powerful.

Practical guidance
  • Install and test in a non-production environment first.
  • Use a clean local workspace with no unnecessary secrets.
  • Review connectors, automation permissions, and network exposure.
  • Keep logs, outputs, and uploaded files free from sensitive data where possible.
Local AI tools

How to review local AI agent permissions

Local agent tools can be useful, but they also increase the need for boundary-setting, data care, and explicit authorisation.

Practical guidance
  • Use them on isolated projects until you understand the permission model.
  • Prefer localhost-only operation for local gateways or control planes.
  • Do not give an agent broad shell, cloud, or repository access without review.
  • Document what the agent is allowed to do and what always requires human approval.
AI data safety

How to safely use local AI agents without exposing private data

The safest pattern is least privilege, clear boundaries, and deliberate review of every integration.

Practical guidance
  • Strip secrets and personal data out of sample workspaces where possible.
  • Review file access, connector access, and outbound network access carefully.
  • Keep approval steps for destructive or high-impact actions.
  • Treat prompt logs and model outputs as data that may need protection too.