Secure Configuration
Cyber Essentials — Secure Configuration
The Cyber Essentials Secure Configuration control requires that devices and software are set up as securely as reasonably possible. This means removing unnecessary software, changing insecure default settings, and ensuring only the services you actually need are running. These guides cover every Secure Configuration task for home users and businesses.
What this control covers
- ✓Enable full-disk encryption on laptops (BitLocker on Windows, FileVault on Mac)
- ✓Remove unused apps and software that don't receive security updates
- ✓Review and restrict app permissions on phones and tablets
- ✓Disable Remote Desktop Protocol (RDP) if not needed — a common ransomware entry point
Secure Configuration Guides (14)
- Enable full-disk encryption on your laptopTurn on BitLocker (Windows) or FileVault (Mac) to encrypt everything on your laptop's hard drive.
- Remove unused apps and softwareUninstall applications you no longer use from your devices. Every extra app is a potential vulnerability.
- Review app permissions on your phoneCheck which apps have access to your camera, microphone, location, and contacts. Remove permissions that aren't needed.
- Disable remote desktop access if not neededIf you do not use Remote Desktop Protocol (RDP) or similar remote access tools, disable them on your computers.
- Back up your most important filesSet up automatic backup to the cloud for your photos, documents, and important files. If your device is lost, stolen, or infected with ransomware, a backup means you don't lose everything.
- Use a VPN when connecting to public Wi-FiA VPN encrypts your internet connection when you use public Wi-Fi in coffee shops, hotels, and airports. Without one, anyone on the same network can potentially intercept what you're sending and receiving.
- Set up remote wipe on your devicesConfigure your phone, tablet, and laptop so you can erase all data on them remotely if they are lost or stolen. This takes a few minutes to set up and could prevent serious data exposure later.
- Test that your backup actually worksRestore a single file from your backup to confirm it is working correctly. Many people discover their backup has been failing silently only when they need it most.
- Review your social media privacy settingsCheck who can see your posts, your location, and your personal information on each social media account. Fully public profiles give scammers and identity thieves easy access to information they can use against you.
- Apply the 3-2-1 backup ruleKeep 3 copies of important data, stored on 2 different types of media, with 1 copy held offsite or in the cloud. This approach protects against ransomware, hardware failure, fire, and theft simultaneously.
- Review what data Google holds about youVisit your Google account's privacy settings, review what activity and personal data is stored, and turn off any collection you are not comfortable with. Includes location history, search history, and ad personalisation.
- Remove personal contact details from your social media profilesReview every social media profile and remove any personal information you do not need to share publicly — phone number, home address, birthday, and workplace. This information is routinely harvested for use in targeted scams and identity theft.
- Set a strong screen lock on your phoneSet a PIN, password, or biometric lock on your phone so that no one can access it if it is lost or stolen. A screen lock is the single most important protection on a mobile device.
- Set your phone to lock automatically after 30 secondsConfigure your phone to lock itself automatically after 30 seconds of inactivity. If you put your phone down and walk away, it will lock before anyone else can pick it up and access it.
Track your Secure Configuration progress — free
Create a free account to check off tasks as you complete them and see your overall Cyber Essentials alignment score.
Start your free security check