top of page

FCSF Framework

Family Cyber Safety Framework v1.0, published 09-Sep-2025

​

The FCSF is built of three easy-to-remember Steps:

  1. Prepare: set the house rules and determine who is responsible for what, list the people, devices, and accounts to be protected.

  2. Protectput the everyday protection in place, and notice when something’s wrong.

  3. Respond: follow a short plan when trouble happens, restore your stuff, and improve for next time.

 

These three steps create a clear path to security: Prepare sets direction, makes assets visible, Protect prevents problems and detects early, and Respond limits damage, restores, and improves.

 

The framework includes 16 Actions to be performed to achieve these steps. Together, they form an easy-to-teach, repeatable framework that grows with your family.

prepare-protect-respond.png

Prepare

 

This is the “family constitution” of your digital life. It’s about deciding what you care about, who’s responsible for what, and how decisions get made. In this step you create a “map” of the digital home. You can’t protect what you don’t know exists.

​

Purpose:

  • Establish clear house rules so everyone knows boundaries and expectations.

  • Define who is the “admin” and who can make changes to settings or buy new devices.

  • List the people, devices, and accounts (assets) you need to protect.

  • Spot which assets are “critical” (email, bank, school portal).

  • Track devices and accounts as changes are made.

 

Importance:
Without this, the family’s security is ad-hoc. Setting simple written rules dramatically reduces mistakes. It also empowers children because they understand what’s allowed and why. Families often forget an old tablet or an unused account, which can be hijacked. By simply listing assets, you make the invisible visible and reduce blind spots.

 

Activities:

(1) Define Family Cyber Rules – One page of house rules: time online for children, what’s private, define Roles and Permissions, who uses admin and who uses standard accounts.

Review Frequency: Yearly

​

(2) Create Devices and Accounts list – the list includes Devices that need protection (phones, tablets, PCs, smart TV, router, cameras, game consoles), Account Inventory (emails, banking, socials, gaming, school portals) classified according to their criticality and who uses what (parents, kids, grandparents, visitors).

Review Frequency: Yearly or when a change happens

​

Examples in Practice:

  • One-page “Family Cyber Rules.”

  • Parents make purchases, set router passwords, and app approvals.

  • Device & Account Inventory Sheet.

  • Marking accounts as “critical” for priority security.

Protect

 

This step is about everyday shields - putting locks on digital doors and windows and noticing problems quickly.

​

Purpose:

  • Create strong barriers to unauthorized access.

  • Limit damage if one account or device is compromised.

  • Keep private data private.

  • Spot suspicious activity early to prevent major harm.

  • Give you time to react, lock down accounts, and protect finances or privacy.

 

Importance:
Most attacks succeed because of weak passwords, outdated software, or open networks. Simple protective habits cut 80%+ of common risks. Families rarely “monitor” their digital life, but early detection often makes the difference between a minor inconvenience and a major problem.

​

Activities:

(3) Set Strong Sign-in – password manager + unique passphrases + 2-step login on critical accounts (email/bank/social).

Review Frequency: Every six months

​

(4) Protect Devices - Antivirus on Computers, App hardening and permissions review on Smartphones, SW-based Firewall.

Review Frequency: Every six months

​

(5) Ensure Safe Browsing – Subscribe to the DNS family filter.

Review FrequencyEvery six months

​

(6) Update Everything – auto-updates on OS, apps, router/IoT firmware.

Review Frequency: Every six months

​

(7) Define Safe Network – WPA2/3, new router admin password, router auto-updates or scheduled firmware checks, guest/IoT network separation from home NW.

Review Frequency: Every six months

​

(8) Activate Parental Control – age filters, app store approval, screen-time limits.

Review Frequency: Every six months

​

(9) Ensure Privacy by Default – private profiles, location sharing off by default, minimal data in forms.

Review Frequency: Every six months

​

(10) Create Backups – 3 copies, 2 types of media, 1 on cloud.

Review Frequency: Every six months

​

(11) Activate Security Alerts – email/login alerts on major accounts; bank/SMS alerts for transactions.

Review Frequency: Every six months

​

(12) Perform Home Check-ups – monthly 10-minute review: new devices? Updates failed? Odd emails? Backup failed? Etc.

Review Frequency: Monthly

 

Examples in Practice:

  • Strong, unique passwords managed by a password manager.

  • Auto-updates on all devices, including the router.

  • Separate guest/IoT network plus DNS filtering for family-friendly browsing.

  • Backups (3-2-1 rule) for photos and documents.

  • Email or SMS alerts for new logins or bank transactions.

  • Quick monthly check-ups for odd emails or failed updates.

Respond

 

This is your emergency drill, helps you to understand if you are ready for incident, to respond if something happens, bouncing back quickly and learn from incidents.

​

Purpose:

  • Have a simple plan so panic doesn’t set in.

  • Ensure everybody knows what to do if something happens.

  • Minimize damage and recover faster. Get back to normal quickly after an incident.

  • Learn lessons to prevent repeats.

 

Importance:
Most people freeze or make poor decisions during digital crises. Practicing in advance, even just once, empowers the whole household. Without recovery, a ransomware infection or lost device can erase priceless family memories or disrupt school/bank access. Recovery ensures resilience.

​

Activities:

(13) Define “What If” plan – Create a list of “what If” scenarios, simple list that will be used as incident response plan (e.g., disconnect Wi-Fi, change password, call bank/school). The What If plan helps us to adopt the “stop-think-act” approach.

Review Frequency: Yearly

​

(14) Lost Device Playbook – What actions to take if a device is lost (locate/lock/wipe with Find My/Android Device Manager, change major passwords).

Review Frequency: Yearly

​

(15) Restore & Reset Procedure – How to clean reinstall if malware suspected, restore from backup, re-enable 2-step login.

Review Frequency: Yearly

 

(16) Learn & Improve – Write 2 lines: what happened, what to change (e.g., add 2FA for X, move camera to guest Wi-Fi).

Review Frequency: When incident happens

 

 Examples in Practice:

  • “Stop–Think–Act” mini-incident plan: disconnect Wi-Fi, change passwords, enable account recovery.

  • Lost Device Playbook: locate, lock, wipe, change major passwords.

  • Prepared contact info for banks, schools, or local authorities.

  • Regular backups stored in cloud.

  • Wiping and reinstalling a device, then restoring from backup.

  • Reviewing what happened and updating house rules or security settings.

​

Next > Implementation

bottom of page