Cybersecurity Best Practices: Do’s and Don’ts to Combat Security Threats

The quick evolution of technology brings excellent opportunities for growth and innovation. However, in today’s interconnected world, strong cybersecurity measures are vital to protect yourself and your valuable data.

Fear not, as decoding the cybersecurity landscape doesn’t need to be frightening. Our security experts listed the most common security mistakes in an accessible guide of essential do’s and dont’s for any IT and security managers looking to reinforce their defences.

Are you not in IT? Don’t worry, this guide contains many practical tips for everyone!


Password Policies

DO: Implement robust password policies. What does that mean?

  • Create lengthy, complex passwords blending uppercase and lowercase letters, numbers, pet names and symbols.
  • A password management tool can help you in managing these complex passwords.
  • Use different passwords for every application or tool.

DON’T: Neglect centralised management and regular auditing.

  • Enforce password policies across all systems and conduct frequent audits to ensure compliance.
  • Discourage predictable information like birthdates, names, or addresses.



“The Verizon 2021 data breach investigations report demonstrates that 81% of all security breaches are a direct result of weak passwords.”


According to Google Harris poll, 68% of employees are using the same passwords for multiple accounts. This exponentially increases the damage that a cybercriminal can do.



Two-Factor Authentication (2FA)

DO: Enable 2FA for an added security layer. Even if a password is compromised, 2FA can block unauthorised access.

DON’T: Underestimate the need for backup plans for 2FA, ensuring account recovery processes are in place in case an employee loses access to its primary two-factor authentication.


Software Updates

DO: Keep software and devices updated. These updates often patch critical security vulnerabilities.

  • Prioritise installing updates as soon as they become available.
  • Consider enabling automatic updates for seamless protection.

DON’T: neglect software updates. Outdated software is a prime target for cybercriminals.


Security Software Updates

DO: Install and regularly update antivirus and anti-malware software.

  • Investing in reliable antivirus and anti-malware software provides a strong line of defence against malicious software, including viruses, ransomware, and spyware.

DON’T: Solely rely on built-in security features, which may not be comprehensive against evolving threats.



“60% of breaches were linked to a vulnerability where a patch was 60% of breaches were linked to a vulnerability where a patch was available, but not applied – Ponemon Institute Survey 2019″



Web Browsing Safety

DO: Utilise tools for safe web browsing, incorporating blacklisting and whitelisting features.


  • Neglect your blacklists and whitelists. Keep them updated to protect against new threats and ensure compatibility.
  • Rely completely on firewalls to secure web browsing. They use real-time data reading and thus often result in quite a big error margin.



An estimated 12.8 million websites are infected with malware worldwide according to Sitelock’s website security report.



Data Backup

DO: Regularly backup your data using diverse storage methods and ensure backups are encrypted and easily recoverable.

📌 Cloud back-up solutions that integrate with your cloud computing platform are always a great option, especially if they are application aware. Nowadays, applications produce an insane amount of data and not everything is worth backing up, so application awareness will perform the back-up of necessary data only, which will decrease the costs involved.

DON’T: rely solely on a single storage location, whether it’s on-premises or in the cloud.



Sophos’ 2021 State of Ransomware Report found that, even after paying, only around 8% of victims recover all their data. The average ransomware victim loses around 35% of their data.



Phishing Awareness


  • Educate employees about phishing risks so that they are cautious of unsolicited emails, messages, or phone calls requesting personal or financial details.
  • Simulate Phishing Attacks to test employees’ awareness and preparedness. This practice helps in identifying areas where additional training might be needed.

DON’T: lack a clear and easy process for employees to report phishing attempts. Without this, many phishing attempts may go unreported.


Device Connectivity

DO: Advise employees to be cautious with public Wi-Fi, which can easily be used to steal data and infect devices with malware.

  • Use your mobile phone as a hotspot.
  • Not possible? Implement SASE (Secure Access Service Edge) to encrypt your data, which is never the case on public Wi-Fi networks.

DON’T: Allow careless connections to USB charging stations. They can easily be tampered with, allowing hackers to exploit vulnerabilities and gain unauthorised access to devices, compromising them.

  • If possible, provide your employees with USB data blockers, power-only USB cables or simply encourage them to opt for traditional charging instead.


Cyber Threat Education

DO: Stay informed about cyber threats and best practices.

DON’T: Try to manage cybersecurity alone. Collaborating with cybersecurity expert partners to defend your company against cyber threats is an invaluable advantage.

Get in touch with our cybersecurity experts who will help you with targeted strategies, continuous support, and guidance against emerging threats, fortifying an organisation’s security posture and resilience.


Social Media Caution

DO: Be mindful when sharing personal information on social media. Cybercriminals and identity thieves exploit personal information for fraudulent activities.

  • Adjust your privacy settings to control who can view your posts and information.
  • Regularly review and remove personal information.

DON’T: Overshare on social platforms, which increases vulnerability to cyber threats.

  • Share info like your full birthdate, address, phone number or holiday plans.



Adhering to these principles significantly enhances your business’ online safety. Recognising risks, educating employees, and prioritising cybersecurity are key. Strong passwords, 2FA, safe browsing, and regular updates are fundamental. Stay informed, aware, and make cybersecurity a priority to protect your digital life.

Curious about further assistance? Discover more about our services here.





This article was brought to you by:

Willem Magerman
CTO/Cybersecurity Specialist
Get in touch


You might also like

Data-Centric Cybersecurity: Protecting your most valuable asset

In today’s digital age, data is arguably the most valuable asset for any organisation. From sensitive customer information to intellectual property, the data your business handles daily is a prime target for cybercriminals.   Based on the IBM Cost of a Data Breach Report 2023, the worldwide average expense of

Read More
Zero Trust beyond the network: Securing endpoints

In the ever-evolving landscape of cybersecurity, the Zero Trust model has become a critical strategy for organisations. While most discussions around Zero Trust focus on securing the network, it’s crucial to extend this philosophy to the endpoints—where threats are often most potent.   According to the Ponemon Institute (2020), 68%

Read More
Cloud migration challenges: What to take into consideration?

Cloud migration has become a dominant trend in the business world. From startups to enterprise-level corporations, organisations are increasingly recognising the benefits of migrating their operations to the cloud. However, while the promise of scalability, flexibility, and cost-efficiency is enticing, the journey to the cloud is full of challenges. In

Read More