Cybersecurity Best Practices: Do’s and Don’ts to Combat Security Threats

November 30, 2023

The quick evolution of technology brings excellent opportunities for growth and innovation. However, in today’s interconnected world, strong cybersecurity measures are vital to protect yourself and your valuable data.

Fear not, as decoding the cybersecurity landscape doesn’t need to be frightening. Our security experts listed the most common security mistakes in an accessible guide of essential do’s and dont’s for any IT and security managers looking to reinforce their defences.

Are you not in IT? Don’t worry, this guide contains many practical tips for everyone!

Password Policies

DO: Implement robust password policies. What does that mean?

Create lengthy, complex passwords blending uppercase and lowercase letters, numbers, pet names and symbols.
A password management tool can help you in managing these complex passwords.
Use different passwords for every application or tool.

DON’T: Neglect centralised management and regular auditing.

Enforce password policies across all systems and conduct frequent audits to ensure compliance.
Discourage predictable information like birthdates, names, or addresses.

“The Verizon 2021 data breach investigations report demonstrates that 81% of all security breaches are a direct result of weak passwords.”

According to Google Harris poll, 68% of employees are using the same passwords for multiple accounts. This exponentially increases the damage that a cybercriminal can do.

Two-Factor Authentication (2FA)

DO: Enable 2FA for an added security layer. Even if a password is compromised, 2FA can block unauthorised access.

DON’T: Underestimate the need for backup plans for 2FA, ensuring account recovery processes are in place in case an employee loses access to its primary two-factor authentication.

Software Updates

DO: Keep software and devices updated. These updates often patch critical security vulnerabilities.

Prioritise installing updates as soon as they become available.
Consider enabling automatic updates for seamless protection.

DON’T: neglect software updates. Outdated software is a prime target for cybercriminals.

Security Software Updates

DO: Install and regularly update antivirus and anti-malware software.

Investing in reliable antivirus and anti-malware software provides a strong line of defence against malicious software, including viruses, ransomware, and spyware.

DON’T: Solely rely on built-in security features, which may not be comprehensive against evolving threats.

“60% of breaches were linked to a vulnerability where a patch was 60% of breaches were linked to a vulnerability where a patch was available, but not applied – Ponemon Institute Survey 2019″

Web Browsing Safety

DO: Utilise tools for safe web browsing, incorporating blacklisting and whitelisting features.

DON’T:

Neglect your blacklists and whitelists. Keep them updated to protect against new threats and ensure compatibility.
Rely completely on firewalls to secure web browsing. They use real-time data reading and thus often result in quite a big error margin.

An estimated 12.8 million websites are infected with malware worldwide according to Sitelock’s website security report.

Data Backup

DO: Regularly backup your data using diverse storage methods and ensure backups are encrypted and easily recoverable.

📌 Cloud back-up solutions that integrate with your cloud computing platform are always a great option, especially if they are application aware. Nowadays, applications produce an insane amount of data and not everything is worth backing up, so application awareness will perform the back-up of necessary data only, which will decrease the costs involved.

DON’T: rely solely on a single storage location, whether it’s on-premises or in the cloud.

Sophos’ 2021 State of Ransomware Report found that, even after paying, only around 8% of victims recover all their data. The average ransomware victim loses around 35% of their data.

Phishing Awareness

DO:

Educate employees about phishing risks so that they are cautious of unsolicited emails, messages, or phone calls requesting personal or financial details.
Simulate Phishing Attacks to test employees’ awareness and preparedness. This practice helps in identifying areas where additional training might be needed.

DON’T: lack a clear and easy process for employees to report phishing attempts. Without this, many phishing attempts may go unreported.

Device Connectivity

DO: Advise employees to be cautious with public Wi-Fi, which can easily be used to steal data and infect devices with malware.

Use your mobile phone as a hotspot.
Not possible? Implement SASE (Secure Access Service Edge) to encrypt your data, which is never the case on public Wi-Fi networks.

DON’T: Allow careless connections to USB charging stations. They can easily be tampered with, allowing hackers to exploit vulnerabilities and gain unauthorised access to devices, compromising them.

If possible, provide your employees with USB data blockers, power-only USB cables or simply encourage them to opt for traditional charging instead.

Cyber Threat Education

DO: Stay informed about cyber threats and best practices.

DON’T: Try to manage cybersecurity alone. Collaborating with cybersecurity expert partners to defend your company against cyber threats is an invaluable advantage.

Get in touch with our cybersecurity experts who will help you with targeted strategies, continuous support, and guidance against emerging threats, fortifying an organisation’s security posture and resilience.

Social Media Caution

DO: Be mindful when sharing personal information on social media. Cybercriminals and identity thieves exploit personal information for fraudulent activities.

Adjust your privacy settings to control who can view your posts and information.
Regularly review and remove personal information.

DON’T: Overshare on social platforms, which increases vulnerability to cyber threats.

Share info like your full birthdate, address, phone number or holiday plans.

Conclusion

Adhering to these principles significantly enhances your business’ online safety. Recognising risks, educating employees, and prioritising cybersecurity are key. Strong passwords, 2FA, safe browsing, and regular updates are fundamental. Stay informed, aware, and make cybersecurity a priority to protect your digital life.

Curious about further assistance? Discover more about our services here.

This article was brought to you by:

Willem Magerman
CTO/Cybersecurity Specialist
Get in touch

5 Signs your business needs better IT support

Efficient and reliable IT support is critical to the success of any business. Yet, many companies struggle with inadequate IT services that can hinder their operations, security, and growth. But how do you know if your business needs better IT support? Here are five indicative signs, along with immediate band-aid

The cost-saving benefits of outsourcing administrative support

Finding ways to improve efficiency and cut costs is a top priority in today’s dynamic business landscape. Outsourcing administrative support could be the game-changing strategy your business needs. By shifting routine tasks to external experts, you can cut costs and free up valuable resources, allowing your team to concentrate on

Transforming challenges into opportunities: Proactive strategies for IT field services

In the fast-paced world of business, IT field services stand as the nameless heroes, ensuring that technology hiccups don’t slow you down. But let’s face it, sometimes the solutions that are meant to make our lives easier end up complicating them instead. That’s why we’re shifting the focus from the

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.