Cybersecurity is daunting. Start with the basics.

1. Educate your end users

Security isn’t solely the responsibility of your IT Director. Your entire company must join forces to be proactive in protecting your business. After all, safety vulnerabilities come in all shapes and sizes.

Employees are the most critical component to keeping your company safe: They can be your strongest asset or the greatest threat. In fact, 85% of data breaches result from employee actions. But there’s hope: cyber security awareness training can reduce your risk by as much as 70%. 

Quick tip: Implement regular training and phishing tests (simulated, realistic messages that aim to get your users to reveal sensitive information or click on infectious links) to ensure employees are aware of risks and know what to watch for. 

2. Know your software and ensure it’s updated

Software companies continually improve their products through patches and updates. After the initial product is released, companies like Microsoft continue to test and fix potential security issues and then release updates to the public.

Staying up-to-date with patches and updates keeps hackers from exploiting these known issues. So when you get that pesky pop-up on your computer, tablet, or phone to update to the latest version of an app or software, be sure you don't ignore it. 

Quick tip:  Create a maintenance schedule or engage a Managed Services provider to ensure patches and updates are completed on-time.

Employees working at computers

3. Implement a rigorous password policy

Every year, the list of top most hacked passwords is released and every year “12345678”,  “password”, and “password123” make the list. Even if your password isn’t in the top 10 listed, it might not be as secure as you think, especially if you re-use it on several sites or apps.

Implement a policy that includes requirements for minimum characters (at least 14), symbol, number, and password expiration timeline. 

Quick tip:  Rather than using a “password”, use a “passphrase” such as a music lyric or random sentence that includes capitalization and punctuation. This will also make it easier to remember. 

4. Create your Incident Response plan. Then test it.

If a cyber attack were to occur, your best defense is a having a tried and tested Incident Response plan. This plan should lay out the details of what to do when your system is compromised, what key players must be involved, and how to restore your environment.  

Quick tip:  Keep both a physical and digital copy of your Incident Response plan in secure yet easily accessible off-site and on-site locations.


Cybersecurity threats change constantly. Invest in an expert partner to help you stay protected.

Learn More About ACS Cybersecurity