IT security best practices

Security has been high on the IT agenda for some time and it’s an area no business can afford to neglect. While great protection is available from many expert software and service providers, it is a constant struggle to keep up with the skill and ingenuity of the highly organised criminal gangs across the globe who are always looking for new ways to exploit our growing dependency on digital systems.

Making sure your systems and data are secure depends not on one single factor, but on making sure you take all practical and affordable precautions and keep your systems, subscriptions and software bang up to date. And on ensuring that your staff and colleague understand the dangers act accordingly and stay in line with your security policy.

Back to top

Choosing the right broadband service

You might wonder at this being first on the list but choosing the right broadband provider can make a real difference. Some broadband providers are more secure than others – and some will even provide content filtering and traffic monitoring as part of their service. As a first line of defence, it’s very useful to have this in place.

Back to top

Install anti-malware software

This is the most obvious first line of defence that any business or home user should have in place. There are free anti-malware services available, but it’s best not to rely on these alone. They will not, for example, help you very much at all against ransomware or distributed denial of service (DDoS0 attacks, or the more sophisticated phishing scams that are now being perpetrated.

Makes sure you have an up-to-date subscription with a good, reliable, anti-virus and anti-malware service and that it is kept right up to date. One the biggest root cause of problems is software and settings not being updated. Make sure you and your staff know that this must always make this a priority every time they switch on their PC.

Back to top

Setting up a firewall

Firewalls provide a protective barrier at the edge of your network against a variety of threats. There are software-only firewalls and also firewall appliances, which take the workload of checking traffic off your internal servers.

Firewalls will provide additional protection in the form of content filtering and the ability to create whitelists and blacklists. Many come with intrusion detection and prevention, and in some more advanced appliances, ‘sandboxing’ or isolation and analysis of suspicious messages.

Which kind of firewall you use depends on your needs. For individual users or micro businesses, the firewall that is built into most of the good anti-malware offerings may be enough – but make sure you review the settings and don’t set the bar too low. If you are not sure, seek expert advice.

Back to top

Planning for your mobile devices

A lot more people are working on the move and at home these days. This can make it harder to control or oversee their security, so you need to make sure that mobile devices are protected and that connections into the network are secure. Ideally, you should use encryption or deploy software that allows you to lock or wipe laptops, tablets, or smartphones if they are stolen. Remote connections should be made using a virtual private network (VPN) or secure point to point link

Back to top

Educate your employees

Making sure that you have a good security policy in place and that all your staff are aware of and following it is vital. This should set out the basic rules that should be followed by everyone – and if everyone does follow them, you will massively reduce the chances of a hacker stealing data or personal identities and of your business suffering a ransomware attack.

Using proper passwords, keeping software up to date, backing up regularly and never clicking on email attachments or links from unrecognised senders are some of the fundamentals. The latter kind of approach – called phishing attacks – are responsible for a large proportion of problems, Users are often duped into thinking it is a genuine email or that there is a serious issue, payment due – or a chance to win some incredible prize or offer.

Staff also need to be mindful of the potential for identity and log-on details to be stolen via social engineering. This is purely about education and awareness. You can go further with policy but it’s important that it is practical, and that staff understand the risks and do follow the policies. Having regular workshops sessions on digital security to remind them of the dangers is a good idea. Users need to be taught to be extreme sceptics.

Back to top

Enforcing safe password practices

You need proper passwords that are difficult to crack. This is not an easy one to enforce as people want to use password they can remember easily; most won’t want to change them regularly either. Unfortunately, it’s essential to use some cryptic form of password and to change them frequently. There are tools and techniques you can use to help you do this – it is just a question of getting used to using them.

Password protection should be applied in multiple places – for the initial log-on to the network and for critical apps, and also for WiFi network connections, which should be carefully monitored as well.

Back to top

Take regular back-ups

One of the most important things any organisation can do to protect itself is take regular backups. Then at least, if anything does go wrong – if data gets lost or stolen, or you get hit by a ransomware attack – you can retrieve your data at least. It’s very reassuring to have a safe backup and these days there are plenty of safe and secure cloud-based options. If you have a decent broadband connection, these will click in automatically and make sure that files that have been modified are backed up on a frequent basis.

Back to top

Use multifactor identification

If anyone manages to steal log-on IDs and passwords, they can, in theory, by-pass all your security. This is why using two- or multi-factor authentication is a good idea. This means that as well as a password or code, users have to provide an additional piece of information such as specific digits of a keyword or, preferably, a fingerprint verification, or an authentication code generated on a hardware token, or card reader – or by using a code sent to a mobile phone, for example. This slows down the log-on process but make it much more secure. That’s why banks use it when you log on to your accounts.

Back to top


If you want to make sure you are really well protected, you should use as many of the method above as possible. This makes it harder for the hackers to break through. The more layers you have in place, the better your chances of repelling any attacks.

Back to top

Review on a regular basis

You should review your digital protection at least every year and even better, every six months. You can do this yourself but hiring a third party to give you a different perspective on what you have in place and your potential vulnerabilities is also a good idea. Some specialists will even run penetration tests to see if your protection actually works in practice.

Back to top