Simple Cyber Security Wins for Cyber Security Awareness Month
As Cyber Security Awareness Month rolls around, it’s the perfect time to take stock of your organization’s digital defenses. You don’t need to be a tech wizard or spend a fortune to make a significant impact. In fact, many of the best practices for improving security are simple and free! Here are six easy tips that can save you money and headaches, all while keeping cyber threats at bay.
1. Clean Up Your User Lists
How often do you review your organization’s user accounts? It might not be the most exciting task, but cleaning up inactive accounts is one of the simplest ways to boost your security.
Start by logging into your admin portal (Google Workspace or Microsoft 365, for example) and reviewing the list of users. Disable or delete accounts for anyone who hasn’t logged in over the past 45 days. Transfer important data, like emails or files, before you take any action.
Inactive accounts are a goldmine for attackers, providing an easy way in without anyone noticing. One organization saved $2,000 a year just by tidying up their user list, so this isn’t just a security win—it’s a financial one too!
Pro Tip: Set a recurring calendar reminder to clean up accounts every quarter. Your finance team will love you for it!
2. Mandate Multi-Factor Authentication (MFA)
If your organization isn’t using multi-factor authentication (MFA), it’s time to fix that. MFA is a simple, no-cost solution that adds an extra layer of security to your login process.
Organizations that don’t require MFA are much more vulnerable to attacks. In one case, the lack of MFA cost one of our customers over $3 million in a fake vendor scam. Don’t let that be you!
Both Google and Microsoft offer straightforward guides for implementing MFA. The key to success? Make sure every user is enrolled, no exceptions.
Pro Tip: Review your MFA policy and settings regularly to ensure they stay current.
3. Properly Dispose of Old Hardware
Have a stack of old laptops or desktops gathering dust in a closet? These forgotten devices could be a major security risk if they still hold sensitive data. Instead of letting them sit, work with a local data destruction service to securely wipe the devices. Alternatively, you can securely erase the data yourself and donate the hardware to a nonprofit that can give it a second life.
Old business hardware is more than just clutter—it’s a potential security breach waiting to happen.
Pro Tip: Keep a log of all decommissioned hardware, ensuring that every device has been securely wiped or destroyed.
4. Install Software Updates Regularly
We all know how annoying those software update reminders can be. But postponing updates gives attackers more time to exploit vulnerabilities in your system. Make a habit of installing updates at least once a week—whether it’s on your laptop, phone, or tablet. By staying up to date, you close off weak points and stay ahead of potential threats.
Pro Tip: If you’ve been putting off updates, set a regular “update day” each week to keep your systems secure.
5. Talk to Your MSP About Security
Do you know exactly what your IT Managed Service Provider (MSP) is responsible for when it comes to your organization’s security? It’s important to understand who handles what so that nothing falls through the cracks.
Schedule a meeting with your MSP to review your security plan. Ask them directly: What security measures are they responsible for? What do you need to take care of? This can help prevent confusion and close any potential gaps in your defenses. If you’re not happy with their answers, it might be time to consider other options or hire a dedicated security team.
Pro Tip: Regular check-ins with your MSP can help ensure that both you and they are on the same page regarding your security needs.
6. Create a Security Awareness Channel & Email Address
When it comes to security, communication is key. Set up a shared channel in your team’s messaging app (like Slack or Microsoft Teams) where staff can report suspicious emails or share security updates. For external partners, create a dedicated security email address, like security@yourorganization.org. This ensures that everyone knows where to go if they spot a potential issue.
The faster you can share and receive security information, the quicker you can respond to threats. Empowering your staff and external partners to report issues is an easy, proactive way to boost your defenses.
Pro Tip: Encourage staff to share any security tips they come across—whether it’s a phishing attempt or a best practice they learned elsewhere.
Cyber security doesn’t have to be overwhelming or expensive. By adopting these simple, free practices, you’ll strengthen your organization’s defenses and keep attackers at bay. What steps will you take to improve your security this month? Let us know in the comments!
