Skip Navigation

Ten Basic Computer Security Tips

Common cyber security threats include viruses, spyware or malware, hackers and identity thieves. No business—large or small—is immune to these threats. In fact, small businesses are often an attractive target because their systems may be less equipped to protect against these attack, especially as cyber criminals build more automated attacks.

A recent survey by the Small Business Technology Institute found that many organizations lack sufficient security control over even the most basic systems, like email. Of the organizations surveyed, 56% had experienced at least one security incident in the past year. These attacks result in significant losses of time, cause service interruptions and typically cost thousands of dollars. Here are 10 steps for more secure computers and networks.

1. Use Effective Passwords and Change Them Regularly

  • Create a separate user account for each employee and require password protection and strong passwords
    • Strong passwords are at least eight characters with a combination of upper and lowercase letters, numbers and symbols
    • Change passwords at least every three months and don't reuse old passwords
    • Do not post passwords anywhere or share them with anyone

    2. Secure Wireless Networks

    • Upgrade from the default WEP encryption standard to the much stronger WPA2 standard and enable MAC address filtering
      • Don't use default passwords to protect access to your router
      • Hide your network name from drive-by hackers by disabling Service Set Identifier (SSID) broadcasting

      3. Install, Maintain and Apply Antivirus Programs

      • Enable the antivirus software auto update feature
        • Check all portable media for viruses prior to accessing them

        4. Install and Use a Firewall

        • Establish a policy on what your firewall will allow to get through
          • Use both software and hardware firewalls
          • Use content filters to prevent access to sites most likely to contain threats

          5. Don't Open Emails or Attachments from Unknown Sources

          • Be suspicious of unexpected emails containing attachments from unfamiliar sources; these should be phishing attempts or contain ransomware
            • Be suspicious of emails that are not work-related, have unusual subject lines or contain links
            • Establish a strict policy on what can and cannot be downloaded

            6. Do Not Install Unnecessary Programs

            • Periodically review and remove any unused programs

            7. Control Access to Computer Equipment

            • Log off or apply a screen lock before leaving your computer and use password-protected screensavers
            • Install security applications on mobile devices to prevent information theft when on public networks
            • Secure computers with security cables and store sensitive media in a locked cabinet or drawer
            • Secure routers and servers out of reach of customers or visitors, ideally in a locked room
            • Lock empty office and conference rooms where active network connections are located

            8. Create Backups

            • Backup data automatically, if possible, or weekly at a minimum
            • Store backups off-site or in the cloud and test periodically to ensure the files are accessible

            9. Stay Current with Software Updates

            • Regularly update software, including operating system and browsers
            • Use automatic updates and restart computer after patches are installed

            10. Establish Policies and Train Employees

            • Provide security awareness training for all technology users
            • Establish basic security practices and policies and resulting disciplinary actions
            • Establish procedures for protecting customer information and other vital data
            • Require employees to use separate computers for home and business use

            And when needed, get technical expertise and outside help. Before hiring help, consider the company's client lists, references and how long the they've been in business. Also, be sure to determine whether a cloud-based infrastructure or on-site products and services are more cost effective for your organization.

            Contact Us

            Have a question about safety or our loss control services? Email us.

            Email Loss Control

            Policy Assistance for First Responders

            Get discounted pricing on Lexipol's policy management resources for law enforcement.

            Picture of Police Officers