Sharing Knowledge to
Essential Cybersecurity Best Practices for Your Business

Contact us

Online theft and cyberattacks can be intimidating, especially when there’s a hacker attack every 39 seconds. So when it comes to your business, you want to be sure your information is in the right hands. Protecting your data means protecting your employees, your customers, and your business partners.

To make sure your business is running as smoothly as possible, you’ll want a strong cybersecurity plan to back you up. Here are six cybersecurity best practices you can use to develop that plan.

1. Determine Your Cybersecurity Requirements

With so many cybersecurity laws in place—including elements of HIPAA, FCRA, ECPA, and CMMC—it can be hard to keep track of what standards you need to comply with. But it’s important that you do, since otherwise you may be subject to harsh penalties and sanctions.

The first step in your cybersecurity journey is to determine if your company falls under any specific requirements. For example, if you are a government contractor, healthcare provider, financial institution, or any other business that handles sensitive personal information for your clients, you are subject to specific cybersecurity standards.

The Department of Defense (DoD) also established cybersecurity requirements for all DoD contractors. These laws were put in place to update the assessment of compliance that companies must meet to keep their contracts with the DoD.

2. Install Firewalls

Firewalls are cybersecurity tools that monitor incoming and outgoing traffic within your network. They also filter out unwanted users, websites, and programs that try to enter your network and attack the information there.

If you use the internet to conduct business, you need a firewall. No matter the size or scope of your business, firewalls are necessary to keep customer and company information safe.

A commercial-grade firewall will get the job done, but you need to know how many firewalls your business will need to offer adequate protection. Here are some factors you need to consider when setting up your firewall security:

  • The amount of internet bandwidth your company has or plans on using in the near future
  • The degree of filtering you want the firewall to handle (more filters mean more software)
  • The number of users who will have access to the network at a given location
  • The number of locations joined to the firewall
  • Whether or not you’re using a private or public cloud network
  • The overall cost of the firewall

There are many different cybersecurity providers that seem to offer everything you need in a firewall. However, these providers vary significantly in quality. If you want to get a recommendation for the best firewall that will meet your needs, iMpact Utah offers free assessments to help with that.

3. Don’t Open Unknown Emails

Avoid opening any emails sent to you or anyone in your organization that come from an unidentified source. This may seem like a basic or obvious practice, but email scams can do some serious damage, so it’s important to take this step seriously. Here are some of the dangers you can avoid.


Shorthand for malicious software, malware is any program used in an attempt to steal information or corrupt devices. Depending on the kind of malware, it can do anything from damaging your systems to locking you out of your network. Malware can be disguised as an attached link or file in an email, so be careful not to click anything from these kinds of emails.


An extreme version of malware is ransomware. This is a program that has the ability to lock down a specific computer screen or an entire network. Your computer or system will remain locked until you pay a ransom.


If you handle personal information about your clients and customers, you cannot afford to let spyware into your system. Spyware is a specific kind of malware that allows an outside source to obtain sensitive information from another network by covertly transmitting data. Most commonly, spyware is used to track and sell your internet usage data, download your credit card details, and steal your personal information.

Phishing Scams

Phishing scams are when someone tries to impersonate a legitimate organization through email or other means to steal sensitive information. This is usually done by asking the recipient for information outright, or by providing a scamming link that’s disguised as a genuine website.

Red Flags

Today, email providers do a good job of flagging spam and suspicious emails, but every now and then one will slip through the cracks. To do your cybersecurity due diligence, these are some red flags that can alert you to fraudulent emails:

  • The email address doesn’t match the name of the sender
  • The subject line appears threatening
  • The sender addresses you with a generic greeting, like “Dear sir/madam”
  • The links in the email are very long
  • The body of the email is full of spelling and grammatical errors
  • The content of the body is weird or unbelievable

4. Use Best Practices for Passwords

We know, few people enjoy coming up with passwords on a regular basis, but they are one of the critical defenses that protect your company’s information from cyber-thieves. Here are some best practices for how your company and its employees should handle passwords.

Create Strong Passwords

Use unique passwords that are strong and long. A good password should:

  • Be at least 8-12 characters long
  • Contain at least three different character sets (uppercase, lowercase, numbers, and symbols).

Pro Tip: Three short, random words can also be effective—plus it’s easy to remember.

Use Different Passwords for Different Accounts

They can be a pain to remember, but encourage everyone on your network to use a different password for every account they have. Their work password especially should be completely unique from anything they’ve used in the past. That way, if one password is breached, one account will be compromised instead of several.

Use Password Encryption

If you use systems that save passwords, make sure they use password encryption. This ensures passwords are encrypted before they are stored in the directory, so people who gain access to that directory won’t be able to steal those passwords.

Implement Multi-Factor Authentication

Even if an unauthorized person knows your password, with multi-factor authentication, they won’t be able to access the system without another authentication step. This additional step may be a randomized code sent to another accessible device, a GPS signal that identifies location, a security key, or even a fingerprint scan.

Rely on Password Management Systems

If you or your employees simply have too many accounts to realistically keep track of all your passwords, then you can invest in a password management system. This keeps a record of your passwords so anyone within your network can easily access personal and company accounts. But as we mentioned earlier, strong encryption is absolutely essential for a system like this.

5. Back Up Your Data

Though you may not be able to stop every cyberattack that comes your way, there’s one last line of defense when your data becomes corrupt or lost: data backups. These will maintain any important information that could be lost during system failures or malware breaches.

The general rule of thumb is if losing data will affect your ability to do business, it needs to be backed up. This backup can be made on a cloud data service or, if you have the budget, in a secure, off-site location. Your data should be backed up every 24 hours to ensure nothing of value is ever lost.

6. Create a Cybersecurity Plan and Train Your Employees

When you’ve reviewed all of these cybersecurity best practices, it’s time to create a plan. By doing so, you can better protect your valuable information and avoid non-compliance sanctions.

You may consider starting with a gap analysis. This will reveal your cybersecurity shortcomings so you can take the necessary steps to become completely secure. And if you find any gaps, you’ll need to be quick to fill them—if you can find them, so can the people and software that would exploit them.

Once you’ve developed your updated plan, train all of your employees to follow cybersecurity rules. It’s important that everyone knows the proper protocol since a breach in a single email can compromise the security of your entire network.

Make Your Business Safer

If you hope to give your employees and customers a valuable experience with your business, you need to protect them. With these cybersecurity best practices, you can develop a new and improved way to keep company and customer information secure.

To learn more about how to make your business better, safer, and more efficient, contact iMpact Utah. We offer a free organizational excellence assessment to give your business a road map to better success.

Free Organizational Excellence Assessment

To learn more about how to make your business better, safer, and more efficient, contact iMpact Utah. We offer a free organizational excellence assessment to give your business a road map to better success.

Contact us