Here’s What Every Business Should Be Doing
Let’s be blunt: cybercrime’s moved on. It’s not just big banks and hospitals being targeted – small businesses are in the firing line too, because attackers know they’re often the least protected.
At runPCrun, we’ve seen it first-hand: clients hit with invoice fraud, rogue remote access tools, dodgy browser extensions – the list keeps growing. And in nearly every case, the attack could have been prevented with some basic groundwork.
So here’s a plain-English checklist of what every business – yes, even yours – should have in place.
1. Use a Password Manager (Seriously)
Still reusing the same few passwords across sites? That’s a massive risk. If one site gets breached (and it will), attackers try those same details everywhere else.
Use a password manager like 1Password or Bitwarden:
- Generates strong, unique passwords
- Stores them securely
- Makes login easier, not harder
And yes – we can help set this up if needed.
2. Turn on Multi-Factor Authentication (MFA)
A password alone isn’t enough anymore. MFA (like a code sent to your phone) massively reduces the chance of someone breaking into your accounts – especially Microsoft 365 and banking platforms.
If you don’t know what’s currently protected, we can audit that for you.
3. Train Your Team (Not Just Your Tech)
Most breaches happen because someone clicked something they shouldn’t. A well-crafted phishing email can trick even the sharpest staff.
That’s why our Care Plans include regular staff training and phishing simulations. Because prevention beats recovery every time.
4. Patch Everything — Not Just Windows
Updates aren’t just about new features. They often fix security holes that attackers are already exploiting.
It’s not just Windows, either:
- Browsers (Chrome, Edge)
- Plugins (Java, Adobe)
- Office tools, Zoom, you name it
We handle this automatically for clients on our proactive plans.
5. Use DNS Filtering to Block the Rubbish
Sometimes people click bad links. DNS filtering adds a safety net by blocking dodgy sites before they load.
Think of it as spam filtering for the whole internet – and yes, it’s included in both our Silver and Gold Care packages.
6. Use Proper EDR – Not Just an Antivirus.
The free stuff’s better than nothing, but it doesn’t catch the sneaky, fileless attacks we’re seeing now. We use Huntress – which spots suspicious behaviour, not just known viruses.
It’s light, fast, and already protecting dozens of our clients.
7. Review Who Has Access to What
Old staff accounts hanging around? Shared logins? These are open doors waiting to be kicked in.
Every 3-6 months, review:
- Who can log in
- What they can access
- What happens if someone leaves
We can help you with offboarding and access reviews.
8. Backups Still Matter (But Test Them!)
Yes, cloud systems like Microsoft 365 have version history. But that’s not a proper backup strategy.
Ransomware can encrypt your synced files, and accidental deletions can go unnoticed for months. Make sure you:
- Have offsite/cloud backups
- Test them regularly
- Know how quickly you can restore
9. Have Someone Looking After It
Even with the best tools, cybersecurity isn’t a set-and-forget job. You need someone watching the alerts, reviewing the reports, and tweaking the defences as threats evolve.
That’s what our Gold Care plan is built for – fully managed, with priority support and zero surprises on billing.
Final Thought
If you’re still relying on ad-hoc support or “someone in the office who knows computers”, it’s time to rethink. The risks aren’t theoretical anymore – and the costs of a breach are usually far higher than the cost of doing things properly.
Want help figuring out where you stand? Drop us a line – we’ll do a quick risk check, no jargon, no pressure.