How to Prevent a Cyberattack: Ten Things You Should Never Do.

According to the UK’s National Crime Agency, Cybercrime is consistently rising in the workplace and the “most common cyber threats include;

  • Hacking – including of social media and email passwords
  • Phishing – bogus emails asking for security information and personal details
  • Malicious software – including ransomware through which criminals hijack files and hold them to ransom
  • Distributed denial of service (DDOS) attacks against websites – often accompanied by extortion

What are the top ten best practices employees can get into the habit of doing to prevent a cyberattack?


 One: Never trust by default.

Zero Trust is a security model built on the idea that any user, device or system, inside or outside your organisation, could be a cyber security threat. Network admins should apply strict identity verification for every person and every device trying to access the network. They should set rigorous rules that permit employees access to the minimum data they need to do their jobs.

 Two: Never trust emails that ask for your personal or financial information, or promise you money, a lottery prize, or a gift.

Employees should assume an attack every time and apply their own Zero Trust approach to their inbox, SMS and instant messages. The same applies at home using personal accounts and social media. Trust no one, no matter how irresistible the deal appears to be or how urgently you are being encouraged to respond.

 Three: Never trust an email from your boss or another company director asking you to transfer money.

Impersonation attacks are rife and can be extremely convincing. If you want to prevent a cyberattack on a monumental scale, leave the company funds where they are. It’s always best to check!

 Four: Never plug-in a removable USB memory stick from an unauthorised or unknown source.

These are often given out as corporate gifts or as trade show swag. They could contain malware or spyware. It’s not worth the risk. Steer clear!

 Five: Never install unauthorised programs onto your business computer.

In fact, don’t install any software onto your company devices at all. Software should always be installed by your IT team in line with security protocols.

 Six: Never write down or share your password if you want to prevent a cyberattack of the simplest kind.

Writing down your password means it can be physically stolen. It also makes it impossible to trace how a breach or attack has happened after the event. It leaves no audit trail. Instead, you can use it to generate and store highly secure and unique passwords. There are several market leaders including the popular LastPass.

  Seven: Never use the same password across multiple systems or websites.

If a hacker gains access to one of your accounts, why give them access to more? A password management tool is the most secure option.

Nine: Never use unsecured public WiFi hotspots.

If you’re using your mobile network in public places like cafés shopping malls or airports, it’s fine to check the weather or read the news, but never use public WiFi hotspots to access sensitive information. If they are hacked, your data and information will be intercepted by bad actors.

 Ten: Never neglect cybersecurity training and awareness.

You might think you are cyber-savvy but bad actors are using new and more advanced tactics all the time. Regular cyber security training will help you keep right up to date with the latest threats and how to avoid them. You can also find out more in our article that dives into the detail of how employees can become your company’s first line of defence. For more advice on employee training and how to prevent a cyberattack, get in touch. We’ll be happy to help. You can also find lots of useful resources for training staff on the UK Government’s National Cyber Security website.

Stay safe!






Our certifications