Best Cybersecurity Practices for 2025: Expert Tips

Editor's note: This post was originally published on August 19, 2020, and has been revised for clarity and comprehensiveness.

Everyone’s heard “Be prepared!” from their IT team one way or another.

But what exactly does being prepared look like in 2025?

Here’s a closer look at what the top cybersecurity training companies are saying, with a quick list of all the best practices you can implement for your business.

As a managed security service provider (MSSP) we also invited our cybersecurity experts: Ed Griffin (ITS Partner), Sean Harris (ITS’ SVP of Cybersecurity), and Rob Schenk (ITS’ Chief Security Officer), to weigh in with their advice for cybersecurity implementation.

1. Work with a Zero Trust mindset. 

A Zero Trust mindset means vetting every action you take on your network. There are no “100% safe” interactions out there. In fact, your IT is one of the few places where trust issues are completely helpful. 

“One example of following a Zero Trust mindset,” Harris said, “involves using Zero Trust Network Access protocols. Another would be using Application Allow/Deny lists and Just in Time Privileged Access Management.”

Application Allow/Deny lists are admin approved or denied applications, while Just in Time Privileged Access Management is the minimization of a user’s access into only the time they need the application.

Always work under the assumption that people are out to get you - even if you’re a small business. Small businesses are much more likely to be hacked because they think they’re too small to be targeted.   

2. Watch out for phishing scams. 

Watch out for phishing scams. You’ve probably already heard of phishing, but what you might not know is how it's evolving rapidly to exploit new vulnerabilities. Cybercriminals are now launching smishing attacks through SMS and quishing scams through QR codes, aiming to catch you and your team members off-guard where you least expect it.

The US Internet Crime Complaint Center (IC3) has five times more phishing reports than personal data breach reports, highlighting the pressing need for robust defenses.

Most companies prepare for ransomware, identity theft, and malware, but it’s time for you to invest in more security measures against phishing, smishing, and quishing scams. These scams are often caused by human error, making your employees the most vulnerable part of your security network.

RELATED: 4 Ways Employees Are Cybersecurity Risks (& What to Do About It)

3. Invest in privacy, identity, and device protection.

Cybercriminals are getting smarter, and protecting your personal information is crucial. Here are the top privacy practices to keep your identity safe and your data secure in a world where online threats are constantly evolving:

• Privacy protection - keeping personal information out of the hands of others, whether they’re well-meaning advertisers or possible hackers   
• Identity protection - involves the prevention of identity theft  
• Device protection - the beefing up of the devices’ security through firewalls, anti-virus programs, and endpoint protection 

Your privacy, identity, and devices are goldmines of information - which translates into dollar signs for hackers. Investing in their protection is a smart choice, especially considering the consequences of a data breach.  

4. Follow a cybersecurity framework. 

Organizations whose sole task is to analyze the cybersecurity landscape or protect national interests from cyber criminals create cybersecurity frameworks. These frameworks are great starting points for your cybersecurity programs. 

Some examples of cybersecurity frameworks and guidelines are:

• The National Institute of Standards and Technology (NIST) framework   
• The Department of Homeland Security (DHS) guidelines   
• HIPAA (Health Insurance Portability and & Accountability Act) Guidelines    

“Many businesses also underestimate the scope of IT,” Edward Griffin said. “It’s not just about installing and patching Windows. It’s strategic, too, right? People can’t just be running around fixing software issues or network issues. They also need to be talking to business leaders.”   

By following a cybersecurity framework, you’re automatically following a strategic path laid out for you. 

If you are also in a high-risk industry like healthcare, finance, and national defense, you must follow industry-specific cybersecurity standards. If you don’t, you’ll find yourself facing heavy fines in the future.
 

5. Conduct frequent and updated Employee Security Training. 

Another common piece of advice among cybersecurity companies is to improve your team’s security savviness. Empowering employees to protect their - and your - data makes you immediately less likely to experience a data breach. 

Your staff is your most significant security risk, but if they have clear instructions about data handling and the consequences of data mismanagement, you can rest easy.  

6. Keep your IT equipment up to date. 

The older a piece of equipment is, the larger the chances someone’s figured out how to hack into it. Thus, security program developers are constantly releasing security patches. Without the latest updates, you’re at a higher risk of a security breach.  

Read: “Why Should You Upgrade Your Network This 2022? (5 Crucial Advantages)” 

7. Use multi-factor authentication (MFA). 

If you aren’t using multi-factor authentication (MFA), you’re missing out on one of the best endpoint security tools. It is often free, easy, and secure to use and should be added to all your most important accounts.

Many banks, shopping apps, and email services offer MFA, which makes your accounts significantly less appealing to hackers. However, not all MFA methods are equally secure. The Cybersecurity and Infrastructure Security Agency (CISA) recommends phishing-resistant MFA strategies.

For the strongest protection against phishing, the Cybersecurity and Infrastructure Security Agency (CISA) recommends using FIDO/WebAuthn authentication. This type of MFA, supported by most browsers and devices, relies on physical tokens (like USB keys) or built-in security features in laptops and smartphones to verify your identity. Larger organizations can also consider PKI-based MFA, which often uses smart cards to provide secure access. Although PKI-based MFA is highly secure, it’s typically used in complex settings like government agencies. 

8. Monitor the dark web for compromised credentials or information. 

If you’ve been hacked, criminals will likely broker your information on the dark web (a completely anonymous part of the internet that you can only access via special software). You’ll need an IT expert to dive deep into the leaked data.

If you don’t have an IT expert, websites like haveibeenpwnd (Have I Been Pawned?) are reliable sources to check if your email credentials have been compromised. 

9. Invest in cyber insurance.

Cyber insurance is the safety net for your business, providing access to resources that will help you manage the consequences of a security breach. While you and your tech team are already probably doing everything within your power to keep your business safe, it’s never a bad idea to get cyber insurance. 

10. Use reliable password managers. 

Part of protecting your online presence is through strong passwords. Unfortunately, many people sacrifice password strength to keep the passwords easy to remember. A reliable password manager solves this problem, allowing users to add complexity without losing log-in information.

RELATED: NIST Password Guidelines: 9 Rules to Follow 

11. Implement real-time monitoring. 

For Rob Schenk, real-time monitoring is another cybersecurity must-have for businesses.

Real-time monitoring detects cybersecurity threats as they happen. It allows you to immediately response to potential breaches or malicious activities. 

Afterall, hackers don’t sleep. Cyber attacks can happen at any time, and without continuous monitoring, it takes days or even weeks to detect a breach. On average, it takes 291 days for unsuspecting companies to identify and contain a breach. 

Real-time monitoring will push that number down for you. You’ll empower your security team to take immediate action to contain and mitigate threats before they become full-blown problems.  

12. Have an incident response plan. 

Lastly, you’ll need to prepare an incident response playbook. This playbook serves two main purposes:  

• To provide a structured and pre-planned approach for dealing with cybersecurity incidents and, 
• To delegate tasks clearly and streamline decision-making.  

Having this plan will reduce your overall downtime and empower you to recover quickly from an attack. Plus, it'll help prove to regulatory organizations and stakeholders that you take cybersecurity seriously.  

Need help implementing top cybersecurity practices? 

Following the advice from top cybersecurity companies will lead you to successfully keep your data safe. But, if it were that easy, everyone would be implementing this advice.

You and your IT team probably have unique obstacles to overcome when establishing these cybersecurity practices. As a cybersecurity and managed IT provider, we know how hard it is to pinpoint and deal with these security gaps.

Take the first step to solving your cybersecurity problems by getting a free cybersecurity assessment today. And if you want more resources about cybersecurity, check out the following resources:

• 5 Best Cybersecurity-Focused MSPs for Growing Businesses 
• How Much Does Cybersecurity Cost? (and Factors that Affect the Budget) 

Return to Topics

What Your Business Needs to Know About Wi-Fi Surveys

What if the Internet Wi-Fi goes out for a few weeks in your area? How much will it impact your business? It’s probably going to cause massive disruption across your operations. That’s because fast and reliable Wi-Fi is no longer a luxury for today’s businesses—it’s a necessity.

Whether you run a small office, a retail shop, or a large enterprise, your Wi-Fi network is the backbone of your operations. But how do you ensure your Wi-Fi network is up to the task?

The answer is by conducting a Wi-Fi survey.

Intelligent Technical Solutions (ITS) is a managed service provider (MSP) that has helped hundreds of businesses conduct a Wi-Fi survey. In this article, we’ll cover everything you need to know about them, including what they are, why they matter, and how they can transform your business operations. 

What Is a Wi-Fi Survey? 

A Wi-Fi survey is a detailed evaluation of your wireless network’s performance, coverage, and reliability. It involves assessing the physical environment, analyzing signal strength, and pinpointing areas for improvement. You can think of it as a health check-up for your wireless network performance to assess whether it’s operating at optimal levels.

Wi-Fi surveys come in three main types: 

1. Passive Surveys: These are done to measure your network’s signal strength and interference without actively connecting to it.
2. Active Surveys: These are tests done to assess your network’s performance, including speed, latency, and packet loss, by actively connecting to it.
3. Predictive Surveys: Use software to simulate network performance in environments where a network has not yet been deployed.

Each type serves a specific purpose, from troubleshooting existing networks to designing new ones.

Why Does Your Business Need a Wi-Fi Survey? 

Whether you’re setting up a new network or troubleshooting issues in an existing one, a Wi-Fi survey provides invaluable insights. Here are some of the key benefits:

1. Eliminate Connectivity Gaps

Wi-Fi dead zones can bring productivity to a halt. A survey identifies these gaps and ensures consistent coverage across your floorplan.

2. Solve Interference Issues

From neighboring networks to Internet of Things (IoT) devices, interference can wreak havoc on Wi-Fi throughput. A survey pinpoints these issues, enabling you to resolve them effectively. 

3. Optimize Performance

Are your employees complaining about slow connections or frequent drops? A Wi-Fi survey uncovers the root causes and provides actionable recommendations for improvement.

4. Plan for Future Growth

As your business grows, so does your connectivity needs. A survey helps ensure your network is scalable and ready to support new devices, applications, and users.

5. Improve Security and Compliance

A survey can identify vulnerabilities in your network, helping you meet compliance standards and safeguard sensitive data. 

When Should You Conduct a Wi-Fi Survey? 

Timing is everything when it comes to Wi-Fi surveys. Here are some scenarios when they’re particularly beneficial: 

• Before Deploying a New Network - A Wi-Fi survey will ensure optimal design and placement of access points (APs) when deploying a new network. 
• During Office Relocations - It also helps you assess and map out your new space for Wi-Fi coverage and performance. 
• When Experiencing Performance Issues - A Wi-Fi survey can help troubleshoot slow speeds, dropped connections, or poor coverage. 
• Planning For Network Expansion - It will also prevent issues when adding capacity for new users, devices, or applications. 
• As Part of Routine Maintenance - Doing Wi-Fi surveys as part of your routine maintenance will help keep your network running smoothly over time. 
  
  

What Happens During a Wi-Fi Survey? 

A Wi-Fi survey involves several key steps and components to evaluate your network effectively: 

Step 1: Signal Strength Testing 

Signal strength testing measures how far your Wi-Fi signal reaches and identifies areas with weak or no connectivity (often called "dead zones"). It is a crucial step because poor signal strength can disrupt workflows, slow down applications, and cause frustration for users. This step involves:

• Using Tools: Specialized tools like signal analyzers and mobile apps measure the strength of the Wi-Fi signal in different parts of the premises. 
• Understanding Signal Quality: Signals are measured in decibel milliwatts (dBm). Strong signals are typically between -30 dBm to -50 dBm, while weaker signals drop below -70 dBm. 
• Identifying Barriers: Structural elements like thick walls, furniture, or reflective surfaces can hamper Wi-Fi performance. 
  
  

Step 2: Heatmaps 

Heatmaps visually represent the Wi-Fi signal's strength and coverage across your physical space. When done right, they can give a clear, actionable snapshot of your network’s performance helping you focus on weak spots. During this step:

• Mapping the Space: A floor plan is overlaid with data collected from signal strength testing. 
• Color Coding: Areas are color-coded (e.g., green for strong signals, red for weak signals) to show coverage levels. 
• Highlighting Dead Zones: These visual aids make it easy to spot areas where connectivity needs improvement.
  
  

Step 3: Interference Analysis 

Walls, concrete, metal, aquarium tanks, and other environmental factors can cause interference and reduce the range of your Wi-Fi signal. That can cause your connection to slow or drop at random times. Analyzing what factors can interfere with your signal is critical if you want to maximize the range of your Wi-Fi signal and improve reliability. This step involves:

• Detecting Interference Sources: Tools identify competing signals from neighboring Wi-Fi networks, Bluetooth devices, microwaves, and other electronic equipment. 
• Channel Utilization: Interference often arises when too many devices operate on the same Wi-Fi channel. An analysis ensures optimal channel selection. 
• Physical Interference: Structural features like metal walls, glass partitions, or densely packed objects can also impact signal quality. 
  
  

Step 4: Signal-to-Noise Ratio (SNR) 

SNR measures the quality of your Wi-Fi signal relative to background noise. Achieving a high SNR ensures your network delivers consistent and reliable performance, especially in high-demand scenarios. During this step: 

• Collecting Data: Tools calculate the ratio of the signal’s strength to the level of interference (noise). 
• Interpreting SNR Values: A higher SNR value indicates better signal quality. For most business applications, an SNR above 20 dB is ideal. 
• Fine-Tuning Placement: Adjustments to access point (AP) placement or configurations are made to improve SNR. 
  
  

Step 5: Bandwidth Testing 

Modern businesses rely on data-heavy applications. Ensuring your network can handle the demand is critical for productivity and customer satisfaction. That’s why bandwidth testing is crucial. It evaluates how well your network supports data-heavy applications and ensures sufficient speed and capacity for users. This step includes: 

• Measuring Network Speed: Tests assess upload and download speeds in different areas. 
• Simulating Usage: Real-world conditions are simulated, such as video conferencing, file uploads, or streaming, to measure the network’s performance under load. 
• Identifying Bottlenecks: Areas with slow speeds or high latency are flagged for optimization. 
  
  

Step 6: Assess Device Compatibility 

If your business has been operating for a while, it’s likely that you’re mixing both new and old technology. The problem is that compatibility issues can come up after a while. Ensuring the compatibility of your devices prevents connectivity issues and boosts efficiency. This step checks how well your network supports the various devices and applications your business uses. It involves: 

• Inventory of Devices: Listing all devices that connect to the network, including laptops, tablets, smartphones, IoT devices, and specialized equipment. 
• Compatibility Testing: Evaluating whether the current network setup meets the needs of all devices, especially newer ones with advanced connectivity requirements (e.g., Wi-Fi 6). 
• Prioritization: Ensuring mission-critical devices and applications receive the bandwidth and priority they need for seamless operation. 

Ready to Conduct a Wi-Fi Survey for Your Business? 

A Wi-Fi survey is more than just a diagnostic tool—it’s a strategic investment in your business’s efficiency, scalability, and security. If you understand your network’s strengths and weaknesses, you can create a reliable, high-performing Wi-Fi environment that supports your business goals.

If you need help conducting a Wi-Fi survey for your organization, reach out to us at ITS. We can ensure your network isn’t just meeting expectations—it’s exceeding them. Schedule a free network assessment with us to get started! You can also check the following to learn how to maximize your network performance: 

• Top Tips to Improve Network Performance 
• Smart ways to optimize your growing business network

Return to Topics

Can Having a Data Backup
Save Your Business?

Imagine walking into work one morning only to find your entire system wiped out by a cyber-attack or a hardware failure. Critical files like your client data or financial records are gone in an instant. How long could your business survive without access to that vital information?

Intelligent Technical Solutions (ITS) has helped hundreds of businesses survive critical data loss incidents. From our experience, data loss can strike at any time—whether from cyber-attacks, natural disasters, or unexpected technical failures. Without a reliable backup system, your business is vulnerable to costly downtime, lost revenue, and even legal repercussions. The question is: Can you afford the risk?

In this article, we’ll explore some scenarios in which data backups can serve as your lifeline in worst-case scenarios. This will help you understand how important having a reliable backup is for your business continuity.

9 Scenarios Where Data Backups Can Save Your Business 

Data backups are essential for protecting your business from various threats. Here are some scenarios where having a backup system in place can save your business:

1. Ransomware or Cyber Attacks

Ransomware attacks can encrypt your critical business data, making it inaccessible unless you pay a ransom.  

A reliable backup allows you to restore your data without paying the ransom, minimizing downtime and financial loss.

In 2017, the WannaCry ransomware attack affected thousands of businesses worldwide, encrypting their data and demanding ransom payments. Many companies with no backups were forced to pay or lost access to their data permanently. Companies with secure backups, however, were able to restore their files without paying the ransom. A notable example is the NHS (National Health Service) in the UK, where some departments were forced to cancel medical appointments due to a lack of access to critical systems, but departments with proper backups restored their systems more swiftly.

Without a reliable backup, you might have to pay ransom (with no guarantee of data recovery) or suffer extended downtime, which can cost your business significantly in lost productivity and revenue.

2. Hardware Failure

Hard drives, servers, and storage devices can fail unexpectedly. Without a backup, recovering data can be impossible, leading to significant operational disruption. Regular backups ensure your business can quickly recover from these failures.

Google suffered a hardware failure in 2015 at one of its European data centers due to a lightning strike. While they had sophisticated backup and data redundancy systems, if a small business faced a similar incident without a backup, it could mean permanent data loss. This is common in smaller companies where critical files are stored on a single server or drive without redundancy.

Without backups, business operations can halt completely, requiring expensive data recovery services (which are not always successful) or recreating lost data from scratch.

3. Natural Disasters

Fires, floods, earthquakes, or other natural disasters can destroy your physical infrastructure, including servers and storage devices. Cloud-based backups or offsite storage can help you restore operations even if your office is physically damaged.

In 2022, Living Entertainment, a hi-fi and home entertainment business in Lismore, Australia, faced devastation due to 14-meter floodwaters. The flooding resulted in a loss of approximately $750,000 and uninsured damages, effectively wiping out the business's physical assets and data. In response, the owner pivoted to online sales to sustain operations before relocating and reopening a new showroom in Toowoomba, Queensland.

Businesses without offsite or cloud-based backups can lose both their physical assets and their data, potentially resulting in the closure of the business.

4. Human Error

Employees may accidentally delete important files or make changes that compromise data integrity. A backup system allows you to roll back to a previous version of the data, preventing costly mistakes and data loss.

In January 2017, GitLab, a web-based DevOps lifecycle tool, experienced a major incident where an administrator inadvertently deleted a primary database directory during routine maintenance. This error led to the loss of approximately 300GB of user data, including issues, merge requests, and comments. Despite efforts to restore from backups, some data was irretrievably lost, highlighting the importance of stringent data handling procedures and reliable backup systems.

Human error is inevitable in any business. Without backups, correcting these errors could take days or weeks, costing money and trust with clients.

5. Malicious Insider Activity

An employee with malicious intent might intentionally delete or corrupt files. A secure backup helps you recover quickly and mitigate any damage done to your business operations.

In 2020, a former IT administrator at California-based Carlsbad IT deleted 1,200 Microsoft user accounts out of revenge after being fired. This left the company without access to their system for several days, but businesses with frequent backups would be able to quickly restore deleted accounts and data.

Insiders with access to critical systems can cause significant damage by deleting or altering data. A reliable backup ensures you can undo this damage with minimal disruption.

6. Compliance and Legal Issues

Many industries require data retention for compliance. Losing critical business records could lead to non-compliance, legal penalties, or audit issues. A reliable backup ensures you meet these regulatory requirements.

In 2019, the University of Rochester Medical Center was fined $3 million for HIPAA violations after failing to properly encrypt patient information and losing access to critical healthcare records. A secure backup system would have allowed the recovery of these records, preventing both fines and the loss of trust with patients.

Compliance failures can lead to heavy fines and legal action, but reliable backups can help businesses avoid the risk of data loss and ensure compliance with healthcare regulations.

7. Software or System Upgrades Gone Wrong

Sometimes, system updates or software upgrades can lead to unexpected crashes or data corruption. Having a backup allows you to restore your systems to their previous state and avoid prolonged downtime.

In 2020, a T-Mobile system upgrade caused widespread outages across their network. Companies depending on this kind of software often face risks when upgrading their own systems. Without a backup, corrupted data may lead to operational paralysis. Companies with backups can revert to earlier versions and proceed without extended downtime.

Backup systems allow businesses to revert to pre-updated versions, avoiding disruptions and the risk of permanently losing critical data during upgrades.

8. Theft or Vandalism

If your business experiences theft or vandalism where critical hardware is stolen or destroyed, backups provide the ability to restore your data and resume operations without starting from scratch.

In 2019, Facebook experienced a major breach when hard drives containing unencrypted payroll data were stolen from an employee's car. While Facebook had other backups, a small business without a proper data protection plan might lose irreplaceable information due to theft or vandalism.

Physical theft of devices can result in lost customer data, financial records, and operational files unless backups are stored securely elsewhere (such as cloud backups).

9. Client Data Recovery

If you manage customer or client data, a backup system ensures you can recover their information in case of a breach or failure, maintaining trust and avoiding liability for data loss.

In 2019, The Heritage Company, a telemarketing firm, faced a ransomware attack that encrypted client data, including customer lists and billing information. Without accessible backups, the company struggled to restore operations and, ultimately, had to shut down for several weeks. Had they maintained proper offsite backups, they could have restored client data quickly and resumed business as usual. Instead, the prolonged downtime led to client dissatisfaction, lost revenue, and eventual layoffs.

Losing client data can be catastrophic, leading to lost business, reputational damage, and potential legal consequences. Backups ensure you can recover client data quickly and maintain trust in your services.

Need Help with Data Backup and Recovery? 

No one likes to think about worst-case scenarios, but the reality is that data loss can happen at any time and for various reasons. Whether it’s a cyberattack or simple human error, the consequences of losing critical business data can be devastating. Your business’s survival could hinge on how prepared you are.

Having a reliable backup system isn’t just a safety net—it’s essential for business continuity. At ITS, we’ve seen firsthand how backups can save businesses from the brink of disaster. Don’t wait until it’s too late. Ensure your business is protected so you can recover quickly when the unexpected happens and keep your operations running smoothly.

Is your backup system ready for anything? Contact us today to assess your current setup and make sure you’re fully prepared for any data disaster. Or, you can check out the following resources for more info on data backups:

• FREE EBOOK: Everything You Need to Know About Data Backup 
• What Your Data Backup and Recovery Plan Looks Like with ITS 

Return to Topics