r/technology – American companies resemble a bunch of preschoolers running with pointy scissors when it comes to cybersecurity


I work along side many various small companies, most are just occasional once in a while call for stuff. Luckily, no (known) hacks/breaches, outside of the ransomware spike a few years ago.

What I’ve noticed, especially when I bring up the topic, many small companies can’t get the recommended security, either because they don’t have enough to demand it (have to pay for 50+ licenses minimum, when it’s just 3 people), or it’s literally not in their budget, and already barely balancing as it is.

For small businesses, I’ve pushed the recommendation to get MS Office/Teams with email, and buy a domain. This makes a world of difference, both spam filters and reduced emails getting hacked. Yes, there’s a ton of menus and settings. In most cases, outside of add/removing users, you don’t have to change anything once set, and my work is available to assist setting up, adjusting, even managing.

Backup. Backup. Backup. No, not your manual backups to a flash drive you keep in your drawer. Get a cloud service. If not the OneDrive with MS Office, mentioned earlier, anything else is better than nothing. I’ve seen small businesses utilize Dropbox, Google Drive, a couple times with iCloud (I don’t know, I just don’t know…).

Password management. Keep that shit off of paper, never email it, relay it over the phone if you have to. If you have to give someone, even a tech, a password to something, change it first, give the password, let them do their thing, then change it back. If you absolutely don’t want to change your password for this, make sure it’s long (16characters), random, and again saved somewhere safe. There are plenty of online and local password managers. Depending on your preference and needs, OnePass, BitWarden, and LastPass are great.

2FA, Two Factor Authentication. It’s not a hinderance. It’s your friend. It’s not scary, it’s your bouncer at the front door. So long as your synced watch/1-min-pass-resetting-decoder matches his, you’re good to go. If you are accessing a site, yeah, it may ask you each time you log in, once a day, or once a month. Stuff like Outlook, and most(?) apps you sign into, you don’t have to re-enter your 2FA often. I can’t recall the last time my desktop or phone outlook asked for my 2FA. And for dear lord, don’t do 2FA over text/sms, that’s as bad as sending your password over email. Keep it on the app or a call(?). Email is middle ground, I still don’t recommend it, but both email and text are absolute last resorts, especially in cases where you lost and replaced your phone.

Password your damn computers. I’m not joking, I’m down right serious. PINs are ok, but words are much better! I don’t know how many onsite computers I’ve worked on, that had No password on the computer. If someone walked in and stole your computer, granted the password only slows them down, it’s still a level of security. Especially if a coworker goes rouge and tries to use someone else’s computer login, to frame them, or otherwise. Don’t share the password, don’t write it down, and absolutely do not make it easy to guess or relatable to you, your position, location, or company. Just because you need something you remember, doesn’t mean someone who knows you well enough can guess it. One of my semi-secure passwords has to do with a sport and position that I’ve never done, not a fan of, and has a few random symbols, not just numbers, tucked in between. Easy to remember, it’s a phrase, and the worst part if I forget part of it, is which symbol did I swap by mistake.

And finally, if a user doesn’t need to be admin, they shouldn’t have any admin access on the computer. Just because a program needs to run as admin, doesn’t mean the user entirely needs to run as admin. There are easy methods to dedicate a shortcut to run as admin, and nothing more.

Tip for many who buy computers. If it’s business related, do NOT buy Windows Home Anything or MS Office Home & Student, just because it’s cheaper. Not only is that a breach of agreement with MS, you will be dinged by MS if you are randomly chosen for audit. The Home use only editions are very limited, and upgrading them to get the security and features needed, you should have paid for Pro up front.

Tip2: If setting up a new user on the computer, do not opt for their nagged “Signin/Setup a MS Account!”, it causes a lot of network file share issues (mostly scanning to a file directory on the computer). If you bought a Windows Home, DON”T connect it to the network right after you unbox it. Doing so when you turn it on, will force you to use a MS Account (email based login), even if you unplug the network cable and restart. Keep it local, unless you are setting a business local network domain. Not only that, if you forgot your MS Account password, not only are you locked out of the profile on the computer, you’ll have to use another computer (ok, not too bad) to do a password reset, and hardly anyone gone into a new MS Account to setup recovery settings… Just don’t use the MS Account to login to a computer, please.

Personal opinion mostly, but… Get rid of the preinstalled Norton and McAfee, and get a real, yearly paid, AV. Everyone has their opinions, but Norton and McAfee, among many other free AVs, are a bane of my troubleshooting computer career. Eset Nod32, Trend Micro, Panda, (Webroot?) I’ve least buck heads with, and have been solid.


I work along side many various small companies, most are just occasional once in a while call for stuff. Luckily, no (known) hacks/breaches, outside of the ransomware spike a few years ago.

What I’ve noticed, especially when I bring up the topic, many small companies can’t get the recommended security, either because they don’t have enough to demand it (have to pay for 50+ licenses minimum, when it’s just 3 people), or it’s literally not in their budget, and already barely balancing as it is.

For small businesses, I’ve pushed the recommendation to get MS Office/Teams with email, and buy a domain. This makes a world of difference, both spam filters and reduced emails getting hacked. Yes, there’s a ton of menus and settings. In most cases, outside of add/removing users, you don’t have to change anything once set, and my work is available to assist setting up, adjusting, even managing.

Backup. Backup. Backup. No, not your manual backups to a flash drive you keep in your drawer. Get a cloud service. If not the OneDrive with MS Office, mentioned earlier, anything else is better than nothing. I’ve seen small businesses utilize Dropbox, Google Drive, a couple times with iCloud (I don’t know, I just don’t know…).

Password management. Keep that shit off of paper, never email it, relay it over the phone if you have to. If you have to give someone, even a tech, a password to something, change it first, give the password, let them do their thing, then change it back. If you absolutely don’t want to change your password for this, make sure it’s long (16characters), random, and again saved somewhere safe. There are plenty of online and local password managers. Depending on your preference and needs, OnePass, BitWarden, and LastPass are great.

2FA, Two Factor Authentication. It’s not a hinderance. It’s your friend. It’s not scary, it’s your bouncer at the front door. So long as your synced watch/1-min-pass-resetting-decoder matches his, you’re good to go. If you are accessing a site, yeah, it may ask you each time you log in, once a day, or once a month. Stuff like Outlook, and most(?) apps you sign into, you don’t have to re-enter your 2FA often. I can’t recall the last time my desktop or phone outlook asked for my 2FA. And for dear lord, don’t do 2FA over text/sms, that’s as bad as sending your password over email. Keep it on the app or a call(?). Email is middle ground, I still don’t recommend it, but both email and text are absolute last resorts, especially in cases where you lost and replaced your phone.

Password your damn computers. I’m not joking, I’m down right serious. PINs are ok, but words are much better! I don’t know how many onsite computers I’ve worked on, that had No password on the computer. If someone walked in and stole your computer, granted the password only slows them down, it’s still a level of security. Especially if a coworker goes rouge and tries to use someone else’s computer login, to frame them, or otherwise. Don’t share the password, don’t write it down, and absolutely do not make it easy to guess or relatable to you, your position, location, or company. Just because you need something you remember, doesn’t mean someone who knows you well enough can guess it. One of my semi-secure passwords has to do with a sport and position that I’ve never done, not a fan of, and has a few random symbols, not just numbers, tucked in between. Easy to remember, it’s a phrase, and the worst part if I forget part of it, is which symbol did I swap by mistake.

And finally, if a user doesn’t need to be admin, they shouldn’t have any admin access on the computer. Just because a program needs to run as admin, doesn’t mean the user entirely needs to run as admin. There are easy methods to dedicate a shortcut to run as admin, and nothing more.

Tip for many who buy computers. If it’s business related, do NOT buy Windows Home Anything or MS Office Home & Student, just because it’s cheaper. Not only is that a breach of agreement with MS, you will be dinged by MS if you are randomly chosen for audit. The Home use only editions are very limited, and upgrading them to get the security and features needed, you should have paid for Pro up front.

Tip2: If setting up a new user on the computer, do not opt for their nagged “Signin/Setup a MS Account!”, it causes a lot of network file share issues (mostly scanning to a file directory on the computer). If you bought a Windows Home, DON”T connect it to the network right after you unbox it. Doing so when you turn it on, will force you to use a MS Account (email based login), even if you unplug the network cable and restart. Keep it local, unless you are setting a business local network domain. Not only that, if you forgot your MS Account password, not only are you locked out of the profile on the computer, you’ll have to use another computer (ok, not too bad) to do a password reset, and hardly anyone gone into a new MS Account to setup recovery settings… Just don’t use the MS Account to login to a computer, please.

Personal opinion mostly, but… Get rid of the preinstalled Norton and McAfee, and get a real, yearly paid, AV. Everyone has their opinions, but Norton and McAfee, among many other free AVs, are a bane of my troubleshooting computer career. Eset Nod32, Trend Micro, Panda, (Webroot?) I’ve least buck heads with, and have been solid.

Leave a Comment

Your email address will not be published. Required fields are marked *