Security Guidelines…

Best Practice Guidelines for Your Business

The Threat Landscape has Changed

Cyber threats are no longer just viruses and spam emails. Modern attacks focus on stealing identities, accessing accounts, and quietly moving through systems unnoticed. Small businesses are now a prime target because they often have valuable data but fewer protections in place.

The Cost of Getting It Wrong

A single security incident can lead to downtime, lost data, financial loss, and reputational damage. For many small businesses, the biggest impact is not the attack itself, but the disruption that follows. Prevention is always faster, cheaper, and far less stressful than recovery.

People are the First Line of Defense

Most security breaches start with a simple mistake — clicking a link, opening a file, or trusting the wrong email. Technology helps, but good habits and awareness from staff are what truly reduce risk day to day.

A Smarter, Layered Approach

Relying on traditional antivirus alone is no longer enough. A modern approach combines secure systems, regular updates, monitoring, and user awareness to reduce risk across the board. It is about building layers of protection that work together, not relying on a single tool. Talk to us about TechguyPlus today.

Below is a list of simple guidelines that translates into everyday actions that your team can follow to improve security and performance.

Here you will find a list of practical day to day guidelines to assist you in both educating your staff in some ways to begin protect themselves and your business from internet threats, scams, hacks and attacks, AND some tips to keep your PCs running smoothly in the business.

Click the + to the right to expand and learn more

Safety Guidelines and Best Practice

    • Check links in emails

    • Does the email and sender make sense?

    • Slow down when something feels urgent or unusual

    • Attackers rely on panic and speed

    • A 10-second pause can prevent a 10-day disaster

    👉 Cybersecurity is mostly common sense under pressure.

    • Be cautious of unexpected emails, especially with:

      • Links

      • Attachments

      • Urgent requests (classic scam bait)

    • Check the sender address carefully (not just the name)

    • When in doubt, don’t click — ask

    👉 Most cyber attacks start with one email and one click.

  • I can’t stress this enough. If you want tomorrow to go smoothly and your computer perform the way you want it to, exit Toniq, browsers, emails, and all other apps before you leave.

    • Clears memory

    • frees up resources

    • allows the computer to relax overnight

    • any overnight crashes won’t affect scripts or files partially entered and left till morning. Data loss can occur in these cases.

    👉Shut it down today and start tomorrow on full throttle.

    • Use long passphrases (3–4 random words beats “P@ssw0rd!” every time)

    • Never reuse passwords across work and personal accounts

    • Use a password manager wherever possible

    • Enable Multi-Factor Authentication (MFA) on all accounts

    👉 If it matters to your business, it should have 2FA or MFA enabled

    • Only visit websites required for work purposes

    • Never download software, plugins, or browser extensions without approval of management or IT.

    • Avoid “free” tools — they often come with hidden extras (and not the good kind)

    👉 If you didn’t go looking for it, you probably don’t need it.

    • Keep devices on and connected regularly for updates

    • Do not ignore update prompts

    • Never install your own software on work devices

    • If you are subscribed to TechguyPlus your device will receive updates after hours but may require a reboot to finish. If you see a reboot request please do it when you can.

    👉 Updates fix security holes. Skipping them is like leaving the door unlocked overnight.

    • Only download files from trusted sources

    • Be cautious with email attachments — even from known contacts

    • Store files in approved company locations (SharePoint, OneDrive, etc.) Desktop is only a temporary option.

    👉 If a file feels “off”, it probably is.

  • Do not use work computers for personal browsing, streaming, or downloads

    • Do not connect personal USB drives or devices without approval

    • Personal devices should be only used on approved guest networks.

    • Lock your computer when away if it is in public view. (Windows + L is your friend)

    • On some clients the screensaver should kick in after 15 minutes and the desktop password will be needed to unlock.

    👉 Work devices are not Netflix machines. Sad, but necessary.

  • In most cases our personal emails are most likely to have phishing scams sent through them.

    • Never log into your personal email on work computers

    • Keep your personal emails on your own devices. Check em at break time.

    • Only connect to approved work Wi-Fi networks

    • Do not use public Wi-Fi on work devices without protection (VPN if provided)

    • Personal devices should use guest or staff Wifi networks (if available), not the work wifi.

    👉Surfing and side quests belong on your data plan, not the work wifi.

    • Only access systems and data you need for your role

    • Never share login details with anyone

    • Report if you can access something you shouldn’t

    👉 “Just this once” is how breaches start.

    • Report anything suspicious immediately:

      • Strange emails

      • Unexpected pop-ups

      • Files behaving oddly

      • Login alerts you didn’t expect

      • Mouse behaving erratically

    👉 You will never get in trouble for reporting something early.
    👉 You might if you don’t.

    • Save work in approved systems (not local desktop only)

    • Do not rely on a single copy of important files

    • Follow company backup policies

    👉 If it only exists in one place, it doesn’t exist.

    • Security isn’t just IT’s job — it’s everyone’s responsibility

    • One mistake can affect the whole business

    • Good habits protect your job, your team, and your clients

    👉 You are the first line of defence.

  • From time to time one of your suppliers / vendors support team might ask for remote access to your desktop.
    STOP | CHECK | APPROVE

    • STOP - We work with confidential patient data day in and day out. Its easy to get relaxed about it so if any one (not Toniq or IT support ) ask for remote access to your computer

    • CHECK - with your Pharmacy manager to confirm in both of your minds that its legit.
      If someone just rings in and says can I have access to your PCs that is a red flag for me so you should seek confirmation and if it all checks out then you can

    • APPROVE the access.

    Examples of vendors who ‘may’ request access [ eftpos vendors, robot support staff, IT support, Toniq Helpdesk ] if you’re not sure take a number and say you’ll get back to them.

    👉Your computer isn’t a guest house. No bookings, no entry! Period.

Why is my PC so slow? And other tips and tricks.

  • Each additional Chrome or Edge Tab uses a whole new programs worth of resources and can slow pcs down. Even powerful ones.

    • Only use the tabs you need

    • Close down the ones you don’t

    • exit the browser before you leave for the day

    👉More tabs, less speed. Pick a side.

  • Have you turned it off and then on again?

    An old joke but a good plan because it works.

    • Reboot your computer at least once a week.

    • Exit all programs before rebooting

    • Every so often your Internet Router or firewall may need restarting also on direction of IT.

    👉 Rebooting is NOT weakness. It fixes more problems than it has a right to.

  • I can’t stress this enough. If you want tomorrow to go smoothly and your computer perform the way you want it to, exit Toniq, browsers, emails, and all other apps before you leave.

    • Clears memory

    • frees up resources

    • allows the computer to relax overnight

    • any overnight crashes won’t affect scripts or files partially entered and left till morning. Data loss can occur in these cases.

    👉Shut it down today and start tomorrow on full throttle.

  • When multiple applications are running at the same time, they all compete for your computer’s core resources—processor (CPU), memory (RAM), and disk activity. As these resources become saturated, the system has to constantly juggle tasks, which leads to delays, freezing, and generally sluggish performance. Even powerful machines have limits, and running too many programs at once forces the system to prioritise, often slowing down the very task you’re trying to complete.

    👉If every app is ‘important’, none of them get to be fast.

  • If you haven’t touched an app for a few hours, there’s no point having it take up memory or CPU cycles. Shut it down. Only takes a moment to open it when you need it.

    👉If you’re not using it, your PC shouldn’t be either

Some Thoughts for Management.

  • A fresh computer is a happy computer. Increased performance will be seen on computers that are rebooted regularly. Weekly is a good option in pharmacy and other businesses. Close all apps and programs at the end of each day and reboot on a day you decide is best.

  • Its critical if your email has a 2 Factor Authentication (2FA) or Multi Factor Authentication (MFA) you should consider enabling it and having a phone handy to install an Authenticator app on. Its one BIG hurdle for potential bad actors to jump and could save you time, money and headaches.

  • One of the easiest to implement security enhancements is a desktop password and a screen saver that kicks in after 15 minutes of inactivity. It can protect data on screen from prying eyes and help secure our patient data. Easy to implement and not to much of a pain for the staff.

  • Keeping the computers patched so that known holes in security can’t be exploited is a key thing in a windows environment. If you’ve got Techguy Plus working on your systems then that happens automatically as well as Huntress EDR protecting your PCs. Talk to Paul about this to learn more or head to www.techguy.nz/techguyplus

  • You don’t need hour-long sessions—just consistent reminders.

    Your team is your first line of defence… or your weakest link.

    “Security tools help—people make the difference.”

  • Make it easy for staff to report suspicious activity without hesitation.

    Early reporting = smaller problems.

    “If something feels off, it probably is—say something early.”

  • If losing certain files would seriously impact your business—financial records, client data, job history, emails, or anything you rely on daily—then backups aren’t optional, they’re critical. Hardware fails, people make mistakes, and cyber incidents can lock or wipe data without warning. A proper backup means having secure, automated copies of your data stored separately from your main systems, so if the worst happens, you can recover quickly and keep operating. It’s not about if something goes wrong—it’s about how quickly you can get back on your feet when it does.

    “If losing it would hurt, backing it up isn’t optional.”