Our Security Guidelines…

Best Practice Guidelines for Your Business

The Threat Landscape has Changed

Cyber threats are no longer just viruses and spam emails. Modern attacks focus on stealing identities, accessing accounts, and quietly moving through systems unnoticed. Small businesses are now a prime target because they often have valuable data but fewer protections in place.

The Cost of Getting It Wrong

A single security incident can lead to downtime, lost data, financial loss, and reputational damage. For many small businesses, the biggest impact is not the attack itself, but the disruption that follows. Prevention is always faster, cheaper, and far less stressful than recovery.

People are the First Line of Defence

Most security breaches start with a simple mistake — clicking a link, opening a file, or trusting the wrong email. Technology helps, but good habits and awareness from staff are what truly reduce risk day to day.

A Smarter, Layered Approach

Relying on traditional antivirus alone is no longer enough. A modern approach combines secure systems, regular updates, monitoring, and user awareness to reduce risk across the board. It is about building layers of protection that work together, not relying on a single tool.

Below you will find a list of practical guidelines to assist you in educating your staff in ways of beginning to protect themselves and your business from potential issues born of internet threats, scams, hacks and attacks.

Basic best practice theories you can choose to implement in your pharmacy / business with some we will have to look at, but some will be optional. I will be discussing this with clients as time allows.

Click the + to the right to expand and learn more

I can’t stress this enough. If you want tomorrow to go smoothly and your computer perform the way you want it to, exit Toniq, browsers, emails, and all other apps before you leave.
- Clears memory
- frees up resources
- allows the computer to relax overnight
- any overnight crashes won’t affect scripts or files partially entered and left till morning. Data loss can occur in these cases.
Shut it down today and start tomorrow on full throttle.
An old joke but a good plan because it works.
- Reboot your computer at least once a week.
- Exit all programs before rebooting
- Every so often your Internet Router or firewall may need restarting also on direction of IT.
👉 Fixes more problems than it has a right to.
Each additional Chrome or Edge Tab uses a whole new programs worth of resources and can slow pcs down.
- Only use the tabs you need
- Close down the ones you don’t
- exit the browser before you leave for the day
- Use long passphrases (3–4 random words beats “P@ssw0rd!” every time)
- Never reuse passwords across work and personal accounts
- Use a password manager wherever possible
- Enable Multi-Factor Authentication (MFA) on all accounts
👉 If it matters to your business, it should have MFA enabled
- Be cautious of unexpected emails, especially with:
  - Links
  - Attachments
  - Urgent requests (classic scam bait)
- Check the sender address carefully (not just the name)
- When in doubt, don’t click — ask
👉 Most cyber attacks start with one email and one click.
- Only visit websites required for work purposes
- Never download software, plugins, or browser extensions without approval of management or IT.
- Avoid “free” tools — they often come with hidden extras (and not the good kind)
👉 If you didn’t go looking for it, you probably don’t need it.
- Keep devices on and connected regularly for updates
- Do not ignore update prompts
- Never install your own software on work devices
- If you are subscribed to TechguyPlus your device will receive updates after hours but may require a reboot to finish. If you see a reboot request please do it when you can.
👉 Updates fix security holes. Skipping them is like leaving the door unlocked overnight.
- Only download files from trusted sources
- Be cautious with email attachments — even from known contacts
- Store files in approved company locations (SharePoint, OneDrive, etc.) Desktop is only a temporary option.
👉 If a file feels “off”, it probably is.
Do not use work computers for personal browsing, streaming, or downloads
- Do not connect personal USB drives or devices without approval
- Personal devices should be only used on approved guest networks.
- Lock your computer when away if it is in public view. (Windows + L is your friend)
- On some clients the screensaver should kick in after 15 minutes and the desktop password will be needed to unlock.
👉 Work devices are not Netflix machines. Sad, but necessary.
- Only connect to approved work Wi-Fi networks
- Do not use public Wi-Fi on work devices without protection (VPN if provided)
- Personal devices should use guest or staff Wifi networks (if available)
- Only access systems and data you need for your role
- Never share login details with anyone
- Report if you can access something you shouldn’t
👉 “Just this once” is how breaches start.
- Report anything suspicious immediately:
  - Strange emails
  - Unexpected pop-ups
  - Files behaving oddly
  - Login alerts you didn’t expect
  - Mouse behaving erratically
👉 You will never get in trouble for reporting something early.
👉 You might if you don’t.
- Save work in approved systems (not local desktop only)
- Do not rely on a single copy of important files
- Follow company backup policies
👉 If it only exists in one place, it doesn’t exist.
- Slow down when something feels urgent or unusual
- Attackers rely on panic and speed
- A 10-second pause can prevent a 10-day disaster
👉 Cybersecurity is mostly common sense under pressure.
- Security isn’t just IT’s job — it’s everyone’s responsibility
- One mistake can affect the whole business
- Good habits protect your job, your team, and your clients
👉 You are the first line of defence.