Imagine getting a 3 a.m. call from your IT lead: a phishing attack has compromised several internal accounts. Stressful, right? Yet many such incidents can be avoided with simple actions within the reach of any SME. This article outlines 7 practical steps you can take today to greatly improve your company’s cybersecurity posture. No technical expertise required—just common sense and initiative.
1. Enable MFA on All Accounts
Multi-Factor Authentication (MFA) is one of the simplest and most effective ways to block unauthorized access. It adds a second layer of security (like a mobile app or SMS code) on top of the password. Start with critical accounts: Microsoft 365, admin logins, accounting tools, etc.
Impact: A Microsoft study found MFA can block up to 99.9% of password-based attacks.
2. Restrict Administrator Access
Too many SMEs grant admin privileges by default or forget to revoke them when roles change. This is a critical error.
- Grant admin rights only when necessary.
- Apply role-based access controls using the principle of least privilege.
- Tip: A monthly access audit often reveals risky oversights.
3. Replace Passwords with Passphrases
A passphrase is a string of random words (e.g., “SoupBananaMotorcycle83!”) that’s easy to remember but hard to crack. They’re more secure than typical passwords, especially when long and unique.
- Ban reused or weak passwords.
- Promote passphrases for key accounts.
Bonus: Passphrases are easier to remember than strings like Xy7$pl9@#.
4. Use a Password Manager
A password manager like Dashlane lets your team generate and store complex passwords securely. It dramatically reduces the risks associated with password reuse.
- Choose a tool tailored for SMEs.
- Provide basic user training.
It’s a smart investment—lost passwords can halt operations for hours.
5. Train Staff to Spot Phishing
Most cyberattacks begin with a simple email. A 30-minute training on how to recognize fraudulent emails can prevent major losses.
- Run phishing simulations.
- Re-train your team every 6 months.
Local example: A Longueuil-based SME avoided a $45,000 scam thanks to a vigilant, trained employee.
6. Complete Your Cyber Insurance Form
Insurers increasingly require proof of basic cybersecurity measures (MFA, backups, access management). Completing this form is a great opportunity to audit your current security posture.
- Take it seriously: some SMEs face premium hikes or even coverage denial.
- Consider expert help if needed.
7. Talk to Your Cybersecurity Specialist (Internal or External)
A 30-minute conversation with your cybersecurity lead can clear up many blind spots. Whether it’s an internal IT manager or a trusted external partner like My Technician, the key is to have a go-to expert.
- Schedule periodic check-ins to review access, backups, and compliance.
- Prepare questions in advance to make the most of the meeting.
A good specialist will simplify the risks and help tailor cost-effective, practical solutions.
Security Doesn’t Have to Be Complicated
None of these steps require radical transformation. Yet together, they can dramatically increase your cybersecurity resilience. Often, it just takes a willingness to act and a few smart decisions to sleep more soundly.
If you recognize your organization in this article, know that My Technician can help. Our team already supports many SMEs across Quebec in strengthening their IT security.
in your taskbar.