Don't Forget to Share this Post

20 Cybersecurity Dos and Don'ts Everyone Should Follow

By Amisha Shah | Thursday, January 9th, 2020
As we step into a New Year, it is important to ensure your firm and employees are aware of, and using security best practices, policies and procedures. Today’s blog article will outline 20 cybersecurity dos and don’ts for investment firms and BioTech companies and their employees. 

Risk mitigation is required to protect both the firm and its employees from savvy hackers and attacks. Data breaches continue to wreak havoc on businesses and the cost is continually rising. According to the Cost of a Data Breach Report published by Ponemon Institute and IBM Security last year, the average cost of a data breach has grown by 12% in the last five years to $3.92 million. The staggering rise in breaches illustrates that hackers have everything to gain whilst your firm bears reputational and operational harm. 

While companywide policies should reflect long-range expectations and corporate best practices, firms are also encouraged to provide tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. To get started here are just a few pieces of advice we offer our clients, globally.


  • Be smart when browsing the internet or clicking links. Does the page appear safe?
  • Lock your computer and mobile phone(s) when you leave your desk and/or office
  • Use care when entering passwords in front of others
  • Create and maintain strong passwords and change them every 60-90 days 
  • Use multi-factor authentication on all devices for an added layer of security
  • Change your password immediately if you suspect that it has been compromised
  • Report suspicious activity to the IT team to help minimise cyber risks
  • Protect personal computers and devices with anti-virus/anti-malware software when working remotely, and keep it current


  • Allow others to use your login ID or password
  • Use the same password for every application
  • Store passwords on a piece of paper or other easily accessible document
  • Open email attachments if the sender is unknown or suspicious
  • Get caught by phishing attempts, which can occur via email, phone, instant message or social media
  • Provide information such as login IDs, passwords, social security numbers, account numbers, etc. via unencrypted email
  • Leave your laptop or mobile device unattended while in a public place. Lost or stolen equipment, including mobile devices connected to corporate network, should be reported immediately
  • Keep open files containing personal or confidential information on your desks or in an unblocked file cabinet when away from your office/desk
  • Install unauthorised programs on your work (or home) computer
  • Plug in personal devices without permission from IT

Need more? You can download our full IT Security Dos & Don’ts eBook here.

Editor's note: This article has been updated and was originally published in October, 2016. 
Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!