Back to Blog
IT Security

Best Practices for IT Security

January 10, 2025
7 min read

Cyber attacks are increasing – both in frequency and sophistication. SMEs are no longer the exception, but often even preferred targets. Here are the most important measures every company should implement.

The Current Threat Landscape

Alarming Numbers

  • Over 30% of Swiss SMEs have already been victims of cyber attacks
  • Average cost of an incident: CHF 80,000 – 150,000
  • 60% of affected companies never fully recover

Most Common Attack Vectors

1. Phishing: Fake emails and websites

2. Ransomware: Data encryption with ransom demands

3. Social Engineering: Manipulation of employees

4. Vulnerabilities: Unpatched software and systems

The 10 Most Important Best Practices

1. Strong Passwords & Password Managers

  • At least 12 characters, combination of letters, numbers, special characters
  • A unique password for each service
  • Use password managers like Bitwarden or 1Password

2. Multi-Factor Authentication (MFA)

  • Enable MFA wherever possible
  • Prefer authenticator apps over SMS
  • Hardware keys for particularly sensitive access

3. Regular Updates

  • Enable automatic updates
  • Establish patch management for all systems
  • Also update firmware of routers and IoT devices

4. Backup Strategy (3-2-1 Rule)

  • 3 copies of your data
  • On 2 different media types
  • 1 copy off-site (offline or cloud)

5. Email Security

  • Use spam filters and anti-phishing solutions
  • Train employees regularly
  • Check suspicious attachments in sandbox

6. Network Segmentation

  • Separate critical systems from the rest
  • Separate guest WiFi
  • Implement zero-trust approach

7. Endpoint Protection

  • Use modern antivirus/EDR solutions
  • Protect all devices – including mobile
  • Central management and monitoring

8. Employee Training

  • Regular security awareness training
  • Simulated phishing attacks
  • Clear policies and processes

9. Minimize Access Rights

  • Principle of least privilege
  • Regular review of permissions
  • Administrator rights only where necessary

10. Incident Response Plan

  • Create emergency plan for security incidents
  • Clearly define responsibilities
  • Practice and update regularly

Quick Wins for Today

These measures can be implemented immediately:

1. Enable MFA for all cloud services

2. Turn on automatic updates

3. Check backup status

4. Change passwords for the most important accesses

Conclusion

IT security is not a product, but a continuous process. With the right measures, you significantly reduce your risk. Perfect security doesn't exist – but you can make it as difficult as possible for attackers.

Free Security Check

Unsure how well your company is protected? We offer a free basic security check for SMEs.