Three “Never Do’s” In Cybersecurity

Child saying no. Toddler lifting hand in protest isolated on white background.


We recently penned a piece on three things organizations should always do when creating a stable foundation for a secure network. We understand how overwhelming it can get when trying to keep up with all facets of protecting the precious information housed within an IT infrastructure. We wrote that article to provide some perspective in what must occur at all costs.

With that in mind, let us provide you a similar piece on three things NEVER to do when running a network:

Take Security Lightly
Many organizations view the task as overhead; a cost center if you will. There’s a business case to be made for the strategic importance of planning and implementing company-wide security initiatives with the goal of driving behavior throughout the organization.

Instead, view security as a channel for doing business. That means ensuring that an adequate budget and right toolsets exist to help employees stay productive and drive revenue. The lack of appropriate security controls will only increase the risk of downtime — often when it’s least convenient — and kill profits as well as raise liability exposure.

Believe You Are Too “Small” To Be Hacked
We often hear the argument from small to mid-sized organizations that feel hackers will opt to not go after their networks and focus instead on larger firms. The belief is that these criminal elements won’t view the effort as worthwhile.

Nothing could be further from the truth. Hackers will not discriminate based on your size. Every organization is connected to each other in a wide range of forms, so accessing one organization to get to another is commonplace and, if not addressed, easy.

Moreover, deploying a program that infiltrates millions of networks simultaneously takes very little effort for the savvy criminal elements that operate in today’s cyber landscape. In fact, the chances are good that you’ve already been hacked at some point, but don’t even know it.

Be Unclear On Security Roles
It’s one thing to have a plan but quite another to execute. We’ve seen many instances where an organization’s cyber security policies look good on paper but fail in its implementation.

Ensure staff members know their responsibilities for things such as log reviews, security patch management, and the like. Employ third-party services if necessary to keep up to date on these and other issues. What’s more, regularly review these activities against stated business goals, including uptime, data transfer rates and the like. The devil will always be in the details.

Keep in mind that these “never do’s” will assist organizations in balancing the divergent, yet business critical, objectives of maintaining productivity AND network security high. They will serve as the key elements to promote operational efficiency and ensure business continuance in the event of a disaster. Over time, your IT costs will not only be as small as possible but generate a measurable return on investment as it assists in driving the maximum amount of revenue per employee.

About the Author: Efrem Gonzales is the Founder and CEO of Tec-Refresh, a nationwide provider of IT infrastructure, cyber security, data and networking solutions and support services. He can be reached at