This content is made possible by our sponsors. Learn how to submit your content here.

IT security best practices for today’s businesses

It’s true. Technology is always changing. Sometimes, technology changes in small, incremental ways, and at other times, it makes big shifts in what can seem like the blink of an eye. With technology in a constant state of change, it can be difficult for businesses to know they’re doing what’s necessary to ensure they’re properly secured.

So, what do businesses need to know about information technology and security? Any business – small, medium or enterprise – can benefit from integrating IT security best practices into their technology landscape.


Implement (and enforce) a strong password policy

Keeping passwords up to best practices takes mere moments, but can end up saving businesses a lot of trouble. It’s important to specifically outline password requirements in your IT policy so employees know what expectations their passwords should meet. For starters, business passwords should:

  • Be at least eight characters
  • Combine upper and lowercase letters, numbers and special characters
  • Include a unique password for network access that is not used elsewhere
  • Be changed every 90 days
  • Be kept private

If passwords need to be used for longer periods than 90 days, increase their length and complexity.

Use automatic screen lock

Unattended workstations can leave company and client data vulnerable. Using automatic screen lock ensures that devices left idle are not vulnerable to prying eyes. As a best practice, set all workstation and mobile devices to lock screens after 10 minutes of inactivity. Consider applying the same policy to webpage idle timeouts, too.

Install equipment tracking

Who’s keeping track of all of your company-owned devices? For too many businesses, the answer is no one. Company and client data resides within many pieces of equipment, including servers, workstations, mobile devices, thumb drives, backup/replication systems and cloud locations. Limit device access only to individuals who require access, and use inventory tags to help track company-owned devices.

Send secure

Use tools that allow for the secure sending and receiving of secure files. This includes enforcing tools that automatically scan for sensitive data. All personnel should be educated on using the portal or encrypted email solution for any file containing confidential data. Use automatic encryptions whenever possible, but train users to understand this is not a given.

Minimize administrator privilege use

Allowing workstations to run with local administrator credentials exposes systems to many security threats and can lead to an entire network infection. Do not work regularly on a workstation with Administrator access. General/daily use accounts should be Administrator accounts. Instead, Administrator accounts should be separate and utilized for admin-specific purposes.


When it comes to keeping your company safe and secure, this is really just the tip of the iceberg. In order to keep your business safe from cyber attacks, ensure that you have the strategies in place to stop hackers before they can access your network and your private information.

Dustin Bonn is a IT Sales Manager at Marco. Marco specializes in business IT services, managed services, cloud services and copiers/printers. Its technology experts break down complex solutions into simple terms to position your business for success. You can learn more at

Get the free CBJ email newsletter

Stay up-to-date with the people, companies and issues that impact business in the  Iowa City and Cedar Rapids Corridor.

Corridor Business Journal

Stay up-to-date with our free email newsletter

Follow the issues, companies and people that matter most to business in the Cedar Rapids / Iowa City Corridor.