Many organisations believe they have “basic cybersecurity” covered — yet breaches still happen daily. In reality, it is often the fundamentals that fail. Here are the most common cybersecurity basics businesses and schools still get wrong — and how to fix them properly.

Cybersecurity Basics Most Organisations Still Get Wrong (And How to Fix Them)

Cyber attacks are no longer rare or sophisticated edge cases. They are frequent, automated, and often successful because organisations overlook the fundamentals. From weak passwords to poorly configured cloud platforms, small gaps create large risks.

Across SMEs, growing businesses, and schools in the North West, we consistently see the same issues. The good news? Most of them are entirely preventable.

1. Relying on Passwords Alone

Passwords alone are no longer sufficient. Credential stuffing, phishing, and brute force attacks mean that even complex passwords can be compromised.

What Goes Wrong

• Staff reuse passwords across platforms
• MFA not enabled on Microsoft 365 or cloud systems
• Legacy authentication left active

How to Fix It

• Enable Multi-Factor Authentication for all users
• Disable legacy authentication protocols
• Deploy a password manager organisation-wide
• Implement Conditional Access policies

If your organisation uses Microsoft 365, this should be enforced centrally. Learn more about strengthening your cloud security with our Cyber Security services.

2. Thinking Antivirus Is “Enough”

Traditional antivirus is reactive. Modern threats require behaviour-based detection and central monitoring.

What Goes Wrong

• No central visibility of endpoint alerts
• Outdated AV solutions
• No device compliance enforcement

How to Fix It

• Deploy Endpoint Detection & Response (EDR)
• Enforce device encryption (BitLocker)
• Monitor devices through proactive health monitoring

Our Proactive IT Health Monitoring helps organisations detect issues before they escalate.

3. No Proper Backup Strategy

Many organisations assume cloud platforms automatically provide full backup. They do not.

What Goes Wrong

• No Microsoft 365 backup solution
• No offsite or immutable backups
• Backups never tested

How to Fix It

• Implement dedicated Microsoft 365 backup
• Store copies offsite and offline
• Conduct regular test restores

See how our Secure Backup solutions protect critical data.

4. Ignoring Network Security Fundamentals

A poorly configured firewall or unsecured Wi-Fi network can undermine every other security measure.

What Goes Wrong

• Flat networks without segmentation
• Weak Wi-Fi encryption
• No intrusion prevention enabled

How to Fix It

• Deploy next-generation firewalls
• Segment staff, guest, and server networks
• Enable intrusion prevention systems
• Secure remote access properly

Explore connectivity and infrastructure options such as Leased Lines and FTTP for secure and resilient connections.

5. No Regular Penetration Testing

Without testing, you are guessing. Penetration testing identifies real-world exploit paths.

• Conduct annual penetration testing
• Increase frequency after major infrastructure changes
• Address findings with clear remediation plans

Our Cyber Security Services Manchester team supports proactive testing and risk reduction.

6. Poor User Offboarding

Former employees retaining access is one of the most common overlooked risks.

• Immediate account deactivation
• Remove admin privileges
• Audit permissions quarterly

Cybersecurity Is About Discipline, Not Just Tools

Strong cybersecurity is not built from one product. It is built from layered protection, consistent enforcement, and proactive monitoring.

Whether you are a growing SME or a school meeting DfE standards, the fundamentals must be right first.