Tyroniq
HomeSecurity TipsThreatsCase StudyContact
Get Security Assessment
Security advice

Practical tips that actually block the common stuff.

Short, actionable guidance organised by topic. No jargon, no theatrics — just the habits and controls that stop the majority of real-world attacks.

Passwords & MFA

Credentials are still the front door. Make them hard to pick.

  • Use passwords of at least 14 characters — longer beats complex every time.
  • Never reuse a password. Give every account its own unique secret.
  • Store passwords in a reputable password manager, not a spreadsheet or browser profile.
  • Enable Multi-Factor Authentication (MFA) on email, cloud, admin and financial accounts.
  • Prefer app-based or hardware-key MFA over SMS where possible.
  • Rotate credentials immediately when a service reports a breach or when someone leaves the team.

Device Security

Every laptop and phone is a small copy of your company. Treat it that way.

  • Keep operating systems, browsers and apps on automatic security updates.
  • Enable full-disk encryption (FileVault, BitLocker) on every device that leaves the office.
  • Run a modern endpoint protection (EDR/antivirus) product — and make sure it is actually active.
  • Require a PIN or biometric lock and a short auto-lock timeout on every device.
  • Remove local admin rights from day-to-day user accounts; use a separate account for admin tasks.
  • Wipe or deregister lost devices quickly using MDM or the platform’s find-my tools.

Network Safety

Segment aggressively. What an attacker can’t reach, they can’t break.

  • Separate guest Wi-Fi, staff Wi-Fi, servers and IoT into distinct VLANs.
  • Default-deny between segments; open only the ports and protocols you actually need.
  • Keep firewall rules documented and review them at least quarterly.
  • Disable legacy protocols (SMBv1, TLS 1.0/1.1, Telnet) and old cipher suites.
  • Use a VPN or zero-trust proxy for remote access instead of exposing RDP or SSH directly.
  • Monitor outbound traffic — most breaches are noticed on the way out, not on the way in.

Phishing Awareness

Humans will click. Make it safer when they do.

  • Train staff with realistic, non-shaming phishing simulations several times a year.
  • Publish a single, easy way to report suspicious messages — one click, no judgement.
  • Configure SPF, DKIM and DMARC on all your sending domains to block spoofing.
  • Warn clearly on external emails and on messages that ask for money or credentials.
  • Verify unusual payment or access requests through a second channel (phone, in-person).
  • Assume a phish has worked: plan for the password reset, not just the warning banner.

Backups

Good backups turn ransomware from a crisis into an inconvenience.

  • Follow 3-2-1: at least three copies, on two different media, with one offsite.
  • Keep at least one backup offline or immutable so ransomware cannot encrypt it.
  • Encrypt backups in transit and at rest, and protect them with separate credentials.
  • Test restores regularly — an untested backup is a hope, not a plan.
  • Document recovery time objectives (RTO) and recovery point objectives (RPO) per system.
  • Rotate backup media and monitor backup jobs for silent failures.

Safe Browsing

Most opportunistic attacks hit browsers and email. Harden both.

  • Use a mainstream browser and keep it on automatic updates.
  • Add a reputable content blocker to reduce exposure to malvertising and trackers.
  • Look at the address bar — check the domain, not the padlock, before logging in.
  • Avoid entering credentials on pages opened from email links; navigate manually instead.
  • Be sceptical of browser pop-ups asking to install extensions or “update” software.
  • Separate work and personal browsing with different profiles or devices where possible.