The Lazy Person’s Guide to Cybersecurity
Dec 4, 2025
5 min read
0
4
0
Is Cybersecurity Really That Complicated?
If you spend five minutes scrolling the news, you might think cybersecurity requires a PhD, a bunker, and possibly a small army.
In reality, most successful cyber attacks are surprisingly unsophisticated.
They don’t rely on Hollywood hackers typing furiously in a dark room.
They rely on you doing nothing.
And that is brilliant news! It means a few tiny habits can stop the vast majority of attacks before they even get started.
This guide is for the busy, overwhelmed, perfectly normal business owner who just wants things to work.
Think of it as cybersecurity for people who have more important things to do, like running a business, making clients happy, or finding where the good biscuits are hidden in the office kitchen.
A Relatable Story: Meet “Almost-Hacked Alex”
A few months ago, one of our clients, let’s call him Alex, nearly clicked on a phishing email.
You know the type.
Fake invoice.
Slight sense of panic.
The classic “Click here or else”.
But the moment Alex clicked, Microsoft prompted him for his MFA code.
The attacker didn’t have it.
End of story.
Alex described the moment as “being saved by the past version of me who could be bothered to set up MFA that day.”
A simple five-second habit stopped what could have become a very stressful incident.
And that is the bigger point.
Most cyber attacks aren’t stopped by complicated tools.
They’re stopped by simple habits.
One of the most overlooked is removing access that should no longer exist.
Many firms still have old user accounts left active for people who no longer work there.
These forgotten logins are sometimes called ghost accounts, and they’re involved in 41% of breaches.
The Big Reveal: Three Tiny Habits That Do Most of the Heavy Lifting
There are hundreds of security tools out there, and most of them are incredibly useful. But if we strip everything back to the basics, three habits alone stop the majority of attacks.
That’s it. Three things. Hardly Mission Impossible.
Let’s break them down and show why they work so well.
Habit 1: Update Your Software (Because Hackers Love Old Versions)
Many businesses still see updates as annoying interruptions.
But outdated software is the number one entry point for attackers.
Only 32 percent of UK businesses apply critical updates within 14 days.
That means two-thirds are effectively leaving their digital doors unlocked.
Out-of-date software is full of known vulnerabilities, and attackers automate the process of scanning the internet for systems running older versions.
They don't target you specifically.
They just look for anyone who hasn’t updated yet.
It’s the digital equivalent of walking down a road checking each front door to see if any are unlocked.
What to do (the lazy-friendly version):
Turn on automatic updates wherever possible.
Schedule a weekly “update and brew” moment.
Make sure your operating system, browsers, and key apps are included.
If you use Microsoft 365 or managed IT support, many updates are handled for you automatically.
Habit 2: Strong Passwords + MFA (Your Security Double Act)
Weak or stolen passwords contribute to 88 percent of breaches in the UK.
That’s nearly nine out of ten attacks gaining entry through the digital equivalent of “Password123”.
A strong password is important.
A unique password is even better.
But MFA is the real superhero here, blocking 99.2 percent of automated attacks.
If passwords are your front door key, MFA is the friendly bouncer checking ID.
What to do:
Use a password manager.
Create unique passwords for each account.
Turn on MFA for:
Email
Microsoft 365
Accounting software
Banking
Cloud storage
Start with the most important systems.
Light humour moment:
If your current password could be guessed by your dog, it’s time for an upgrade.
Habit 3: Remove Old Accounts (Ghost Accounts Are Not Friendly Ghosts)
This is the most overlooked one of all.
Many firms have accounts still active for staff who left years ago.
These forgotten logins are sometimes called ghost accounts, and they’re involved in 41 percent of breaches.
If an attacker gets hold of an old password from a data breach somewhere on the internet, they can try it against a dormant account in your Microsoft 365 or cloud systems.
No one notices, because no one uses the account.
It is the perfect hiding place.
What to do:
Review your user list every quarter.
Remove accounts for anyone who’s left the business.
Disable unused admin accounts.
Check shared accounts and ensure MFA is enabled.
If you use managed IT services, much of this can be automated.
Why These Habits Work: The UK Statistics Behind the Magic
Let’s recap the numbers:
43 % of UK businesses reported a breach in the past year.
88 % of breaches involve weak or stolen passwords.
99.2 % of automated attacks are blocked by MFA.
Only 32 % of companies patch within 14 days.
41 % of attacks involve excessive privileges or ghost accounts.
If you only take one thing away from this blog, take this: cyber criminals don’t need clever tricks.
They just need you to skip the basics.
Step-by-Step: How to Put These Three Tiny Habits Into Action
Let’s make this practical.
1. Updating (5–10 minutes a week):
Enable automatic updates.
Restart your PC weekly.
Update firewalls and routers (or let your IT support team handle it).
2. Passwords + MFA (one-time setup + ongoing benefits):
Pick a password manager such as LastPass, 1Password, or Bitwarden.
Replace your weakest passwords first.
Turn on MFA in Microsoft 365.
Then secure banking, accounting, and cloud systems.
3. Account Management (5 minutes a month):
Check your staff list.
Disable old accounts.
Remove unused licences.
Reduce admin rights where possible.
Microsoft 365 makes this very straightforward, or your IT partner can do it for you.
Common Mistakes to Avoid
1. Thinking updates can wait
Attackers rely on delays.
2. Reusing passwords
If one is breached, all matching accounts are at risk.
3. Skipping MFA because it “slows things down”
It adds moments. A breach adds days of chaos.
4. Leaving ghost accounts active
If an account still works, an attacker will eventually find it.
Why This Matters for Professional Services Firms
Accountants, solicitors, architects, consultants.
All handle sensitive client information.
A breach is more than an inconvenience.
It damages trust, invites regulatory pressure, and creates operational disruption.
These three habits are your simplest way to avoid becoming part of the statistics.
With managed cybersecurity and reliable IT support from Initial IT, many of these protections become automatic, giving you peace of mind and time back in your day.
Quick Takeaways
Cybersecurity doesn’t have to be overwhelming.
Most attacks succeed because of very simple weaknesses.
Three habits prevent the majority of threats.
Updates, strong passwords + MFA, and removing old accounts are your top priorities.
Doing the basics well beats doing complicated things inconsistently.
And if you’re serious about cybersecurity, it’s far easier to let us look after it so you can focus on your day.
If you’d like help putting these habits in place or want clarity on your biggest risks, book a call with us by going to Contact Us | Initial IT or email hello@initialit.co.uk and we’ll take it from there.
Conclusion: Simplifying Cybersecurity for Your Peace of Mind
In today's digital landscape, cybersecurity may seem daunting. But remember, it doesn't have to be. By adopting these three tiny habits, you can significantly enhance your firm's security posture.
Let's break it down one last time:
Update Your Software: Stay current to keep attackers at bay.
Use Strong Passwords and MFA: Create a robust defense against unauthorized access.
Remove Old Accounts: Eliminate vulnerabilities by managing user access.
By focusing on these basics, you can protect your business and your clients. And if you ever feel overwhelmed, just reach out. We're here to help you navigate the complexities of cybersecurity, so you can focus on what truly matters—growing your business and serving your clients.
