By Jenny E. Czapla 
IT integrity is about keeping systems trustworthy when things go wrong. Hacks move fast. Hardware goes missing. The FBI’s 2023 IC3 report counted 880,418 complaints and over $12.5 billion lost. These six moves guard your data, keep systems running, and let you sleep a little easier.
- Build one security standard everyone follows
Treat security as one system, not a drawer full of tools. Policy, inventory, access, backup, and response should align. That’s why many organizations lean on Managed IT service companies to tie the parts together. A 25-person clinic in Austin can use a single standard for device setup, MFA, backup retention, and response times to avoid gaps between Windows laptops and iPhones. Name one owner for integrity, write a three-page standard, and hold vendors to it.
Takeaway: Make one person or partner accountable for the whole picture, not just the pieces.
- Turn on phishing-resistant MFA everywhere
Credentials get stolen. MFA shuts the door on easy takeovers. Microsoft has reported that MFA blocks 99.9% of automated account takeover attempts, and hardware keys raise the bar further. Pair YubiKey or other FIDO2 keys with Okta or Microsoft 365 for admins, finance, and any remote access. When a payroll email in Cincinnati is spoofed on a Monday morning, one key tap keeps funds where they belong. Start with privileged accounts, then roll it out to everyone.
Takeaway: Enable MFA now, start with high-risk roles, and prefer hardware-based methods.
- Encrypt and manage every device
Laptops wander off like borrowed pens. Full-disk encryption makes a lost laptop a box of scrambled bits. Turn on BitLocker in Windows 11 and FileVault on macOS, and manage them with Microsoft Intune or Jamf. Set devices to auto-lock after 15 minutes, enforce strong PINs, and keep remote wipe ready. When a sales rep leaves a MacBook in a New York taxi, an encrypted drive plus a verified wipe can mean no breach notice under many state laws, including New York’s SHIELD Act. Tag assets and use “Find My” where available.
Takeaway: Encrypt by default, manage centrally, and assume devices will go missing.
- Patch fast and purge the vulnerable
Attackers love known flaws. Follow CISA’s Known Exploited Vulnerabilities list and set a service-level goal to patch critical issues within 7 days, with emergency windows for zero-days. Team automated updates with an EDR such as CrowdStrike or Microsoft Defender for Endpoint to catch whatever slips past patches. In the 2023 MOVEit breaches, teams that applied vendor fixes within 72 hours often sidestepped data theft. Remove unsupported software from the network before it becomes an open door.
Takeaway: Put patching on a clock, and back it with endpoint detection.
- Back up with intent, not hope
Ransomware turns flimsy backups into costly regrets. Follow the 3-2-1 rule: three copies, two kinds of media, one kept offsite and offline or made immutable. Take hourly snapshots of critical systems, push daily offsite copies to AWS S3 or Backblaze, then test restores every quarter. A Chicago accounting firm that could restore its QuickBooks server in 60 minutes lost a morning, not a week. Define recovery point objectives in hours and recovery time objectives in hours, then verify them.
Takeaway: Set RPO and RTO, and drill until those numbers are real.
- Rehearse the bad day
Clarity beats panic. Build a one-page incident plan that names a decision owner, legal and HR contacts, client notification rules, and your insurer’s hotline. Keep templates for ransomware, lost laptop, and email compromise. Run a 60-minute tabletop twice a year. In a Phoenix scenario where a rep reports a missing iPad with client PHI, the plan should trigger an immediate lock via Intune, a counsel review for HIPAA notice, and a short note to affected clients before rumors fill the gap. Print the plan; paper still works when Wi‑Fi is sulking.
Takeaway: Write the plan, keep it handy, and practice until each role is muscle memory.
Security is never finished, and that’s the point. Choose one area, complete it end to end, then move to the next. Consistency turns six tactics into a net that holds when pressure hits.