Last week, a healthcare institution in Alkmaar was hit by a data breach following a phishing email. Unintentionally, about 2,500 email addresses fell into the hands of internet criminals. It is an example of how one click can have enormous consequences for the people you serve, but also for your company itself.

This is not an exception. We see these kinds of incidents more often, and often at organizations that have things "pretty well organized." But with a shaky digital foundation, one phishing email or stolen password can bring your entire organization to a standstill. Customer data exposed, reputational damage, halted processes: it happens faster than you think.

That is why our message is clear: set up the foundation properly before you start stacking with individual measures.

Get Started with Microsoft 365 Business Premium

We recommend a Microsoft 365 Business Premium license by default. Not because we are a Microsoft partner or sell these licenses (we don't), but simply because we don't know of an equivalent European alternative that offers such a comprehensive solution.

With Business Premium you can:

• Manage access tightly: only log in from specific countries, only via modern authentication, and only from devices managed by your organization.
• Manage all your devices centrally, from laptops and MacBooks to smartphones. If a device is lost, you can wipe it remotely.
• Immediately better secure your email and data: phishing links are automatically scanned, vulnerabilities are made visible, and virus scanners are included.

Many alternative email providers can't even enforce multi-factor authentication (MFA). This means that criminals can gain access with just a username and password. The biggest risk here is password reuse: if your login details have ever been compromised in another breach, they can easily be reused to take over your email account. You don't even have to do anything wrong to be vulnerable.

Differentiate Between Management and Daily Use

We often see entrepreneurs working with a single account that is both a user and an administrator. It seems convenient because you have everything under one login, but it makes your organization extremely vulnerable.

Our advice: Remove admin rights from your regular work account

If you work with an account that is also an administrator and you click on a phishing link, you risk a criminal getting deep into your environment through app registrations or API connections. Without you realizing it, they can request permissions that give them access to email, files, customer data, and even backups.
By removing admin rights from your regular account, you significantly reduce that risk.

Use a separate admin account only for important changes.

You don't use the same key for your front door and your safe. Why would you do that with your accounts?

Create a separate admin account that you only use for important changes in your IT environment, such as adding a new employee or changing settings. Use your daily work account exclusively for your normal tasks. Ensure that this admin account has a strong and unique password that you don't use anywhere else.

Because you hardly use the admin account, the chance of it falling victim to phishing or malware is much smaller. And another advantage: this account doesn't need a license, so it costs you nothing extra.

Think Beyond Just Technology

The digital foundation doesn't just stand or fall with good tools but especially with how you use them. There are three things we always recommend because they have the greatest impact on your digital security.

Automatically Update Devices

Every laptop, phone, or server needs regular updates. These updates often contain security patches: fixes for errors that criminals can exploit.

Why is it important?
If you delay or skip updates, you leave known security gaps open. Cybercriminals know exactly what vulnerabilities exist in older software versions and continuously scan the internet for devices that are not up-to-date. One device with such an open door can be enough to gain access to your computer and from there further into the network.

What can you do?
With Business Premium, you can ensure that devices like Windows PCs, MacBooks, and iPhones automatically install their system updates. Note: this mainly applies to updates of the device itself. Applications like Zoom or 7-Zip still need to be kept up to date separately.

Make and Test Backups

Backups are your lifeline if something goes wrong due to a cyberattack, human error, or hardware problem.

Why is it important?
Many entrepreneurs think "we have a backup, so we're safe." But in an incident, that backup often turns out to be incomplete or not restorable. Then you still lose everything, and your business operations come to a halt.

What can you do?
Make a backup of your most important data and regularly test whether you can actually restore it. Note: Microsoft 365 does not make full backups of your data by default. Therefore, it is important to use an additional backup solution that securely stores your entire M365 environment.

Train Employees Structurally

Most cyber incidents start with people, not technology. A wrongly clicked link or accidentally forwarded data: that's how most cyber incidents begin.

Why is it important?
You can arrange your technology as well as you like, but if employees don't know how to recognize risks, your organization remains vulnerable. Long e-learning modules often end up in the drawer without anyone really learning from them.

What can you do?
Provide short regular training sessions with recognizable examples. Realistic phishing tests can help with this, not as a test but to create that moment of awareness: it can go wrong so simply and quickly.

Conclusion: Build a Digital Foundation That Grows with Your Organization

If you combine these components - multi-factor authentication, good update management, device management, reliable backups, employee awareness, and separating admin and user accounts - you lay a solid foundation. You not only reduce the chance of criminals getting in but also ensure that your organization can grow without constantly having to tinker with the basics.

Microsoft 365 Business Premium helps you make this possible. You can manage devices centrally and keep them automatically up-to-date, set access rules that fit your organization, and properly configure email security. You still need to arrange backups separately, but this platform also offers the right options to support that well.

And although we are not a Microsoft partner and do not sell licenses, we simply do not see an equivalent European alternative that offers this so completely and scalable in one package.

Don't wait until an incident forces you to take action. Take the step today to set up your digital foundation properly. We are happy to help you with that: Together with your current IT partner or independently: As long as you get moving.