Keep operating systems, applications, and firmware updated
Use reputable antivirus and endpoint protection software
Enable and maintain firewalls
Use strong, unique passwords for all accounts
Enable multi-factor authentication
Back up data regularly and store backups offline or in immutable storage
Test backups and restore procedures frequently
Restrict user privileges to the minimum necessary
Disable unnecessary services, ports, and macros
Train users to recognize phishing emails and malicious links
Verify email attachments and downloads before opening
Use email filtering and anti-phishing protections
Segment networks to limit lateral movement
Monitor systems for unusual activity and unauthorized access
Secure remote access with VPNs and MFA
Use application allowlisting where possible
Encrypt sensitive data
Remove or isolate unsupported and legacy systems
Create and maintain an incident response plan
Log and review security events regularly
Apply least-privilege access to shared drives and cloud services
