Keep operating systems, applications, and firmware fully updated
Use reputable antivirus and anti-malware software
Enable and maintain a firewall
Use strong, unique passwords for every account
Enable multi-factor authentication
Limit user permissions to only what is necessary
Back up important data regularly
Store backups offline or in immutable storage
Test backups and recovery procedures often
Avoid opening suspicious email attachments or links
Verify email senders before responding or downloading files
Disable macros in documents by default
Download software only from trusted sources
Remove or disable unused software and services
Segment networks to limit spread
Restrict remote desktop and remote access services
Use application allowlisting where possible
Train users to recognize phishing and social engineering
Monitor systems for unusual activity
Encrypt sensitive data
Secure Wi-Fi with strong encryption and passwords
Use least-privilege access for administrators
Log and review security events regularly
Prepare and practice an incident response plan
Isolate infected devices immediately if ransomware is suspected