- Patch your software and hardware (portswigger article)
- Password management – Keep passwords locked – 2FA MFA,
- Backup and test backups –
- social engineering – Phishing education (CISA – Cybersecurity& Infrastructure Security AgencyTips)
- Test your environment
Why did i give the patching/upgrade the highest importance, because a policy of upgrading can lead your environment to many other good things?
Number 2 is passwords since so many get tripped up here. and it is essential that we resolve how to use passwords(how to create and store). ComputerWeekly.com – how to deal with passwords.
Then at 3 it is really a toss up with social engineering, but one cannot stress the importance of a backup enough. The reality is either social engineering or backup could be third.
A backup is needed for standard IT issues, not just a hedge for possible ransomware. ComputerWeekly article. Which has 5 suggestions for your backup strategy.
Last in this list is the audit of the environment with various tools such as vulnerability managers network mappers and more.
The audit structure of ISACA is a good one as it gives the methods to audit any environment (including large enterprise environments)