Multi-factor authentication
- Use multi-factor authentication for systems and applications
- Deploy it for all operating systems (Windows, Mac, Linux)
- Business Software
- Company Network
Cybersecurity education and training
- Conduct cybersecurity training regularly
- Send mock phishing emails on a quarterly basis
- Use results of the phishing campaign as a basis for more education
Endpoint security
Endpoint security refers to protecting end user devices such as desktops, laptops, and mobile devices.
- Put in place an Endpoint Detection and Response (EDR) solution for all devices in your organization
- Encrypt the entire disk on all end user devices
Email security
- Deploy these email security packages:
- Domain based message authentication (DMARC)
- Domain keys identified mail (DKIM)
- Sender policy framework (SPF)
- Implement anti-virus, anti-spam, and anti-phishing solutions
- Build and deploy policy-based rules
Vulnerability management
- Use tools and processes to identify vulnerabilities in operating systems and applications
- Address the vulnerabilities promptly
- Patch and update operating systems
Password management
- Install and enforce a password policy based on the national standard
- Strongly discourage using the same password for several accounts
Phish reporting
- Build processes and install tools to manage phishing emails
- Monitor phishing tools to report, analyze, and address phishing attempts
- Educate employees on what to do with phishing emails
Security incident response
- Create and install security response processes
- Use the standards from the National Institute of Standard Technology when building your policies
Secure backups
- Install a secure backup system that does not connect to primary systems
- Ensure that there is at least one set of backups that cannot be accessed from your network
Cloud and network security
- Install access controls for cloud-based and on-premises systems
- Avoid using the out-of-the box configurations and security settings for systems and applications
- Limit access to your network