๐ 1. Backup Strategy
โข Daily backups, both on-site and off-site (e.g. cloud + external drives).
โข Use immutable or versioned backups where possible.
โข Regularly test restoration procedures.
Most of the rest that follows is not really likely to be done by an average small business. ๐ก๏ธ 2. Endpoint Protection
โข Install and maintain reputable antivirus/anti-malware software.
โข Enable real-time protection and automatic updates.๐ง 3. Firewall & Network Segmentation
โข Use a hardware firewall or UTM appliance.
โข Segment critical systems (e.g. finance, admin) from general use areas.๐ 4. Access Control
โข Enforce least privilege: users only get access to what they need.
โข Use unique credentials and disable shared accounts.๐ 5. Patch & Update Management
โข Apply security updates to OS, applications, and firmware promptly.
โข Automate where feasible, especially for Windows, macOS, and server software.โ๏ธ 6. Email Security
โข Use spam filters with malware and phishing detection.
โข Warn users about attachments and links from unknown senders.๐ง 7. User Training
โข Educate staff on phishing, social engineering, and suspicious activity.
โข Run simulated phishing campaigns periodically.๐งพ 8. Application Whitelisting
โข Limit systems to run only authorised software.
โข Block unauthorised scripts and macros (especially in MS Office).๐ 9. Monitoring & Logging
โข Enable centralised log collection.
โข Monitor for unusual access patterns, e.g. large file movements or login attempts.๐ 10. Multi-Factor Authentication (MFA)
โข Enforce MFA for:
โข Admin accounts
โข Remote access
โข Email systems (e.g. Microsoft 365, Google Workspace)